Earlier this year we covered a story about an online hacking group that wreaked havoc on both MGM and Caesars, costing both companies millions of dollars. Now, months later, other companies as well as cybersecurity groups are saying that not only is Scattered Spider still around, they are continuing to disrupt businesses on a large scale.
This is especially interesting when you consider that, by most estimates, this US-based group is small and loosely organized.Attention is now being turned to the FBI as many of the companies that have been victimized by this group are saying enough is not being done. Sources say that at least 12 of Scattered Spider’s members are known by law enforcement, however there has been little in the way of legal action taken as yet.
Will More Casinos Be Targeted?
Last summer, Scattered Spider attacked both Caesars and MGM at the corporate levels. These attacks saw business operations both online and at resorts interrupted, with things getting so severe that hotel room keys would not allow guests access to their room. It did not take the two casino operators long to rectify the issues, but by the time the dust settled more than $100 million in damages were done. What’s more, Scattered Spider was paid over $15 million in ransom money.
It isn’t just casino operators either, as CrowdStrike, an online data security company, was also targeted by Scattered Spider this year. Fewer details are known about the monetary damages done during that attack, but CrowdStrike president, Michael Sentonas, was not shy when talking with Reuters about the lack of law enforcement action. “I would love for someone to explain it to me,” said Sentonas. He went on to say that “for such a small group, they are absolutely causing havoc.”
In statements released to the public, the FBI said that they are still investigating the hacks that impacted Caesars and MGM, but declined to provide much of any further detail. In fact, the FBI has not even named Scattered Spider or any other group as being the perpetrators of the MGM and Caesars hacks.
Despite the FBI’s insistence that an investigation is and has been going on, there have been more than 200 hacking attacks attributed to Scattered Spider since 2021, according to cybersecurity firm ZeroFox. ZeroFox was the company that helped Caesars contain the hacking event and its negative consequences. Speaking to the lack of action taken by the FBI and other law enforcement agencies, ZeroFox’s CEO James Foster explained that the issue is manpower, or the lack thereof. In Foster’s words, “Law enforcement, certainly at the Federal Level has all the tools and resources they need to be successful in going after cyber criminals. They just don’t have enough people.”
This sobering reality is one that should be heeded by companies across all industries, but especially casino operators. With an increasing number of casinos taking their operations online in states where that is legal, the threat of hacking continues to grow. Scattered Spider is just one of many hacking groups from all over the world, all of which have the same goal of disrupting business operations and ultimately stealing money.