Third-Party Vendors Are Inadvertently Aiding Cyberattacks Against Casinos

    Cyberattacks Against Casinos
    Article by : Erik Gibbs Nov 9, 2023

    The Federal Bureau of Investigation (FBI) has issued a warning regarding the increasing threat of ransomware attacks targeting casino servers. According to a private industry notification, ransomware threat actors are employing legitimate system management tools to enhance their permissions on the network.

    The FBI emphasizes that third-party vendors and services are a prevalent attack vector, with ransomware gangs consistently relying on third-party gaming vendors to compromise casino systems.

    The latest trends identified by the agency include ransomware actors exploiting vulnerabilities in vendor-controlled remote access to casino servers. Additionally, companies are being victimized through the use of legitimate system management tools to escalate network permission

    Starting in 2022, the FBI has observed a rise in ransomware attacks targeting small and tribal casinos, aiming to encrypt servers and compromise the personally identifiable information of both employees and patrons.

    The alert specifically highlights the activities of the threat actor known as ‘Silent Ransom Group’ (SRG) and ‘Luna Moth,’ which have been carrying out callback-phishing data theft and extortion attacks since June.

    The modus operandi involves tricking the victim into calling a number under the pretext of pending charges on their account.

    If the victim falls for the deception, SRG convinces them to install a system management tool, subsequently using it to install other legitimate utilities with potential malicious purposes. It’s worth noting that Luna Moth/SRG attacks focus on data extortion rather than encrypting files.

    In terms of mitigation, the FBI recommends several strategies to limit the adversary’s use of common system and network discovery techniques.

    These include maintaining encrypted and immutable offline backups for the entire company’s data infrastructure, implementing policies for remote access and allowing only known and trusted applications.

    Strengthening security measures through strong password policies, multifactor authentication and auditing and managing administrative privileges is also advised.

    Commonly recommended practices such as network segmentation, monitoring for abnormal activity, secure Remote Desktop Protocol (RDP) usage and keeping software components up to date are emphasized.

    Additionally, turning off unnecessary ports and protocols, adding email banners for external messages and restricting command-line and scripting activities are other suggested measures for system administrators as well.