Casino del Sol in Tucson Fighting Cyber Attack
Following a significant system failure brought on by a cyberattack on February 21, the Casino del Sol in Tucson, Arizona, said on Tuesday that it has resumed some semblance of regular operations.
The Pascua Yaqui Tribe, the casino's owner, stated in a statement that the FBI and the Pascua Yaqui Police Department are collaborating to investigate the attack, which disabled ATMs, credit card systems, Wi-Fi, TVs, phones, and electronic door key systems.
Slot Machines Whirring Once More
The poker room, gaming tables, sports book, and all of the slot machines—including the ticketing system—are now fully functional.
As of Tuesday, all restaurants and bars were still only accepting cash payments, bingo was shut down until further notice, and the phone system was still down. According to the Tribe, the "Club Sol" casino rewards program is likewise not operational.
Additionally, other cash services in the casino cage are not available at the moment, even if slot tickets and game cheques are being cashed in.
“We extend our sincerest apologies for any disruption or concern this incident may have caused to our valued guests,” the casino said. “Your trust and security remain our top priorities.”
No News on the Ransom
Although it's unclear if a ransom demand was made in conjunction with the intrusion, it does have the characteristics of a ransomware attack.
Hacking organizations are increasingly targeting "big game" — huge companies, including casinos — in quest of larger payoffs, according to a new research by crypto analytics firm Chainanalysis, which also revealed that ransom payments to hackers nearly doubled to a record $1.1 billion last year.
Dispersed Spider
A group called "Scattered Spider" attacked MGM and Caesars with destructive ransomware in September 2023.
The group is suspected of "spoofing," or posing as a senior MGM employee over the phone while contacting the company's help line, by using social engineering techniques.
By deceiving support personnel into changing the passwords and multifactor authentication (MFA) codes for the person they were impersonating, they were able to access the system.
MGM refused to pay the ransom, resulting in days of business interruption and an estimated $100 million in losses. The Wall Street Journal claims that Caesars paid Scattered Spider over $15 million to restore regular services.
The cybersecurity community, not the criminals themselves, came up with the nickname "Scattered Spider." The organization that targeted Caesars and MGM calls itself "Star Fraud." Its members belong to "the Com," a loose association of hackers.
