Ransomware Threat Groups Targeting Casinos Through Vendor-Controlled Remote Access Systems
The FBI has issued a warning about ransomware threat groups exploiting vulnerabilities in vendor-controlled remote access systems to target casino servers and initiate attacks. The warning comes in the wake of high-profile ransomware attacks on casino and hotel giants MGM Resorts and Caesars Entertainment in September, as well as an attack against Marina Bay Sands in Singapore last month. These attacks exposed personal information and disrupted casino and hotel operations.
According to Katell Thielemann, a distinguished VP analyst at Gartner, casinos are an opportunistic target due to their financial resources, and the public outcry is less pronounced when they are attacked. Additionally, the casino gaming industry contributes almost $329 billion in economic activity to the U.S. annually, making it a lucrative target for threat actors.
Thielemann highlighted the heavy regulation of the gaming industry, which results in a multitude of technologies to monitor the movement of clients, croupiers, service workers, and funds, each of which can serve as a possible entry point for cyber attacks.
The FBI has observed a trend of ransomware actors compromising third-party gaming vendors, resulting in frequent attacks against small and tribal casinos starting last year. Threat actors have used phishing attacks, social engineering campaigns, and exploited vulnerabilities in third-party vendor remote access tools to encrypt casino servers, compromise and steal sensitive data, and extort victim organizations.
Multiple groups, including the Silent Ransom Group and ALPHV ransomware affiliate Oktapus, have been linked to some of these attacks. The FBI has shared mitigation steps organizations should take, including third-party vendor use policies and security reviews, compliance with identity and access management standards, network monitoring, and vulnerability and configuration management.
However, Thielemann noted that the mitigation steps are generic and do not address concerns with the specific issues related to third-party gaming vendor remote access technologies. The FBI’s warning indicates a broader trend of ransomware activity via third parties and legitimate system tools.
Thielemann stressed the importance of highlighting industry-specific idiosyncrasies and providing more specific guidance for the gaming industry. While the warning serves as a good reminder of cybersecurity best practices, the disconnect between generic industry-agnostic advice and the very industry-specific incidents that triggered it is a missed opportunity.