By Zeba Siddiqui
SAN FRANCISCO (Portal) – Hackers who carried out attacks on casino giants MGM Resorts International and Caesars Entertainment in recent weeks also broke into the systems of three other manufacturing, retail and technology companies, a person familiar with the matter said Security manager.
David Bradbury, chief security officer at identity management company Okta, said five of the company’s customers, including MGM and Caesars, have fallen victim to hacking groups called ALPHV and Scattered Spider since August.
In an interview with Portal, Bradbury did not name the other companies but said Okta was cooperating with official investigations into the breaches.
The hacks put a new spotlight on ransomware attacks – cyberattacks that affect hundreds of companies every year, from healthcare providers to telecommunications companies. MGM and Caesars lost market value last week as stock prices fell, and MGM has yet to recover from various business interruptions at the hotels and gaming venues it owns, from Las Vegas to Macau.
San Francisco-based Okta, which says it has more than 17,000 customers around the world, offers identity services such as multi-factor authentication, making it easier for users to securely access online applications and websites. Several violations it discovered among its customers last month prompted the company to issue a warning at the time, Bradbury said.
“We saw this happening in such a short period of time and we thought we should reach out to the industry as a whole and explain what is happening,” he said.
At the time, Okta reported that its U.S. customers reported a consistent pattern of attacks in which hackers posed as employees of a victim company and convinced their information technology help desk to grant them dual access.
“We have seen a steady increase in these types of attacks over the last six to 12 months,” Bradbury said.
MGM has not commented on the statement or the hack, other than saying last week that it was a “cybersecurity issue.” Caesars had previously said it was investigating the breach.
The story goes on
The financially motivated hacker group ALPHV claimed the MGM hack in a post on its website on Friday and warned MGM of further attacks if a deal was not reached. It is unclear how much ransom ALPHV demanded.
Bradbury said the group broke into MGM and gained access to its Okta client, giving it further access to additional credentials in the identity management company’s system.
Scattered Spider appears to have worked with ALPHV in the latest hacks, Bradbury said, citing research by security analysts who have tracked both groups. “Think of them more as business partners or affiliates,” he said.
Google’s Mandiant Intelligence last week named Scattered Spider, also known as UNC3944, as one of the most disruptive hacking teams in the United States. Bradbury said Mandiant’s description of the group’s tactics matched what Okta had observed in recent hacks.
(Reporting by Zeba Siddiqui in San Francisco; Editing by Michael Perry)