Las Vegas Casinos Targeted by Ransomware Attacks
October 24, 2023
Topics
- Social Engineering
- Ransomware
October 24, 2023
Topics
Ever since the invention of internet browsers for personal computers came about in the 1990s, cybercrime has been on the rise. Almost 30 years after the invention of the World Wide Web, cybercriminals have a variety of different methodologies and toolkits they use daily to leverage vulnerabilities and commit crimes. One of the most popular types of attacks that is used by threat actors is a ransomware attack. Most recently, several Las Vegas Casinos fell victim to a series of ransomware attacks.
In mid-September 2023, two of the biggest Las Vegas casino and hotel chains found themselves to be victims of ransomware attacks. The two organizations that were targeted were Caesars Entertainment and MGM Resorts International.
The attack against MGM was first reported on September 11, 2023, when MGM personnel put out a public statement stating that a “cyber security incident” had affected some of its systems. In the days following this statement, many guests reported numerous problems with the casino and the hotel operations of the company. On the Casino side, many guests reported problems with slot machines and payout receipts. The slot machines in some of the MGM casinos were completely inoperable. In the casinos where the slot machines were operational, the machines were not able to print out the cash-out vouchers. On the hotel side, many of the organization's hotel websites were inaccessible for some time following the attack. Guests across multiple MGM hotels reported issues with their mobile room keys not functioning, and new arrivals reported wait times of up to six hours to check-in.
A hacking group known as Scattered Spider has taken credit for the ransomware attack against MGM Resorts International. Scattered Spider first appeared in the cyber threat landscape in May 2022 and is thought to be individuals ages 19-22 based out of the UK and USA. The attackers carried this attack out in three phases. The first phase was reconnaissance, in which they stalked the company’s LinkedIn Page and the employees who work there. The second phase of the attack was a vishing attack against MGM’s IT help desk. A vishing attack is when someone uses phone calls or voice communication to trick the victim into sharing personal information, credit card numbers, or credentials. Using the information, they gathered on LinkedIn; the attackers were able to impersonate an MGM employee and tricked the help desk into giving them credentials into MGM systems. The attack's third phase was the launching of ransomware developed by another hacker group, ALPHAV. Scattered Spider rendered multiple systems throughout the organization useless unless the ransom was paid. Currently, it is not known if MGM paid the ransom, but all casinos are once again fully operational.
Days after MGM reported it had been hacked, Caesars Entertainment group disclosed to the SEC that they were also a victim of a cyber-attack around the same time as MGM. In a statement to the SEC, Caesars reported that confidential information about members of its customer loyalty program was stolen. Caesars representatives stated that the hackers were able to break into computer systems through a social engineering attack on an IT support contractor. Not much information is available about the execution of this attack. The use of a social engineering attack has led many people to believe that Scattered Spider was also behind this attack. The hackers demanded that Caesars pay a ransom of $30 million. It is reported that the organization paid $15 million to the hackers and the company has “taken steps to ensure the stolen information is deleted by the hacker but cannot guarantee this result”.
Almost 98% of cyberattacks worldwide rely on some form of social engineering to act as a gateway to launch a much more sophisticated attack. In the cases of MGM and Caesars, both organizations were infiltrated by social engineering and allowed attackers to gain initial access to the systems. Social engineering targets the weakest link of all cybersecurity operations and that is humans. This is why it is so important to have proper training to help reduce the chances of your organization becoming a victim of one of these attacks. Many organizations spend thousands of dollars every year to have employees take part in phishing training. However, training for phishing alone is not enough. As we’ve seen in these two attacks, there are other forms of social engineering attacks such as vishing, smishing, whaling, and watering hole attacks just to name a few. It would be more beneficial to organizations to focus on a more holistic set of social engineering training rather than just focusing on phishing.
The attacks against MGM and Caesars began with simple social engineering tactics where employees of the victim organization were tricked into giving information to the hackers. Although the hacking group known as Scattered Spider is fairly new, being formed in 2022, it has already begun to make headlines. It will be interesting to see how this group evolves over the next couple of years. The attacks against two of the biggest casino and hotel chains in America should serve as a warning that even the biggest are susceptible to cyberattacks. More importantly, these ransomware attacks show the importance of proper social engineering training to keep organizations better protected from threats.
https://www.vox.com/technology/2023/9/15/23875113/mgm-hack-casino-vishing-cybersecurity-ransomware
https://www.theverge.com/2023/9/11/23869020/mgm-resorts-hacked-casino-shut-down-las-vegas
https://www.cshub.com/attacks/news/a-full-timeline-of-the-mgm-resorts-cyber-attack#:~:text=A%20timeline%20of%20the%20MGM,million%20ransom%20to%20the%20hackers
https://www.wsj.com/lifestyle/travel/las-vegas-mgm-cyberattack-casinos-6ca43dcf