Caesars Entertainment Confirms Second Casino Attack: Pays Millions in Ransom

If you’re a betting person, you might consider the odds of two major casinos falling victim to cyberattacks quickly to be quite low. However, that’s precisely the current situation in the gambling world. Following a cyberattack on MGM casinos, Caesars Entertainment has confirmed that it was also targeted by hackers just last month, resulting in a significant ransom payout.

As reported by Bloomberg, the late-August cyberattack on Caesars Entertainment forced the company to pay the hackers tens of millions of dollars. The details of this incident were disclosed in an SEC filing released by the company, shedding light on the nature and extent of the breach. According to the filing, the breach resulted from a “social engineering attack on an outsourced IT support vendor.” Sources close to the matter told The Wall Street Journal that this social engineering attack involved a hacker impersonating an employee to persuade the IT contractor to change a password. Subsequently, the hackers successfully infiltrated the company’s loyalty program database, which contained many members’ sensitive data, including Social Security and driver’s license numbers.

In response to the breach, the company stated in the SEC filing that they have taken steps to ensure that the unauthorized actor deletes the stolen data, although they cannot guarantee the result. They are monitoring the web and have not seen evidence that the data has been further shared, published, or misused. Nonetheless, out of caution, they have offered credit monitoring and identity theft protection services to all members of their loyalty program.

While Caesars Entertainment did not immediately respond to Gizmodo’s request for comment, the wording of their statement strongly suggests the possibility of a ransom payment to the cybercriminals behind the attack.

The suspected perpetrators behind this breach are believed to be a hacking group known as Scattered Spider, also identified as UNC 3944. Cybersecurity firm Trellix has noted in a blog post that Scattered Spider has been active since May 2022 and typically targets telecommunications companies, critical infrastructure groups, and business process outsourcing organizations, such as the IT company that had a role in Caesars’ breach. Trellix further elaborates that social engineering attacks are Scattered Spider’s modus operandi, indicating their proficiency in manipulating human behaviour for cyber exploits.

This announcement from Caesars Entertainment comes on the heels of a similar cyberattack on MGM Resorts International, disclosed just days prior. The MGM breach, which reportedly stemmed from a 10-minute social engineering phone call, resulted in hackers gaining access to the company’s systems. In this case, the attackers identified an IT worker on LinkedIn and contacted the help desk, ultimately deceiving an employee into granting them access to MGM’s systems. While Reuters identifies Scattered Spider as the likely culprit, some reports suggest that a sub-group of Scattered Spider, known as ALPHV or Blackcat, may have been involved. Trellix’s blog post suggests that Blackcat has previously utilized Scattered Spider software, pointing to a possible connection between the two groups.

These successive cyberattacks on major casino operators highlight the growing threat cybercriminals pose to businesses, underscoring the importance of robust cybersecurity measures and employee training to mitigate such risks.

Leave a comment