An FBI Private Industry Notification issued on Tuesday revealed that ransomware threat actors are increasingly finding access to casinos through third-party vendors. The Nov. 7 notification focused on initial access, the method used by threat actors to infiltrate a victim’s network.
The notification highlighted various ransomware trends observed by the FBI, including the exploitation of vulnerabilities in vendor-controlled remote access to casino servers. Additionally, the FBI noted that small and tribal casinos have been targeted by ransomware attacks, resulting in the encryption of servers and the compromise of personally identifying information (PII) belonging to employees and patrons.
The notification emphasized that between 2022 and 2023, ransomware attacks had compromised casinos through third-party gaming vendors. However, specifics regarding the gaming vendors involved and how they were compromised were not disclosed by the FBI.
The timing of the notification coincided with the disclosure of high-profile social engineering attacks against industry giants, Caesars Entertainment and MGM Resorts. In the case of MGM, the Alphv/BlackCat ransomware gang claimed responsibility for the attack, causing significant disruptions at MGM hotels and casinos for several days.
Another concerning trend highlighted in the notification was the victimization of companies through the use of legitimate system management tools to elevate network permissions. The FBI pointed to a campaign by the Luna Moth ransomware gang, notorious for callback phishing, where victims were duped into installing legitimate system management tools that were then repurposed for malicious activities.
The FBI proposed several mitigations for organizations looking to enhance their identity and access management practices. These included the implementation of phishing-resistant multifactor authentication, regular review of networks for new or unrecognized accounts, and configuring user access controls according to the principle of least privilege.
The FBI’s efforts to provide timely and relevant information to organizations underscore the severity of the ransomware threat and the importance of implementing robust cybersecurity measures. The implications of ransomware attacks on small and tribal casinos as well as larger gaming vendors have far-reaching consequences, highlighting the need for increased vigilance and preparedness within the gaming industry.