Twin cyberattacks on MGM Resorts and Caesars Entertainment have recently been disclosed, highlighting the cybersecurity vulnerabilities within the casino industry. This has prompted the need for enhanced defensive measures and incident response processes.
Description
Both MGM Resorts and Caesars Entertainment fell victim to ransomware attacks. Caesars Entertainment reported a data breach on September 7 [8], potentially exposing personal information of loyalty rewards members [8]. While the company has taken steps to delete the stolen data [8], complete removal cannot be guaranteed. On the other hand, MGM Resorts experienced a 10-day computer shutdown starting on September 11th to protect sensitive data such as hotel reservations and credit card processing. The attack was orchestrated by the advanced persistent threat group known as “Scattered Spider,” operating under a Russia-based operation called ALPHV or BlackCat. The cybercriminals gained access to MGM’s network through social engineering and escalated their privileges to obtain administrator access [6]. Despite MGM’s attempts to restrict network access, they were unable to prevent the deployment of BlackCat ransomware, which encrypted over 100 ESXi hypervisors [6]. The extent of the breach and the financial impact on MGM Resorts have not been publicly disclosed.
Caesars Entertainment [1] [2] [3] [4] [5] [6] [7] [8] [9], the largest casino owner in the world [8], has offered credit monitoring and identity theft protection to affected customers [8]. However, their operations were not disrupted by the attack [8], unlike MGM Resorts [1] [4] [8].
Conclusion
These incidents have underscored the need for enhanced defensive measures and incident response processes within the casino industry. Experts recommend investing in employee training and robust cybersecurity practices to prevent and effectively respond to such attacks. The collaboration between Scattered Spider and ALPHV indicates a rise in professionalism among attackers, with ransomware attacks expected to persist [4]. It is crucial for enterprises to assess their vulnerabilities and mitigate risks [4]. Cybersecurity experts are urging all casinos to enhance their defensive measures and review their incident response processes [3], emphasizing the need for increased vigilance in the face of potential future attacks [3].
MGM Resorts International experienced a cyberattack that caused operational issues across their venues and properties in the USA [2]. The attack was attributed to ransomware groups ALPHV/Black Cat and Scattered Spider [2]. The hackers gained entry to the MGM systems through social engineering tactics. Similarly, Caesars Entertainment suffered a similar attack and paid hackers $15 million to regain control of their systems and prevent the sale of stolen data [2].
References
[1] https://www.darkreading.com/application-security/mgm-caesars-incident-responses-required-brutal-choices
[2] https://www.forbes.com/sites/byroncole/2023/09/21/what-the-mgm-resorts-attack-can-teach-small-businesses-about-cybersecurity/
[3] https://gizmodo.com/mgm-resorts-operations-resume-10-days-after-cyberattack-1850860489
[4] https://www.informationweek.com/cyber-resilience/what-are-the-biggest-lessons-from-the-mgm-ransomware-attack-
[5] https://apnews.com/article/vegas-mgm-resorts-caesars-cyberattack-shutdown-a01b9a2606e58e702b8e872e979040cc
[6] https://blog.barracuda.com/2023/09/21/cybersecurity-threat-advisory-cyberattacks-MGM-Resorts
[7] https://abc7.com/las-vegas-cyberattack-mgm-hotel/13810853/
[8] https://www.theday.com/business/20230914/casino-giant-caesars-entertainment-reports-cyberattack-mgm-resorts-says-some-systems-still-down/
[9] https://qz.com/mgm-resorts-computers-back-up-after-10-days-as-analysts-1850858296
