Cybercrime , Fraud Management & Cybercrime

CISA, FBI Issue New Warning Following Las Vegas Cyberattack

Agencies Release Joint Advisory Urging Organizations to Implement New Mitigations
CISA, FBI Issue New Warning Following Las Vegas Cyberattack
The FBI describes Scattered Spider as an expert social engineering hacking group. (Image: Shutterstock)

The FBI and U.S. Cybersecurity and Infrastructure Security Agency are urging critical infrastructure organizations to implement mitigation techniques to thwart a cybercriminal group known as Scattered Spider that targets major companies and their IT help desks.

See Also: Webinar | Don't Get Hacked in the Cloud: The Essential Guide to CISOcial Distancing

A joint advisory describes the hacking group, also known as Octo Tempest and UNC3944, as having expertise in social engineering that uses phishing, push bombing and other techniques to gain unauthorized access into the networks of commercial facilities that provide retail, entertainment and lodging services to the public (see: Meet Octo Tempest, 'Most Dangerous Financial' Hackers).

Scattered Spider hackers are unique among cybercriminal organizations as the group appears to consist of native English speakers and lacks a clear public internet presence, unlike many of its Russian and former Soviet counterparts.

During a Thursday phone call with reporters, senior CISA and FBI officials linked the hacking group to a major cyberattack in September that targeted MGM Resorts International and incapacitated operations across several popular Las Vegas casinos and hotels.

The advisory says Scattered Spider hackers have posed as company IT and help desk staff and used phone calls or text messages to obtain employee credentials and gain unauthorized access to their networks. The group monetizes access to victim networks through extortion, ransomware and other data theft operations.

The FBI and CISA recommend that organizations implement enhanced application controls and conduct audits of their remote access tools, in addition to reviewing logs for execution of remote access software to detect anomalies. The recommendations also include requiring authorized remote access solutions to only be used within networks over approved solutions, such as virtual private networks, as well as using security software to detect additional anomalies and potential misuse.

A senior FBI official confirmed that there have been additional Scattered Spider victims across the commercial facilities and subsectors space - one of 16 designated critical infrastructure sectors in the U.S. - since the Las Vegas cyberattack. They declined to provide additional information about those victims, citing ongoing investigations.

About the Author

Chris Riotta

Chris Riotta

Managing Editor, GovInfoSecurity

Riotta is a journalist based in Washington, D.C. He earned his master's degree from the Columbia University Graduate School of Journalism, where he served as 2021 class president. His reporting has appeared in NBC News, Nextgov/FCW, Newsweek Magazine, The Independent and more.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.