Social engineering tactics led to both a ransomware attack and data breach against Caesars Entertainment and MGM Resorts. In an SEC filing, Caesars disclosed and undisclosed expense related to the attack, while the Wall Street Journal reported the hacker group demanded a $30 million dollar ransom. MGM Resorts suffered major disruptions from outages of their electronic payment systems, slot machines, paid parking systems and more as part of the ransomware attack.
As of the time of publishing, MGM has not paid a ransom and is still suffering from outages disrupting business operations as a result of the ransomware attack. According to the group taking credit for the ransomware attack, they encrypted data on more than 100 of MGM’s servers. The group claims to have stolen data from MGM’s network and continues to have access to some of the casino’s infrastructure, with the threat of more attacks looming should the ransom not be paid.
Caesars, who suffered a ransomware attack earlier, paid an undisclosed amount, as reported in an SEC (Security and Exchange Commission) filing. All of Caesars’ customer-facing operations remain intact and were not disrupted. The undisclosed ransom amount Caesars paid was not just to maintain operations, but also to prevent the sharing of customer data compromised in a related data breach. The hacker group acquired a copy of the Caesars Rewards Loyalty program database to include sensitive information such as Social Security and driver’s license numbers for “a significant number of members in the database.” The hacker group claims to have stolen 6 terabytes of data from MGM and Caesars between the attacks.
While the two casinos are taking different approaches in dealing with ransomware attack, both seemed to be attacked by the same group and both succumbed to the same vulnerability: a social engineering attack.
A member of the hacker group behind the attacks bragged about it taking just ten minutes to infiltrate MGM, which they did by purporting to be an MGM tech employee with information they could infer from LinkedIn, then calling the company’s support desk with a password reset request. Caesars confirmed that the breach they suffered was the result of a social engineering attack, although in this case it was targeted against an IT vendor.
The FBI is currently investigating both cyberattacks.
For more information: