The FBI has issued a warning regarding ransomware attacks that specifically target third-party vendors and services [4], with a particular focus on casinos. These attacks primarily affect small and tribal casinos [2], resulting in encrypted servers and the theft of personally identifying information.
Description
The FBI has identified a concerning trend of ransomware attacks targeting small and tribal casinos. These attacks exploit vulnerabilities in vendor-controlled remote access and utilize legitimate system management tools to gain elevated permissions within the victim organizations’ networks [1] [4]. While the specific gaming vendors compromised have not been disclosed, the FBI has observed multiple instances of these attacks [4], particularly in the years 2022 and 2023.
In addition to the ransomware attacks, the FBI warns of callback-phishing data theft and extortion attacks conducted by a group known as the Silent Ransom Group (SRG) or Luna Moth [4]. This group employs phishing messages to direct victims to join a legitimate system management tool through a link provided in a follow-up email [4]. Once connected [4], the attackers deploy additional remote management tools to compromise local and network shared drives [4], exfiltrate data [4] [5], and attempt to extort victim companies [4].
To address these threats, the FBI recommends that organizations implement security policies for remote access solutions and thoroughly investigate any unapproved solutions installed on workstations [3]. Mitigating the risk of ransomware requires organizations to create backups [4], review the security posture of third-party vendors [4], secure user accounts [4], implement phishing-resistant multi-factor authentication and network segmentation [2] [4], monitor for suspicious activity [4], disable unused ports and services [4], and keep systems and applications updated [4].
Conclusion
The impact of these ransomware attacks on small and tribal casinos is significant, with encrypted servers and stolen personally identifying information posing serious risks. To mitigate these risks [4], organizations must take proactive measures to strengthen their security posture. By implementing the recommended security policies and measures, organizations can better protect themselves against ransomware attacks and the potential extortion and data theft that may follow. Looking ahead, it is crucial for organizations to remain vigilant and stay updated on emerging threats in order to effectively safeguard their networks and sensitive information.
References
[1] https://cert.bournemouth.ac.uk/fbi-highlights-emerging-initial-access-methods-used-by-ransomware-groups/
[2] https://www.techtarget.com/searchSecurity/news/366558813/FBI-Ransomware-actors-hacking-casinos-via-third-parties
[3] https://www.scmagazine.com/news/silent-ransom-group-ramps-up-callback-phishing-attacks
[4] https://ciso2ciso.com/fbi-highlights-emerging-initial-access-methods-used-by-ransomware-groups-source-www-securityweek-com/
[5] https://www.infosecurity-magazine.com/news/fbi-ransomware-initial-access/
