September 14, 2023 | The recent ransomware attacks on MGM International and Caesars Entertainment by the Scattered Spider group highlight the threat of known tactics and techniques that have been well-documented for months. The group utilizes the Bring Your Own Vulnerable Driver (BYOVD) technique, exploiting vulnerabilities in drivers like the Intel Ethernet diagnostics drivers to gain elevated privileges within Windows systems. While initial compromises may involve social engineering, the subsequent actions inside the network, especially if using advanced tactics like BYOVD, could significantly impact the severity of the breach. Scattered Spider, also known as UNC3944, operates as a financially driven threat actor, and their attacks raise concerns about the security of large organizations. The recent incidents indicate a potential shift in focus from traditional ransomware-as-a-service (RaaS) activities to advanced threat actor tactics. The security industry emphasizes the need for organizations to enhance security measures against such sophisticated threats and urges a comprehensive defense strategy beyond conventional security products.
Read full article
