In the heart of the Mojave Desert in Nevada, Las Vegas has become the scene of an incredible cyberdrama. Two cyberattacks targeted the MGM Grand and Caesars Palace hotels. The virtual robbers got away with $15 million.
This is the second attack in less than a week. Indeed, the gigantic MGM Grand hotel-casino had already been the target of a cyberattack on September 11. The scenario is almost Hollywood and could recall a bad remaster of the famous film with George Clooney and Brad Pitt. Less class and elegance, since those responsible for these attacks necessarily operated behind the scenes. It didn’t take much for them to succeed and we are very far from the sophistication of certain malware like Cuba.
A quick and simple attack
Given the importance of the two targeted structures, one would expect that the IT security surrounding them would be up to what it must protect. However, if the image of the hacker surrounded by multiple computers in a forest of cables is hard to bite, such means were not necessary in this case.
Reportedly, all it took was a phone call to customer service and then using LinkedIn to identify one of the employees. A few minutes later, the hackers had the access they wanted to enter the hotel system. The ransom demanded by the attackers is enormous: $15 million.
Two Vegas giants on their knees
The hackers did not target just any structure. The MGM Grand is the second largest hotel in the world by number of rooms. These number 6,852! The attackers, to justify their ransom, sowed total confusion: blocking the hotel and elevator reservation system, putting slot machines and vending machines out of service. The worst nightmare for establishment managers.
Known as the Scattered Spider, this group of hackers also stole 6 TB of very confidential data. Data that contained information about casino customers: credit card numbers, address and identity.
The Caesars group is reassuring about the deletion of the data held hostage, but nothing is less certain. In the first attack last week, Scattered Spider demanded a ransom of $30 million, but only $15 was sent. This could partly explain the execution of this second intrusion. In the all-digital world, robbers can now do without firearms and any bloodshed to achieve their ends.
Source : Franceinfo
7