A teenager has been arrested on suspicion of orchestrating a "sophisticated" cyber-attack that cost MGM Resorts $100 million, Las Vegas police announced this week. By all reports, the costly heist of Vegas Strip resorts was shockingly simple: Someone allegedly found an MGM Grand employee on LinkedIn and impersonated them, calling the company IT department to ask for a password reset. Once the reset was granted, the hacker reportedly had access to MGM's internal systems "in 10 minutes."
Between August and October 2023, multiple casinos were hit by "an organized cyber threat-actor group" going by the nickname "Scattered Spider," Vegas police said. The hackers disabled hotel key cards and slot machines, prevented bookings and reservations from being accessed and locked employees out of their emails; in a filing with the Securities and Exchange Commission, MGM said it lost $100 million because of the cyber disruption.[1]
MGM Resorts operates a slew of hotels on the Strip, including the MGM Grand, Bellagio, Luxor, Excalibur and the Cosmopolitan. Around the same time, Caesars reported a similar cyber-attack. In an SEC filing, the company said it took "steps to ensure that the stolen data is deleted by the unauthorized actor, although we cannot guarantee this result." According to cybersecurity experts, this likely means Caesars opted to pay the hackers. It is not clear if investigators believe the same hackers that targeted MGM were also responsible for the Caesars attack.
The FBI took over the investigation, eventually identifying a teenage male as a suspect. The teen surrendered to the Clark County Juvenile Detention Center on 17 September. This youth is facing charges of extortion, obtaining and using another person's identifying information to harm or impersonate and unlawful acts regarding computers. The Clark County District Attorney's Office is seeking to charge him as an adult.
The suspect was not identified by law enforcement because he is a minor. Las Vegas police did not disclose if other people were involved in the cyber-attack or if they believe the suspect acted alone.
This article is shared with permission at no charge for educational and informational purposes only.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. We provide indicators of compromise information via a Notification and a Tier I Mitigation service (RedXray) or an analysis service (CTAC). For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@redskyalliance.com
Weekly Cyber Intelligence Briefings:
- Reporting: https://www.redskyalliance.org/
- Website: https://www.redskyalliance.com/
- LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://register.gotowebinar.com/register/5207428251321676122
[1] https://www.govtech.com/security/teen-arrested-on-suspicion-of-100m-vegas-strip-cyber-attack
Comments