FBI Investigating Cyber Attack of Arizona Casino That Knocked Systems Offline

Article by : Erik Gibbs Mar 1, 2024

• 
• 

The Casino del Sol in Tucson, Arizona, reported on Tuesday that it has partially resumed normal operations following a cyber attack on February 21 that led to a widespread system outage.

The Pascua Yaqui Tribe, the casino’s owner, revealed that the FBI and the Pascua Yaqui Police Department are collaborating to investigate the attack, which impacted ATMs, credit card systems, Wi-Fi, TV, phones and electronic door key systems.

All slot machines, the poker room, gaming tables and sportsbooks are fully operational, including the slots ticketing system. However, bingo remains closed until further notice, and the phone system is still down. All dining outlets and bars are limited to cash transactions, and the “Club Sol” casino rewards program is offline.

While the casino cage is processing slot tickets and gaming cheques for cash, other cash services at the cage are unavailable. Casino del Sol acknowledged the incident and apologized for any disruption or concern caused to its guests. It emphasized that trust and security remain their top priorities.

The presence of a ransom demand remains uncertain in the aftermath of the hack, but the incident exhibits characteristics commonly associated with ransomware attacks. Chainanalysis, a crypto analytics firm, recently disclosed a significant surge in ransom payments to cyber criminals, nearly doubling to a record-breaking $1.1 billion last year.

This trend suggests that hacking groups are intensifying their focus on “big game” targets, encompassing large corporations, including casinos, to secure more substantial payoffs. In September 2023, a cybercriminal collective identified as “Scattered Spider” orchestrated ransomware attacks against MGM and Caesars.

It is presumed that the group employed social engineering tactics, specifically “spoofing,” wherein they impersonated a high-ranking MGM employee during a phone call to the company’s helpdesk.

Through this deceptive approach, they manipulated support staff into resetting passwords and multifactor authentication (MFA) codes, gaining unauthorized access to the system.

MGM opted not to pay the ransom, leading to days of operational disruption and an estimated $100 million in damages. Conversely, Caesars chose to pay Scattered Spider approximately $15 million to restore normal services, as The Wall Street Journal reported.

It’s worth noting that the cybersecurity community coined the designation “Scattered Spider” and not the perpetrators themselves.

The cybercriminal group responsible for the attacks on MGM and Caesars identifies as “Star Fraud” and is part of a loosely affiliated hacker community known as “the Com.”