Online casinos are a great way for players to derive the whole casino experience from the comfort of their homes, and Americans are learning this at a rapid rate as more and more states legalize online casinos. With that said, the dawn of US online casinos has also presented hacking groups with opportunities to steal money and personal information. Though hacking events in the US online casino industry are far from rampant, they do happen. In fact, MGM was the recent victim of a hacking event and investigation has revealed that the people behind the recent hack are from a well-known hacking group based in the West.

Through a series of phishing attemps, a hacking group was able to infiltrate MGM servers and wreak havoc on the online casino operator. The hack was dealt with and is no longer a problem, but for MGM and online casino players alike, there is a lot more that needs to be found out.

Hacking Attempts Happening with Increased Frequency

The group behind the attack on MGM is known as Scattered Spider, and what this organization does is target employees and help desks in order to garner login credentials. Once the hacking group has credentials that get them into MGM’s private servers, they are able to see personal information of players, including banking information and personal details like social security numbers.

In response to this most recent successful attack, MGM was forced to shut down a number of internal networks so that the hackers who gained access to the networks were not able to inflict the damaged they inteded on inflicting.

While shutting down internal networks until the problem is identified and fixed seems easy and pain-free enough, the reality last weekend for both online and in-person gamblers was a nightmarish one. Slot machines did not work, online payments did not function, and even some room keys at MGM’s many hotels did not work. This meant that there were thousands of gamblers in Las Vegas this past weekend that could not gamble and, on occasion, could not even get back into their hotel rooms. Though the hacking event does not seem, at least initially, to have resulted in anyone’s personal or banking information being taken, it has cost MGM millions of dollars to deal with and rectify.

New Hacking Group Utilizing Tried and True Methods

In the realm of hacking groups, Scattered Spider is a new one. Though they have not even been active for two years, they are already making a name for themselves by way of targeting dozens, maybe even hundreds, of US and Canadian businesses. Unlike most other hacking groups that have ties to Russia, Scattered Spider seems to be a North American or European-based group. Though they are a new entrant, their methods of attack are not.

Scattered Spider works by gaining entry to the back-end of companies and then either locking parts of a network or holding personal information for ransom. Once the company pays the requested ransom, Scattered Spider will either unlock the frozen network and/or return the stolen information. This practice is a simple one, but is also one that can cost a company millions of dollars.

Hackers like this are sophisticated, so before ever launching an attack, Scattered Spider will find people who work for the intended target company, learn as much about them as possible, and use this information to trick the company into thinking the hackers are actually an employee. Unaware that the person they are dealing with is actually a hacking group, companies will help “employees” recover passwords and access to email accounts. In reality, they are simply handing over login credentials to the hacking group. Once in the network via approved credentials, the hackers get to work stealing and locking whatever it is they intend to hold for ransom. If the company does not pay the ransom, Scattered Spider will continue disrupting business.

Online casinos in the US and around the world employ robust methods in order to fight hackers, but as we see time and time again, hackers are successful in thwarting these safeguards. While the hacking event that targeted MGM has since been resolved, it is surely not the last we will hear of. As the United States continues to expand its online and in-person gambling networks, you can expect to hear more about Scattered Spider. Hacking will never go away, but it is situations like this that will help companies in their effort to stay one step ahead of phishing and ransomware attacks such as these.