Okta Confirms Connection to Cyber Attacks on Las Vegas Casinos
Date: 2023-09-19 Author: Dima Zakharov Categories: CASINO, EVENTS
In a recent development, Okta's Chief Information Security Officer (CISO), David Bradbury, has confirmed the suspicions surrounding the cyber attacks on two prominent Las Vegas casino operators, MGM Resorts and Caesars Entertainment. Bradbury disclosed that the attackers exploited Okta's services as an entry point, shedding light on the origins of the simultaneous cyber attacks.
In an interview with Reuters, Bradbury revealed that both MGM Resorts and Caesars Entertainment were among five clients of Okta that fell prey to the threat actor known as UNC3944, also recognized as Scattered Spider, Scatter Swine, or 0ktapus, operating as an affiliate of the ALPHV/BlackCat ransomware operation in recent weeks. Okta is actively cooperating with law enforcement agencies in ongoing investigations.
UNC3944 has been closely monitoring Okta for over a year. In 2022, this cybercriminal operation exploited Okta's reputation in a series of attacks on the technology sector. Bradbury noted an increase in social engineering attacks against Okta customers over the past year, often deceiving IT helpdesks into granting unauthorized access.
While Bradbury did not disclose the identities of other victims, London-based security consultancy DynaRisk indicated that UNC3944 might possess stolen Okta credentials linked to over 500 other companies, including Adobe, Diageo, and Epic Games.
This revelation from Okta addresses speculation that arose following a statement from the ALPHV/BlackCat ransomware operation on September 14. The gang claimed that MGM Resorts had detected their intrusion into Okta servers and attempted to access sensitive passwords. This incident resulted in MGM Resorts losing access to its Okta tenant while the attackers retained super administrator privileges.
However, Ariel Parnes, COO of Mitiga, cautioned against taking the gang's claims at face value, suggesting that they might be part of a psychological campaign to exert pressure on MGM. Regardless of the accuracy of the claims, the incident highlights the complexities of hybrid environments involving on-premises data centers, cloud, and SaaS.
Christopher Budd, director of the Sophos X-Ops team, emphasized the importance of focusing on the "how" of the attack rather than the "who." He noted that threat actors were expanding their tactics into information warfare, potentially complicating incident response efforts.
As of now, MGM Resorts has restored its public-facing website and assured guests that most of its property offerings remain operational. The organization is also accommodating reservations and processing credit card transactions as usual, albeit with certain digital services temporarily offline. Cancellation fees have been waived for reservations through September 24.
In an interview with Reuters, Bradbury revealed that both MGM Resorts and Caesars Entertainment were among five clients of Okta that fell prey to the threat actor known as UNC3944, also recognized as Scattered Spider, Scatter Swine, or 0ktapus, operating as an affiliate of the ALPHV/BlackCat ransomware operation in recent weeks. Okta is actively cooperating with law enforcement agencies in ongoing investigations.
UNC3944 has been closely monitoring Okta for over a year. In 2022, this cybercriminal operation exploited Okta's reputation in a series of attacks on the technology sector. Bradbury noted an increase in social engineering attacks against Okta customers over the past year, often deceiving IT helpdesks into granting unauthorized access.
While Bradbury did not disclose the identities of other victims, London-based security consultancy DynaRisk indicated that UNC3944 might possess stolen Okta credentials linked to over 500 other companies, including Adobe, Diageo, and Epic Games.
This revelation from Okta addresses speculation that arose following a statement from the ALPHV/BlackCat ransomware operation on September 14. The gang claimed that MGM Resorts had detected their intrusion into Okta servers and attempted to access sensitive passwords. This incident resulted in MGM Resorts losing access to its Okta tenant while the attackers retained super administrator privileges.
However, Ariel Parnes, COO of Mitiga, cautioned against taking the gang's claims at face value, suggesting that they might be part of a psychological campaign to exert pressure on MGM. Regardless of the accuracy of the claims, the incident highlights the complexities of hybrid environments involving on-premises data centers, cloud, and SaaS.
Christopher Budd, director of the Sophos X-Ops team, emphasized the importance of focusing on the "how" of the attack rather than the "who." He noted that threat actors were expanding their tactics into information warfare, potentially complicating incident response efforts.
As of now, MGM Resorts has restored its public-facing website and assured guests that most of its property offerings remain operational. The organization is also accommodating reservations and processing credit card transactions as usual, albeit with certain digital services temporarily offline. Cancellation fees have been waived for reservations through September 24.
