A security executive with knowledge of the situation revealed that the hackers who recently infiltrated the systems of prominent casino giants, MGM Resorts International and Caesars Entertainment, have also targeted three other companies operating in the manufacturing, retail, and technology sectors.
The wider scope of the cyberattack strings
David Bradbury, the Chief Security Officer of Okta, an identity management company, disclosed that since August, five of Okta’s clients, including MGM and Caesars, have fallen victim to hacking groups known as ALPHV and Scattered Spider.
While Bradbury did not disclose the names of the other affected companies, he emphasised that Okta is actively cooperating with official investigations related to these security breaches.
These cyberattacks have once again drawn attention to ransomware attacks, which impact numerous companies each year, spanning industries from healthcare to telecommunications. As a result of these breaches, both MGM and Caesars witnessed a decline in their market value, and MGM continues to grapple with operational disruptions at its hotels and gaming establishments across locations, including Las Vegas and Macau.
Okta, headquartered in San Francisco and boasting a global clientele of over 17,000 customers, specialises in providing identity services, such as multi-factor authentication, to enhance the secure access of users to online applications and websites. The detection of multiple breaches among its clients prompted Okta to issue a warning last month, according to Bradbury, who emphasised the need to share insights with the broader industry due to the rapid occurrence of these incidents.
Details of the cyberattack – Caesars joins the list besides MGM Resorts
Recently, Caesars Entertainment, a prominent player in the casino industry, made headlines alongside its Las Vegas counterpart, MGM Resorts International, as they both disclosed being targeted in a cyberattack. In their official report submitted to the federal Securities and Exchange Commission, Caesars assured the public that, fortunately, the attack had not disrupted their casino and online operations.
However, there’s a catch. Caesars, headquartered in Reno and publicly traded, expressed their inability to provide an ironclad guarantee regarding the safety of personal information belonging to tens of millions of their valued customers. This vulnerability emerged following a data breach on September 7th, raising concerns about the exposure of driver’s licence and Social Security numbers belonging to members enrolled in their loyalty rewards program.
It’s worth noting that, even as this cybersecurity incident unfolds, Caesars has been actively expanding its horizons. In May, they launched the temporary Danville Casino, a strategic move while they work on the construction of a grand $650 million resort in the Schoolfield area.
“We have taken steps to ensure that the stolen data is deleted by the unauthorised actor,” the company said, “although we cannot guarantee this result.”
“Unofficially, we saw a group called Scattered Spider claimed responsibility,” Callow said. “They appear to be native English speakers under the umbrella of a Russia-based operation called ALPHV or BlackCat.”
“Scattered Spider also is known as UNC3944,” said Charles Carmakal, Chief Technical Officer at cybersecurity firm Mandiant. He called the group “incredibly disruptive and aggressive” in recent targeting of hospitality and entertainment organisations.
“They leverage tradecraft that is challenging for many organisations with mature security programs to defend against,” Carmakal said in a statement.
Mandiant said in a blog analysis published Thursday the group uses SMS text phishing and phone calls to help desks to attempt to obtain password resets or multifactor bypass codes.
“This relatively new entrant in the ransomware industry has hit at least 100 organisations, most of them in the U.S. and Canada,” Mandiant said.
Caesars and MGM Resorts respond
Caesars, a global casino behemoth, proudly holds the title of the world’s largest casino owner. Boasting over 65 million Caesars Rewards members and a vast presence spanning 18 states and Canada, they operate under well-known banners like Caesars, Harrah’s, Horseshoe, and Eldorado. Their portfolio also extends to mobile and online gaming, along with sports betting. Notably, company representatives remained tight-lipped, declining to respond to inquiries sent by The Associated Press via email.
In response to the breach, Caesars took swift action. They informed the SEC that they were actively offering credit monitoring and identity theft protection to their loyal customers enrolled in their rewards program. Fortunately, there is no evidence to suggest that the intruder gained access to member passwords or sensitive financial information like bank accounts and payment card details. Caesars affirmed that both their casino and online operations remain unscathed by this incident, continuing without disruption.
Caesars’ disclosure closely followed MGM Resorts International, the largest casino conglomerate in Las Vegas, publicly sharing its own encounter with a cyberattack. The company detected the breach on a Sunday, prompting them to swiftly shut down computer systems at their properties nationwide in a bid to safeguard sensitive data.
This proactive measure had repercussions felt by customers; Las Vegas casino floors and reservations were impacted, with social media abuzz about credit card transaction failures, inaccessible cash machines, and locked hotel room doors. Even video slot machines sat dormant.
MGM Resorts boasts approximately 40 million loyalty rewards members and oversees tens of thousands of hotel rooms across Las Vegas, including iconic establishments like the MGM Grand, Bellagio, Aria, and Mandalay Bay. Their reach extends beyond U.S. borders, with properties also operating in China and Macau.
In a company report filed with the SEC on Tuesday, they referred to their Monday news release regarding the cyberattack. The FBI confirmed an ongoing investigation but provided no further details.
As of Thursday, several of MGM Resorts’ computer systems remained offline, including those handling hotel reservations and payroll. Despite this setback, company spokesperson Brian Ahern assured that their workforce, comprising 75,000 employees in the U.S. and overseas, would receive their pay on schedule.
Speaking from British Columbia, Canada, Callow emphasised the speculative nature of most media reports regarding these incidents. He noted that the information seemed to originate from the same entities claiming responsibility for the attacks. Callow highlighted that recovering from cyberattacks could be a protracted process, spanning months.
Callow also drew attention to reports he deemed “plausible,” suggesting that Caesars Entertainment might have been asked for a $30 million ransom to secure its data and possibly paid $15 million. Notably, he pointed out that the SEC report from Caesars did not detail the measures taken to ensure the safety of the stolen data.
The largest known ransom paid to cyber attackers to date stands at $40 million, involving insurance giant CNA Financial. This payment followed a data breach in March 2021.
“In these cases, organisations basically pay to get a ‘pinky-promise,’” he said. “There is no way to actually know that (hackers) do delete (stolen data) or that it won’t be used elsewhere.”
Get ready for SiGMA Curaçao!
SiGMA Curaçao is right on the horizon, and in less than a week, it’s all set to kick off. Mark your calendars for September 25th to 28th, as this exciting event is brought to you by the Ministry of Finance in collaboration with SiGMA Curaçao.
Don’t miss out on this fantastic opportunity to become a part of something truly exceptional at SiGMA Curaçao. During this event, you’ll have the chance to gain priceless insights into the latest developments in gambling regulations, immerse yourself in the dynamic world of iGaming, and forge connections with influential figures within Curacao’s thriving industry.