In a recent cyber attack saga, both MGM Resorts and Caesars Entertainment, major players in the casino industry, have been targeted by a ransomware group. While MGM Resorts has not confirmed if a ransom was paid, the ongoing IT disruptions suggest otherwise.
In contrast, Caesars Entertainment reportedly paid approximately half of a $30 million ransom demand, a decision that has raised concerns about the sector becoming a more attractive target for cybercriminals. Security experts anticipate that other casino operators might face similar threats in the future.
MGM Resorts initially alerted the public about a “cybersecurity issue” affecting its operations, leading to the use of backup processes for various functions. Despite the company’s statement that its resorts remained operational, guests reported difficulties accessing services like payment cards or on-site ATMs.
The Alphv ransomware group claimed credit for the attack, alleging that they had manipulated the MGM Resorts IT help desk into granting them network access through social engineering.
Caesars Entertainment’s ransomware attack seems to have started with a social engineering attack against a third-party IT provider, possibly beginning as early as August 27. The attackers tricked an IT help desk into resetting a password, leading to the ransom demand.
The group responsible, UNC 3944, also known as Scattered Spider and Muddled Libra, is skilled in telephoning victims and convincing them to visit malicious websites or granting access through social engineering. Their successful attack on Caesars, including the reported ransom payment, has raised concerns about the cybersecurity of the casino industry and its vulnerability to future attacks.
The actions taken by Caesars Entertainment to deal with this cyber threat might make the casino sector more attractive to hackers. Security experts warn that other casino operators could become targets, especially those considered less resilient than major industry players like Caesars and MGM Resorts.
As the casino industry grapples with these cybersecurity challenges, the sophistication of ransomware attacks and social engineering tactics used by hacking groups like UNC 3944 continue to evolve, posing significant risks to organizations and their data security.