A new report by Microsoft has tied the recent cyber attacks against Caesars Entertainment and MGM Resorts International to a broader hacker collective known as Octo Tempest. The attack was perpetrated by another collective, Scattered Spider, but they have been working with the notorious establishment that has been known for many successful attempts on wealthy individuals’ wealth and assets.
Microsoft Outlines the Octo Tempest Threat to Cybersecurity
The bad actors have used a popular hacking tactic known as social engineering, whereby the hackers obtained enough information to convince relevant parties to be granted access to certain aspects of a company’s operations. For example, a hacker who has the right information and input, can call the information technology department of a company, and request new login credentials.
This is believed to have been leveraged against Caesars Entertainment and MGM, with Caesars reportedly asked to pay $15 million to regain access to its systems. Microsoft has been following Octo Tempest and the way the hackers ensure that they are successful when socially engineering an attack.
“Building on their initial success, Octo Tempest harnessed their experience and acquired data to progressively advance their motives, targeting, and techniques, adopting an increasingly aggressive approach,” Microsoft noted, adding that Octo Tempest has been able to target more robust organizations with a higher level of security successfully.
Microsoft is not surprised that Octo Tempest has targeted casinos, as there are many reasons to pursue these companies, as they collect vast troves of data through their loyalty programs, and also have credit card data for millions of people. MGM did not budge under the pressure and preferred to rebuild its systems rather than cave in to ransomware demand, following instructions from law enforcement.
Octo Tempest Takes Threats into the Real World
Surprisingly, investors did not react too badly to the news of new hacking against major companies in the United States from the sector. Octo Tempest has been amping up its game as well, using not just social engineering bu top646 t also scare tactics, such as threatening people with physical violence if they refuse to give up sensitive corporate information. Some people have given in, Microsoft noted.
Reported messages sent to previous targets and victims include threats to send shooters to a person’s house and “shoot up” their families, but also a promise that if a target acquiesced and did Octo Tempest’s bidding, they would be left alone. The New York Gaming Commission was also recently targeted by a cyberattack.
