BitsnBytes Fall2023

Bits & bytes Fall 2023 4 Unveiling the Gen Z Hackers: Breaches at MGM and Caesars Exposed I n an alarming shift from conventional cybercriminal tactics, a highly sophisticated hacking group known by several names — Scattered Spider, Starfraud, UNC3944, Scatter Swine, and Muddled Libra — has emerged as a formidable threat, according to a Reuters article (September 22, 2023). Palo Alto Networks, a U.S. security firm, first detected this group’s distinct operation pattern around a year ago, revealing a sophisticated approach that deviates from typical cybercriminal activities. More recently, in September 2023, Scattered Spider breached two systems of casino giants, MGM Resorts and Caesars Entertainment Ltd. David Bradbury, Chief Security Officer at Okta, an identity management firm, discovered that MGM and Okta customers were breached by Scattered Spider using social engineering. Furthermore, the security firm CrowdStrike has tracked 52 attacks globally by the group since March 2022, said Adam Meyers, Senior Vice President of CrowdStrike. Scattered Spider’s Unconventional Tactics Social Engineering Excellence: Scattered Spider’s notable skill lies in social engineering. This method entails hackers, often native English speakers, impersonating employees to manipulate IT helpdesks, enabling them to bypass multi-factor authentication (MFA) and gain unauthorized access. Targeting Major Corporations and Global Reach: The group gained notoriety by breaching casino giants like MGM Resorts and Caesar Entertainment. Still, according to Meyers from CrowdStrike, the group also attacks industries worldwide, targeting sectors ranging from telecommunications to finance, hospitality, and media.