MGM Resorts International fell prey to the same hacking syndicate that targeted Caesars Entertainment a few weeks prior, reliable sources disclosed. Identified by the cryptic moniker “Scattered Spider,” the group allegedly issued a ransom ultimatum to MGM following the cyberattack, demanding undisclosed compensation for sensitive data, as reported by two individuals privy to the situation. It remains unclear whether the hackers resorted to ransomware tactics to lock the casino giant’s files.
While MGM declined to comment on the cyberattack, they confirmed that a comprehensive investigation into the incident is underway. In a press release issued on Tuesday, the company assured stakeholders of their commitment to fortifying their operational security. Post the revelation, shares of the casino behemoth experienced marginal fluctuations during after-hours trading, witnessing a modest 1.2% dip on Wednesday, settling at $41.47.
Scattered Spider, a consortium of hackers spanning the United States and the United Kingdom, includes members as young as 19, sources revealed. Mandiant Inc., a division of Google Cloud, initially encountered the group in 2022. Charles Carmakal, Mandiant’s Chief Technical Officer, characterized them as “one of the most prevalent and aggressive threat actors impacting organizations in the United States today.”
The FBI echoed similar concerns about the hacker collective in April of the same year, cautioning the public about their malevolent activities. It was disclosed that Scattered Spider leased their ransomware software to various entities, resulting in a global compromise of over 60 organizations. The group is notorious for executing SIM swaps for mobile devices, a tactic commonly referred to as social engineering attacks. Victims are targeted through phishing campaigns, leading to data theft and ransom extortion. However, Scattered Spider has recently shifted their focus towards pilfering sensitive information for hostage-taking purposes.
The MGM cyberattack by Scattered Spider stands as a stark reminder to both businesses and consumers alike about the criticality of cybersecurity. As hacker groups refine their tactics, the stakes grow higher, underscoring the necessity for organizations to elevate their security protocols to safeguard their networks and data.
In light of the escalating prevalence of cyber threats, exemplified by high-profile incidents like the MGM breach, it is imperative for businesses and government entities to treat these breaches with the gravity they deserve. Implementing robust security measures is paramount in stemming the tide of these large-scale data breaches.