An FBI agent who investigates cybercrimes told the casino industry Thursday to remain vigilant toward threats coming their way, and that they will catch the culprits and recover ransomware payments in the end.
Speaking at the World Game Protection Conference in Las Vegas, Frank Corral wouldn’t discuss ongoing cases in the industry, including the recent hacking of Wynn Resorts. ShinyHunters, a group believed affiliated with the hackers from Scattered Spider that hit MGM Resorts International and Caesars in 2023, was reportedly behind the theft of the luxury resort company’s employee data records. Reports suggested Wynn paid $1.5 million in ransomware to the computer hackers and that the data was deleted.
Hackers tend to be teenagers and other young people who understand information technology and have the ability to navigate systems and convince people to give out their credentials through social engineering, Corral said.
Groups are coming together, with someone developing malware and selling access to someone else after they see the value. The scheme has gone from wanting money for encrypting data and paying to get it back to seeking payment for not leaking it.
The average ransomware note was $2.73 million, but that can be negotiated down to $1 million, even though the FBI recommend ransoms not be paid even if demands are rising, Corral said.
“What we’re seeing coming at us in terms of cyber problems, the complaints are on the rise,” Corral said. “That should be telling your organization that it’s getting worse and you need to educate your people about this. This is victims reporting information to us. If I had to bet, it’s a lot worse. When people have a cyber event, they try to keep it down.”
Scattered Spider was the group that hacked and extorting Caesars Entertainment and MGM Resorts International using social engineering. Caesars paid a reported $15 million in ransom to access personal information of customers. MGM claimed losses of $100 million-plus after it was hacked by the group and casino operations impacted nationwide.
Corral said they’ve recovered $115 million from Scattered Spider hackers accused of extortion. In September, a British teen was arrested in connection with the MGM attack.
“This arrest is sending us a message,” Corral said without naming the MGM case. “It may take us some time. You may be hiding in other countries, but we can track you down and find you and arrest you for these matters.”
There have been a lot of wins, Corral said. People think the hackers are all overseas, won’t be caught and that the money is lost.
“That’s not the case,” Corral said. “A lot of time is required to find these people trying to hide themselves. But we will catch them.”
Casinos should most be worried about criminal threats of using ransomware to steal data. Other threats are from employees, especially someone who has been fired and still has access to the company’s computer system. The possibility of espionage isn’t as big a problem for the casino industry as it is for others, Corral said.
Corral said hackers are usually in a system for five months on the average before there is an attack and ransom demands.
“They have been in there for a while figuring things out, taking their time before the cyber event,” Corral said. “The most common thing we see in the gaming industry is the business-email compromise. This has plagued all industries.”
Social engineering is a key factor leading to those attacks and gaining access to computer systems, Corral said. Help desks are being called by hackers to get credentials.
Search engine optimization poisoning is a rising threat that people should pay attention to, Corral said.
“When you’re sitting on a computer and you’re looking for stuff, you trust that the search engine will deliver what you want,” Corral said. “You should not be clicking on that first result and you should understand what you are getting into.”
There are a lot of cases where an email comes in exploiting a financial relationship that they can learn about by hacking into the system, Corral said.
“This is the message to companies,” Corral said. “Anytime there is some type of financial transaction and you see a change, you should be challenging that. Don’t go to the email contact in the email. Ask who you called to verify that. Don’t be eager to facilitate that money transfer. Challenge it, and that’s where we see people win.”
The FBI sees it in the real estate industry as well, where wire instructions are fraudulent to close a sale, Corral said.