Cybersecurity Study Reveals Hackers’ Resort to Violent Threats in Las Vegas Casino Breach

Cybercrime Hackers that breached Las Vegas casinos rely on violent threats, research shows

By AJ Vicens

A criminal hacking group known as “the Com,” which was responsible for a recent breach that crippled several Las Vegas resorts, has been found to rely on violent threats in their attacks, according to research released by Microsoft’s threat intelligence and incident response divisions.

Increasing Use of Social Engineering Techniques and Violence

The hacking group, also known as Octo Tempest, 0ktapus, Scattered Spider, or UNC3944, primarily targets technical personnel on support desks and uses social engineering techniques to trick them into granting access to protected systems or handing over credentials. However, the researchers at Microsoft have discovered that in some cases, the group has resorted to violent threats to gain access to high-profile targets, even going so far as to send text messages threatening violence against a target’s loved ones.

The group is composed primarily of native English speakers in their teens and early 20s, making them one of the most dangerous financial criminal groups operating online today. They are capable of executing broad social engineering campaigns to compromise organizations globally.

Evolution of the Com

The Com initially gained attention in early 2022 for their involvement in SIM swapping and account takeovers to facilitate cryptocurrency theft. By early 2023, some members of the group adopted a more aggressive approach, extorting telecommunications, email, and technology organizations.

While the Com is referred to as a group for ease of tracking, it actually emerged from a larger ecosystem known as “the Com,” which is a community of subgroups and cliques engaging in various cybercriminal activities, including account takeovers, SIM swapping, cryptocurrency thefts, and even acts of violence.

Prolific Attacks on Major Corporations

The Com has targeted major corporations in a series of high-profile attacks. Their recent attack on Caesars Entertainment and MGM Resorts crippled casino and hotel operations. Prior to that, the group had attacked Okta, Microsoft, Nvidia, Rockstar, and Samsung.

Caesars reportedly paid approximately $15 million to the attackers, while MGM suffered more than $110 million in direct and indirect costs and losses from the incidents.

Failures of the Cybersecurity Industry

A cybersecurity researcher familiar with the Com has criticized the industry’s failure to address the group with sufficient urgency. The researcher believes that the industry underestimates the creativity and capabilities of these young hackers. Ignoring their threat has contributed to the current state of cybercrime.

Editorial: Addressing the Rising Threat of Cybercrime

As cybercriminals become increasingly sophisticated and adapt to evolving technologies, it is vital for the cybersecurity industry and law enforcement agencies to prioritize the fight against cybercrime. The Com hacking group, with its reliance on violent threats, serves as a stark reminder that cybercriminals are not limited to technical skills alone. They are capable of leveraging fear, intimidation, and violence to achieve their goals.

The case of the Com highlights the urgent need for a multi-faceted approach to cybersecurity. Organizations must invest in robust security measures, including strong authentication protocols, regular vulnerability assessments, and employee training on social engineering and phishing attacks. Additionally, collaboration and information sharing between organizations and law enforcement agencies are crucial for identifying and apprehending cybercriminals.

Philosophical Discussion: Cybercrime and Society

The rise of cybercrime raises profound philosophical questions about the nature of society and the role of technology within it. As technology becomes increasingly integrated into our lives, our vulnerability to cyber threats grows. The Com hacking group, primarily composed of young individuals, exemplifies how individuals can exploit the power of technology for malicious purposes.

This raises questions about the responsibility of society to protect individuals from becoming perpetrators of cybercrime. While many young hackers possess great technical abilities, their potential for harm cannot be ignored. Efforts should be made to redirect their talents towards positive contributions to society, such as ethical hacking and cybersecurity research.

Advice: Protecting Against Cyber Threats

1. Prioritize Cybersecurity

Invest in robust cybersecurity measures, including regular updates, strong passwords, two-factor authentication, and encryption. Regularly backup important data and implement firewalls and intrusion detection systems.

2. Educate and Train Employees

Train employees on cybersecurity best practices, including how to identify and avoid social engineering techniques and phishing attacks. Encourage a culture of security awareness and provide clear guidelines for handling sensitive information.

3. Collaborate and Share Information

Establish partnerships with other organizations and share information about cyber threats and best practices. Collaboration can help identify emerging cyber threats and develop effective countermeasures.

4. Support Ethical Hacking and Cybersecurity Research

Encourage ethical hacking and cybersecurity research as legitimate career paths for individuals interested in technology and hacking. Provide resources and support for training programs and initiatives that promote cybersecurity skills and knowledge.

By taking proactive measures and addressing the underlying issues that contribute to cybercrime, we can work towards a safer and more secure digital future.