Full Report
Officials accused the teenage boy of working with Scattered Spider, which attacked MGM Resorts and Caesars Entertainment in 2023. The post Las Vegas police arrest minor accused of high-profile 2023 casino attacks appeared first on CyberScoop.
Analysis Summary
# Incident Report: Las Vegas Casino Cyberattacks (Attributed to Scattered Spider)
## Executive Summary
In late 2023, major Las Vegas gaming operators, specifically MGM Resorts International and Caesars Entertainment, suffered large-scale cyberattacks attributed to the threat group Scattered Spider, utilizing extortion tactics. While MGM reported significant financial losses, Caesars reportedly paid an extortion demand. The investigation led to the recent arrest of a local teenage minor in Las Vegas suspected of assisting in these operations, following the prior arrest of two UK-based individuals linked to the group.
## Incident Details
- Discovery Date: Between August and October 2023 (when attacks occurred)
- Incident Date: August - October 2023
- Affected Organization: MGM Resorts International, Caesars Entertainment
- Sector: Hospitality/Gaming/Casinos
- Geography: Las Vegas, USA
## Timeline of Events
### Initial Access
- Date/Time: August - October 2023 (Period of attacks)
- Vector: Social engineering and phishing (General methodology of Scattered Spider). Local assistance was suggested for the minor suspect.
- Details: Specific initial vectors used against the casinos were not detailed, but the overarching group relies on sophisticated social engineering.
### Lateral Movement
- Details: Not specified in the source article, but necessary for the widespread disruption reported at MGM Resorts.
### Data Exfiltration/Impact
- Impact: MGM Resorts suffered outages, resulting in $100 million in lost revenue and $10 million in recovery expenses. Caesars Entertainment reportedly paid a $15 million extortion demand.
### Detection & Response
- Detection: Authorities (Las Vegas detectives working with the FBI’s Las Vegas Cyber Task Force) identified the teenage boy as a suspect during their investigation into the casino attacks.
- Response actions taken: Arrests were made internationally (two teenagers in the UK) and locally (the minor in Las Vegas). The companies incurred significant response and recovery costs.
## Attack Methodology
- Initial Access: Social engineering and phishing (hallmark of Scattered Spider).
- Persistence: Not specified.
- Privilege Escalation: Not specified.
- Defense Evasion: Not specified.
- Credential Access: Not specified.
- Discovery: Not specified.
- Lateral Movement: Implied by the widespread service disruption at MGM.
- Collection: Not specified, though extortion suggests sensitive data was targeted.
- Exfiltration: Implied, leading to extortion demands.
- Impact: Extortion and operational disruption (bringing properties to a standstill).
## Impact Assessment
- Financial: MGM suffered $100 million in lost revenue and $10 million in one-time expenses/recovery costs. Caesars reportedly paid a $15 million extortion payment.
- Data Breach: Extortion implies PII or sensitive corporate data was compromised, but specific data types or volume were not detailed.
- Operational: Multiple casino properties owned by MGM Resorts were brought "to a standstill."
- Reputational: High-profile nature of attacks on major Las Vegas landmarks.
## Indicators of Compromise
- Network indicators: None provided (Defanged).
- File indicators: None provided.
- Behavioral indicators: Attack attributed to Scattered Spider, known for using social engineering against critical infrastructure.
## Response Actions
- Containment measures: Not specified.
- Eradication steps: Not specified.
- Recovery actions: MGM incurred $10 million in recovery expenses. Authorities conducted international and domestic arrests related to the attacks.
## Lessons Learned
- The threat group Scattered Spider relies on recruiting young, native English-speaking individuals who possess technical and social engineering skills, sometimes recruiting locally for physical assistance.
- The collaboration between international law enforcement (UK arrests) and local/federal agencies (Las Vegas police and FBI) is crucial for dismantling complex groups like Scattered Spider.
## Recommendations
- Enhance multi-factor authentication and implementation across critical systems, as social engineering/phishing remains the primary initial access vector for this group.
- Review physical security procedures if local operatives are suspected of assisting in cyber intrusions.
- Continuously update incident response plans to minimize operational downtime resulting from widespread extortion attacks.