HomeCyber BalkansRansomware gangs hack casinos via 3rd party gaming vendors

Ransomware gangs hack casinos via 3rd party gaming vendors

Published on

spot_img


 

The Federal Bureau of Investigation is warning that ransomware threat actors are targeting casino servers and use legitimate system management tools to increase their permissions on the network.

In a private industry notification, the agency says that third-party vendors and services are common attack vector. Ransomware gangs continue to rely on third-party gaming vendors to breach casinos.

“New trends included ransomware actors exploiting vulnerabilities in vendor-controlled remote access to casino servers, and companies victimized through legitimate system management tools to elevate network permissions,” the agency explains.

Starting 2022, the FBI noted ransomware attacks that targeted small and tribal casinos to encrypt servers and personally identifiable information of employees and patrons.

The alert also details that the threat actor known as ‘Silent Ransom Group’ (SRG) and ‘Luna Moth’ has been carrying callback-phishing data theft and extortion attacks since June.

The attacker tricked the victim to call a number under the pretense that there were pending charges on their account. If the victim fell for the ruse, SRG would convince them to install a system management tool, which was later used to install other legitimate utilities that can also be used for malicious purposes.

“The [SRG] actors then compromised local files and the network shared drives, exfiltrated victim data, and extorted the companies” – Federal Bureau of Investigation

Previous reports note that among the phishing lures associated with Luna Moth/SRG attacks are fake subscription renewal ruses. This group is focused on data extortion and does not encrupt the files.

Mitigation advice

The FBI recommends organizations to implement several mitigations to limit an adversary’s use of common system and network discovery techniques.

Organizations should keep offline backups that are encrypted and immutable for the entire company’s data infrastructure. Implementing policies for remote access and executing only known and trusted applications is also a step towards an improved security stance.

Strong password policies and multifactor authentication are encouraged, along with auditing and managing administrative privileges.

Network segmentation, adding solutions that monitor for abnormal activity, secure RDP usage and up-to-date software components are common recommendations that many companies still have to meet.

Finally, system admins are recommended to turn off unnecessary ports and protocols, add email banners for messages that originate outside the organization, and restrict command-line and scripting activities.

Reference: https://www.bleepingcomputer.com/news/security/fbi-ransomware-gangs-hack-casinos-via-3rd-party-gaming-vendors/

AH



Source link

Latest articles

LockBit hackers announce successful breach of US Federal Reserve

The LockBit cybercrime gang has made a bold claim of stealing a massive database...

Key Insights from the British Library Cyberattack

The British Library encountered a severe cyberattack in October 2023, resulting in the shutdown...

CISA Confirms Cyberattack on Critical Chemical Security Tool – Source: www.databreachtoday.com

The U.S. cyber defense agency, CISA, disclosed on Monday that a critical tool containing...

Cyber crime on the rise: nearly 120% increase in four years

The cybercrime rates in Scotland have seen a significant increase, with an estimated 16,910...

More like this

LockBit hackers announce successful breach of US Federal Reserve

The LockBit cybercrime gang has made a bold claim of stealing a massive database...

Key Insights from the British Library Cyberattack

The British Library encountered a severe cyberattack in October 2023, resulting in the shutdown...

CISA Confirms Cyberattack on Critical Chemical Security Tool – Source: www.databreachtoday.com

The U.S. cyber defense agency, CISA, disclosed on Monday that a critical tool containing...
en_USEnglish