Last month, the Las Vegas Strip was making headlines for a lot more than just excessive spending and entertainment. Two of the world’s largest hotel and casino companies fell victim to devastating ransomware attacks. Both MGM Resorts International and Caesars Entertainment reported that their computer systems were disrupted in early September after a social engineering attack. While MGM refused to pay the ransom demanded, Caesars Entertainment met the hackers’ demands. We take a closer look at the latest updates on both these casino hacks – starting with the MGM Cyber Attack.
Latest Updates on the MGM Cyber Attack
MGM Resorts International is a gaming and entertainment conglomerate with 28 destinations around the world. The US$ 14 billion company is most famous for its hotel and casino establishments – especially in Las Vegas. On the 11th of September, MGM reported a “cybersecurity issue” that was affecting some of its U.S. systems. The company then shut down these affected computer systems to protect data.
The Las Vegas cyber attack hit several major MGM hotels – including the Bellagio – and affected the company’s main website and mobile app, online reservations, ATMs, slot machines, and credit card machines. Several guests took to social media to complain about ineffective transactions and failed bookings. Some guests couldn’t even enter their hotel rooms due to broken digital door keypads.
A hacking group called Scattered Spider later claimed responsibility for the MGM cyber attack. The group is an affiliate of the ransomware-as-a-service group called BlackCat – or ALPHV – and managed to infiltrate the MGM computer systems, steal sensitive data, and encrypt over a hundred ESXi hypervisors. The Scattered Spider group specializes in social engineering attacks that manipulate people into giving out sensitive information that can be later used to compromise the system.
According to Reuters, the group claimed that it stole 6 terabytes from both MGM and Caesars Entertainment. A cybersecurity expert running an online repository of malware samples called "vx-underground" provided Reuters with the group’s representative who claimed that they did not plan on making the data public – stating that “if MGM wishes to release that information they will. We do not do that.” The company announced the end of its 10-day computer shutdown on the 20th of September.
MGM CEO, Bill Hornbuckle, stated in a letter to customers on the 5th of October that the vast majority of systems across MGM establishments were back online and that the attack was contained. MGM Resorts refused to pay the ransom amount and Hornbuckle assured Bloomberg that his reasons for not caving to the extortion was not “a white horse moment” driven by nobility. The company was already well on its way to repairing systems by the time the ransom note arrived and saw no reason to respond.
Hornbuckle assured that no customer bank account numbers or payment card information was compromised, but that the hackers made off with other personal information. This included names, contact information, driver's license numbers, Social Security numbers, and passport numbers belonging to some customers who did business with MGM before March 2019. While the company did not reveal just how many people that includes, it is providing free credit monitoring services to them. The Las Vegas Review-Journal reported that MGM Resorts International has begun sending out loyalty rewards to customers affected by cyber-attacks.
According to a filing by MGM, the company “estimates a negative impact from the cyber security issue in September of approximately US$ 100 million to Adjusted Property EBITDAR for the Las Vegas Strip Resorts and Regional Operations, collectively." Additionally, MGM lost around US$ 10 million to risk remediation, legal fees, third-party advisory, and incident response measures. However, the company says it expects to be fully covered by its cybersecurity insurance.
The MGM Resorts casino operator has seen its share price decline by more than 6% and the security incident is now being investigated by the FBI. Unfortunately, MGM International Resorts wasn’t the only hotel and casino giant battling cyber-attacks in September as the Caesars Entertainment ransomware attack took place only a few weeks earlier. Let’s take a closer look at how the Caesars cyber-attack played out.
Latest Update on Caesars Casino Hack
Caesars Entertainment is a global leader in gaming and hospitality. The company owns several famous hotels – including the Las Vegas Caesars Palace. Last year alone, Caesars Entertainment generated a revenue of US $11 billion. On the 14th of September, the company revealed in an SEC filing that it had been the victim of “a social engineering attack on an outsourced IT support vendor used by the company.”
Unlike the MGM cyber attack, Caesars Entertainment reported that its customer-facing operations, physical properties, and online and mobile gaming applications were not disrupted. However, the filing also states that Caesars figured out that the hackers stole a copy of the Caesars Rewards loyalty program database a week prior. This contained driver’s license numbers and/or social security numbers for a significant number of members in the database. Caesars says that there was no evidence that any member passwords, bank account information, or payment card information were stolen.
In another filing on the 6th of October made with the US state's Attorney General's office, Caesars Entertainment disclosed that the hackers had stolen the data of 41,397 Maine residents in the Las Vegas cyber attack. The company maintained that it has taken steps to ensure that the stolen data is deleted by the unauthorized actor, but that it cannot guarantee that result. To ease concerns, Caesars is offering complimentary identity theft protection services. This includes 2 years of credit and dark web monitoring to help detect any misuse of your information, as well as a US$ 1,000,000 insurance reimbursement policy and fully managed identity restoration if you fall victim to identity theft.
Scattered Spider seems to have been behind the Caesars ransomware attack as well. The group is reported to have entered the hotel and casino company’s computer systems by deceiving an employee at a third-party vendor. While the company did not say that the ransom amount had been paid and requests for comment were, the SEC filing implied a certain level of expenses were incurred. The Wall Street Journal reported that the hackers demanded a US$ 30 million ransom and it has now been widely reported that Caesars paid US$ 15 million for the promise to secure the data.
Both the MGM Internal Resort and Caesars Entertainment face up to 9 federal lawsuits over the cyber-attacks. However, there are some lessons that you can glean from these major cybersecurity incidents for the sake of your own business before it’s too late.
Lessons Learnt from Las Vegas Cyber Attack Frenzy
For most businesses, the thought of a cyber-attack might not rank too high on the list of concerns. However, in a digital age, cybersecurity needs to be a crucial element for any company to survive. These are some of the few lessons we can learn from the recent ransomware attacks on MGM and Caesars:
- Large corporations can still be victims of ransomware attacks. The casino and hospitality industries are always easy targets for ransomware groups. These are lucrative businesses that rely on consistent services – which makes them more likely to pay ransoms.
- Social engineering attacks are popular for carrying out cyber-attacks. This means that your workforce can be your biggest liability when it comes to keeping your system secure. Employees need to be careful with login credentials and use proper cyber hygiene practices to actively prevent social engineering attacks from being successful.
- Businesses that take a proactive approach to cybersecurity have a better chance of fending off cyber-attacks in the future. Try to stay updated on the latest cyber threats in your industry and use the best cybersecurity platforms available.
- Keeping your systems updated will ensure the best level of protection. Sources told Recorded Future News that MFM Resorts used servers that were outdated and vulnerable.
Sangfor is a trusted and leading cybersecurity and cloud computing provider. While the ransomware attacks on MGM International Resorts and Caesars Entertainment have shocked the industry, it’s important to note that you can play an active role in preventing these attacks from happening.
For more information on Sangfor’s cyber security and cloud computing solutions, visit www.sangfor.com.
