Concise Cyber

Subscribe below for free to get these delivered straight to your inbox

Advertisements
MGM & Caesars Cyberattacks: How Social Engineering Brought Down Casino Giants
Advertisements

A High-Stakes Hack: The Anatomy of the Attacks

In a stark reminder of the fragility of even the most fortified digital infrastructures, casino and hotel giants MGM Resorts International and Caesars Entertainment fell victim to crippling cyberattacks. These incidents, which unfolded in September 2023, were not the result of a brute-force assault on firewalls, but rather a sophisticated campaign of social engineering orchestrated by a group known as Scattered Spider (also tracked as UNC3944). The attackers reportedly used a low-tech method to achieve a high-impact breach: they simply picked up the phone.

Reports indicate the threat actors executed a vishing (voice phishing) attack. They impersonated an employee, called the IT help desk, and convinced the support staff to grant them access to the network. Once inside, they were able to deploy the notorious BlackCat/ALPHV ransomware, leading to widespread system outages at MGM properties, including slot machines, hotel key cards, and reservation systems. This identity-driven attack highlights a critical vulnerability: the human element remains the weakest link in the security chain.

To Pay or Not to Pay: A Tale of Two Responses

The divergent strategies employed by the two casino behemoths in the aftermath offer a compelling case study in ransomware response. According to an SEC filing, Caesars Entertainment opted to pay a ransom, reportedly around $15 million, after the attackers threatened to release a significant trove of stolen customer data from its loyalty program. This decision allowed them to avoid a major public-facing operational shutdown.

In contrast, MGM Resorts refused to pay the ransom. While lauded by some cybersecurity experts for not funding criminal enterprises, this choice led to a protracted and public battle. The company endured over a week of significant operational disruption, costing them an estimated $100 million in losses. The BlackCat ransomware group later claimed to have exfiltrated 6 terabytes of sensitive data, including information on high-profile guests, underscoring the severe consequences of either decision. These events force a difficult conversation about the untenable position many organizations find themselves in when faced with a ransomware crisis.

All articles are written here with the help of AI on the basis of openly available information which cannot be independently verified. We do strive to quote the relevant sources.The intent is only to summarise what is already reported in public forum in our own wordswith no intention to plagarise or copy other person’s work.The publisher has no intent to defame or cause offence to anyone, any person or any organisation at any moment.The publisher assumes no responsibility for any damage or loss caused by making decisions on the basis of whatever is published on cyberconcise.com.You’re advised to do your own checks and balances before making any decision, and owners and publishers at cyberconcise.com cannot be held accountable for its resulting ramifications.If you have any objections, concerns or point out anything factually incorrect, please reach out using the form on https://concisecyber.com/about/

Discover more from Concise Cyber

Subscribe now to keep reading and get access to the full archive.

Continue reading