Caesar’s Entertainment admits it was hacked in latest casino breach

Gaming giant Caesars Entertainment has confirmed it was breached by hackers, in an attack apparently perpetrated by Scattered Spider, the same ransomware gang that incapacitated systems at rival MGM Resorts International.

In a regulatory filing on Thursday, Nine cassino BR Caesars said it had identified the breach by September 7, just days before a separate ransomware attack on MGM knocked slot machines offline and disrupted other systems.

Caesars said hackers had accessed loyalty program member information, including driver’s license numbers and possibly social security numbers, for a ‘significant number of members in the database’. 

The casino agreed to pay roughly half of a $30 million ransom demanded by hackers to restore access to the company’s systems, according to The Wall Street Journal. 

In its public disclosure, Caesars did not explicitly acknowledge making a ransom payment, but alluded to unspecified ‘steps’ it has taken ‘to ensure that the stolen data is deleted by the unauthorized actor.’

Gaming giant Caesars Entertainment has confirmed it was breached by hackers, in an attack apparently perpetrated by the same ransomware gang that targeted MGM

Slot machines are seen offline at an MGM property earlier this week. Four days after the breach, MGM is still suffering disruptions

Caesars has not suffered any disruptions in its customer operations, unlike MGM, which appears to have refused all ransom demands and continues to grapple with the fallout four days after the attack began. 

‘One company seems to have paid, avoided disruption and, until now, media attention,’ Brett Callow, a threat analyst with cybersecurity firm Emsisoft, nine cassino br told on Thursday.

Referring to MGM, he added: ‘One company seems not to have paid, and is dealing with significant and ongoing disruption as well as a barrage of speculative media reporting based almost entirely on claims made by criminals.

‘It sends a clear message to future victims as to which is the least painful option and, unfortunately, may make all cybercriminals’ jobs a little bit easier in future.’

Neither Caesars nor MGM has responded to multiple requests for comment from this week. MGM has not acknowledged receiving ransom demands. 

Both breaches appear to be the handiwork of a hacker gang known as Scattered Spider, according to a Bloomberg News report citing four people familiar with the matter. 

The gang is believed to primarily be based in the US and UK, but is a known affiliate of the Russia-linked BlackCat/ALPHV ransomware group.

Scattered Spider primarily relies on social engineering to trick human targets into sharing their login credentials, such as through phony password resets, the security firm Crowdstrike said in a blog post in January. 

Caesars said in its disclosure that the breach originated ‘from a social engineering attack on an outsourced IT support vendor’ that the attack leveraged to gain control of its systems. 

Caesars agreed to pay roughly half of a $30 million ransom demanded by hackers to restore access to the company’s systems, according to the Wall Street Journal

MGM, which appears to have refused all ransom demands, continues to grapple with the fallout four days after the breach

Caesars added it is still investigating the extent of the data leak but has no evidence to date that any member passwords/PINs, bank account information or payment card information were accessed. 

Meanwhile, MGM is still grappling with disruptions from its breach, which the company first identified on Sunday.

In a statement on Thursday, the company said: ‘We continue to work diligently to resolve our cybersecurity issue while addressing individual guest needs promptly.

‘We couldn’t do this without the thousands of incredible employees who are committed to guest service and support from our loyal customers. Thank you for your continued patience.’ 

The fallout for MGM has been extremely costly, almost certainly running into the millions as the breach disrupts daily operations, from guest reservation systems to paid parking.

The company may also see a negative impact to its credit rating as a result of the breach, making borrowing more costly, analysts at Moody’s have warned. 

The FBI told on Wednesday that it is investigating the MGM incident, adding: ‘As this is an ongoing investigation, we are not able to provide any additional detail.’ 

MGM is the biggest employer in Nevada and owns a number of prominent casinos on the Strip, including ARIA, Mandalay Bay, the Bellagio, Luxor and MGM Grand.

Caesars, headquartered in Reno, owns a number of prominent Las Vegas hotels and casinos including Caesars Palace, Planet Hollywood, Flamingo and Horseshoe Las Vegas. 

Who are the Scattered Spider hacker gang?

Members of the Scattered Spider group are primarily young adults, some as young as 19, residing in the US and UK, according to Bloomberg.

Scattered Spider uses the hacking tools developed by the Russia-linked group known as BlackCat and ALPHV, which may indicate a business partnership between the groups to share in ransom payments. 

The gang, also known as UNC3944, has hit telecom and business process outsourcing companies in the past, but more recently also targeted critical infrastructure organizations, according to analyst reports. 

In a post on LinkedIn, Charles Carmakal, chief technology officer at Mandiant Intelligence, called Scattered Spider ‘one of the most prevalent and aggressive threat actors impacting organizations in the United States today.’

‘Many members are native English speakers and are incredibly effective social engineers,’ he wrote, nine Cassino referring to the tactic of duping human targets, including over the phone. 

‘They leverage tradecraft that is challenging for many organizations with mature security programs to defend against,’ Carmakal said. 

The main website for MGM Resorts remained down on Thursday morning, directing visitors to download the MGM Rewards app for dining reservations

Analysts say casinos are prime targets of financially-motivated ransomware gangs such as Scattered Spider. 

Ransomware gangs operate by infiltrating target organizations and encrypting their IT infrastructure, demanding payments which can run in the tens of millions of dollars in exchange for the encryption keys to restore access. 

But refusing to pay can also be costly for businesses, costing many millions in lost business, as well as remediation efforts to restore access and secure compromised systems.

‘Casinos are an attractive target for cyber extortionists,’ said Callow, the Emsisoft threat analyst. 

‘They have the means to pay ransoms and, because downtime is so expensive for them, they may have the motivation to pay too,’ he added.

‘MGM isn’t the first casino to be hit and, with ransomware numbers possibly at an all-time high, it’ll very likely not be the last.’

Join the conversation


Create an account

Bu formu doldurarak kişisel verilerinizin bu web sitesindeki deneyiminizi desteklemek, hesabınıza erişimi yönetmek ve gizlilik ilkesi sayfamızda açıklanan diğer amaçlar için kullanılacağını kabul etmiş sayılırsınız.

Password Recovery

Lost your password? Please enter your username or email address. You will receive a link to create a new password via email.