The FBI is warning the public of a new ransomware trend in which attackers use legitimate system management tools to target casino servers and companies.
Compromising corporate network or systems takes a lot of work. It’s much easier to trick employees into giving direct access to the systems and using already established legitimate apps to get elevated permissions.
“The FBI continues to track reporting of third-party vendors and services as an attack vector for
ransomware incidents,” explained the FBI in a Private Industry Notification (PIN). “Between 2022 and 2023, the FBI noted ransomware attacks compromising casinos through third-party gaming vendors. The attacks frequently targeted small and tribal casinos, encrypting servers and the personally identifying information (PII) of employees and patrons.”
While it might be easier from a technical perspective to persuade employees or small business owners to provide attackers with direct access, it’s still a complex process. According to the FBI, it starts with a phishing attack and a phone call from the potential victim. Then, malicious actors direct victims to join a system management tool via a link provided in a follow-up email.
“The threat actors then used the management tools to install other legitimate system management tools that can be repurposed for malicious activity,” the FBI said. “The actors then compromised local files and the network shared drives, exfiltrated victim data, and extorted the companies.”
The FBI warning is meant to prepare businesses to deal with these new types of attacks and to understand that there are multiple ways to become a victim, not just from the usual directions, like unpatched software.
Of course, while the current trend is to attack casinos through third-party gaming vendors, that doesn’t mean other organizations are safe. If anything, companies should take notice and strengthen their posture even if they’re not part of this market.