FBI alerts casinos of ransomware attacks using legitimate tools. Learn mitigation techniques for cyber resilience

Continue reading
The Federal Bureau of Investigation (FBI) has issued a significant warning regarding ransomware threat actors aiming their attacks at casino servers. Employing legitimate system management tools, these adversaries intensify their network permissions, exploiting vulnerabilities in vendor-controlled remote access to breach casino servers. This comprehensive article delves into the intricacies of the warning and outlines the modus operandi of these threat actors.
The FBI report underscores the ongoing reliance of ransomware gangs on third-party gaming vendors to infiltrate casinos. Notably, since the beginning of 2022, these attacks have primarily targeted small and tribal casinos, encrypting servers and compromising the personal data of both employees and patrons.
One of the distinct threat actors, identified as 'Silent Ransom Group' (SRG), along with 'Luna Moth,' has been actively perpetrating callback-phishing data theft and extortion assaults since June. The SRG employed a cunning approach by persuading victims to call a designated number, insinuating pending charges on their accounts. Subsequently, upon falling for the ruse, victims were convinced to install a system management tool. This tool, in turn, facilitated the installation of legitimate utilities covertly harnessed for malicious intent.
The FBI's statement clarifies the modus operandi, where the SRG actors compromised local files and network-shared drives, extracting victim data and coercing companies into extortion.
The report details the SRG's phishing lures, focusing on deceptive subscription renewal tactics. Unlike typical ransomware actors, the SRG group centers its activities on data extortion without file encryption.
To combat such threats, the FBI offers a series of mitigation strategies. Organizations are strongly advised to implement various measures to limit adversaries' exploitation of standard system and network discovery techniques. Key recommendations include maintaining encrypted and immutable offline backups for comprehensive data infrastructure and enforcing policies for remote access and trusted application execution.
Strong emphasis is placed on implementing robust password policies, multifactor authentication, and meticulous auditing and managing administrative privileges. Additionally, network segmentation, vigilant monitoring for anomalous activities, secure Remote Desktop Protocol (RDP) usage, and consistent software updates are highlighted as crucial security measures.
System administrators are encouraged to bolster security by deactivating unnecessary ports and protocols, incorporating email banners for external-originating messages, and restricting command-line and scripting activities.
Polymarket's hack losses climb to $3.1M across 11 wallets as the platform faces a federal probe into deceptive marketing, even after pledging full refunds.