Major Cybersecurity Breaches at MGM Resorts and Caesars Entertainment: A Reminder that All Businesses Must Stay Vigilant

MGM Resorts and Caesars Entertainment recently faced unprecedented disruptions due to cyberattacks, involving substantial financial losses and operational hindrances. While large corporations with substantial revenues were the targets, it is crucial to note that smaller businesses are equally, if not more vulnerable to such threats.

 On September 10, 2023, MGM Resorts International (NYSE: MGM) suffered a significant cyber incident. This breach resulted in a substantial portion of MGM’s systems being compromised, impacting operations at its Las Vegas casinos. Shortly before the MGM cyberattack, Caesars Entertainment (NASDAQ: CZR) reportedly acceded to a cybercriminal group’s demand, paying a ransom of around $15 million. This cyber criminal group, known as Scattered Spider (also recognized as Roasted 0ktapus or UNC3944), has been identified as an affiliate of the well-known BlackCat/ALPHV ransomware group. Scattered Spider is believed to be the entity responsible for both the MGM and the Caesars attacks. Upon breaching the networks, Scattered Spider was enabled to launch more aggressive assaults, including taking control of the single sign-on administration, eradicating backup files, and encrypting devices. Scattered Spider has been linked to previous digital attacks on various companies, including Cloudflare, Okta, and Twilio.

An Overview of the Breaches: Why do Hackers Appear to be Winning?

Ransomware attacks encompass the utilization of malicious software designed to encrypt a victim’s files or systems, compelling them to pay a ransom for decryption. Cybercriminals typically exploit vulnerabilities within a company’s network to infiltrate and compromise critical data. CBS News suggested that the MGM hackers employed social-engineering tactics to breach defenses. In such attacks, cyber perpetrators may masquerade as IT support personnel to obtain administrative access to an organization’s IT infrastructure, making detection challenging once this level of access is achieved.

Regarding the Caesars’ incident, reports indicate that the attack originated from a compromised third-party IT vendor linked to the company (a so-called supply chain attack) granting unauthorized access to Caesars’ loyalty program database containing sensitive information, such as driver’s license and social security numbers. 

The high success rate of ransomware and other malware attacks can be attributed to the predominant focus of many organizations on external threats, emphasizing defenses like endpoint detection and response (EDR) systems and measures against deceptive emails. Regrettably, they often lack the essential prevention protocols required to identify and thwart social-engineered threats or other cyberattacks meticulously crafted to circumvent these defenses. 

Implications Industry-Wide and Beyond:

The cyber intrusions at MGM and Caesars resonate far beyond the hospitality and gaming sectors, underscoring the critical need for implementing strong cybersecurity measures. Corporations of significant scale, such as MGM and Caesars, manage vast quantities of sensitive data and represent ideal targets for cyber threats. This breach acts as a stark reminder that every business is vulnerable to cyber assaults, especially smaller entities.

The impact of a successful cyberattack can extend well beyond the immediate incident resolution. An example of this is the MGM incident, which Moody’s Investors Service categorized as “credit negative.” Caesars expressed uncertainty regarding the hackers’ intentions or future actions post-incident, including the possibility of them selling or releasing stolen data. Both MGM and Caesars face the ongoing possible risk of cybercriminals distributing personally identifiable information (PII) on the Dark Web, even after meeting ransom demands.

For mid-market enterprises, it’s essential to recognize that existing endpoint detection and response (EDR) and cyber defenses, primarily focused on external threats, can be bypassed by criminal actors. This vulnerability, especially against a new generation of malware engineered to evade these defenses, leaves SMBs and mid-market enterprises susceptible to ransomware, zero-day attacks, and advanced cyber threats. 

Effectively detecting and responding to advanced cyberattacks necessitates deploying a comprehensive security solution, including extended detection and response services (XDR), endpoint detection and response (EDR) capabilities, managed detection and response (MDR) services, an advanced SIEM solution, and an intrusion detection and prevention system (IDS/IPS aka NDR), along with a threat intelligence platform in an integrated, comprehensive solution. However, mid-market enterprises often lack the budget required for this effective yet costly solution.

Why CloudJacketXi is the Solution:

At SECNAP Network Security, we understand that cyber threats can affect businesses of any scale, and we have developed a solution to address this significant problem. Our cutting-edge cybersecurity service, CloudJacketXi, is tailored to address the unique needs of SMBs to mid-market enterprises, at a price-point accessible to them. It unifies the crucial functionalities of XDR, EDR, SIEM, MDR, and NDR, providing a robust defense mechanism against a wide array of threats. Our threat intelligence platform, analyzed by a dedicated U.S.-based Security Operations Center (SOC) staffed with highly experienced cybersecurity experts, ensures unmatched protection.

SECNAP can prepare your business, train your staff against phishing threats, and help you implement comprehensive cybersecurity measures. With our CloudJacketXi, you not only gain advanced security tools but also a dedicated team committed to securing your digital landscape, allowing you to focus on driving your business to new heights. SECNAP’s additional solutions, such as our Cybersecurity Awareness Training, External Security Assessments, Internal Vulnerability Assessments, Web Application Assessments, Compliance Services, and Dark Web Monitoring can help you increase your cybersecurity resilience and defend against the constant onslaught of cybercriminals. Contact us today and bolster your cybersecurity defenses. Don’t wait until a breach occurs – act now and safeguard your business against evolving cyber threats.

Sources:
https://www.cybersecuritydive.com/news/mgm-resorts-discloses-cyber-SEC/693546/
https://www.reviewjournal.com/business/casinos-gaming/sec-rule-changes-the-game-could-shed-light-on-mgm-cybersecurity-issues-2903548/
https://www.reviewjournal.com/business/casinos-gaming/hacker-group-threatens-mgm-resorts-if-deal-is-not-reached-2904639/?utm_campaign=widget&utm_medium=parsely_related&utm_source=post_2903548&utm_term=Hacker%20group%20threatens%20MGM%20Resorts%20if%20%E2%80%98deal%20is%20not%20reached%E2%80%99
https://www.bleepingcomputer.com/news/security/mgm-resorts-shuts-down-it-systems-after-cyberattack/
https://www.investing.com/news/stock-market-news/caesars-and-mgm-suffer-significant-cybersecurity-breaches-93CH-3174407
https://www.linkedin.com/feed/update/urn:li:activity:7107828685046521857/
https://cybernews.com/security/caesars-palace-mgm-ransomware-attack-confirmed/
https://www.marketwatch.com/story/caesars-reportedly-paid-ransom-to-hackers-while-mgm-resorts-is-still-dealing-with-cyberattack-aacfd848?mod=mw_quote_news
https://www.cbsnews.com/philadelphia/news/mgm-caesars-hacked-data-breach-cyber-attack-atlantic-city-borgata-update/
https://www.nbcnews.com/tech/security/mgm-las-vegas-hackers-scattered-spider-rcna105238
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-144a
https://www.bleepingcomputer.com/news/security/mgm-casinos-esxi-servers-allegedly-encrypted-in-ransomware-attack/