💰💣

MGM Resorts and Caesars Entertainment Security Incident

Late August and Early September 2023 830 days ago Resolved

Incident Overview

Situation Description

MGM Resorts and Caesars Entertainment experienced significant cyberattacks in late August and early September 2023, attributed to human error and social engineering tactics, leading to substantial financial losses and operational disruptions.

Event Types

Ransomware Malware / Destructive Attack

Industry Sector

Hospitality

Geographic Scope

nan

Response Actions

Took Systems or Services Offline Refused to Pay Ransom / Extortion Paid a Ransom Managed Public Narrative & Crisis Communications

Impact Analysis

Event Types (2 identified)

Ransomware Malware / Destructive Attack

Financial Impact

$0 USD

Records Affected

Data Types Compromised

PII (Personally Identifiable Information) Credentials

Primary Impacts

Financial Loss Operational Disruption Reputational Damage

Key Decisions Made

Caesars reportedly paid a $15 million ransom to the attackers.; MGM refused to pay the ransom, causing substantial interruptions to its operations.; Businesses are required to promptly report cyberattacks starting December 18th, according to new SEC regulations.

Technical Analysis

Attack Method

Social Engineering

Threat Actor Attribution

Scattered Spider ALPHV Black Cat

Vulnerability / Tool

Okta Azure

Additional Information

News and Insights Blog Subscribe Subscribe via Email December 06, 2023 Understanding the MGM and Caesars Cyberattacks: Lessons Learned Cyber 4 min read Allen Blount, National Cyber & Technology Product Leader, and Michael Tang, Associate Claims Director Facebook X (Twitter) LinkedIn Email Facebook X (Twitter) LinkedIn Email Many of todays increasingly devastating high-profile cyberattacks can actually be attributed to human error. The recent attacks on Caesars Entertainment and MGM Resorts stand as stark examples of this. Caesars reportedly paid a $15 million ransom to the attackers whereas MGM refused to pay, causing substantial interruptions to its operations. Between the attacks and lawsuits, the hospitality giants expect to lose hundreds of millions. Yet the alleged MGM hackers professed it only took a 10-minute phone call with IT to gain credentials that granted them access for the attack. Understanding how attacks like this happen can be key to keeping your business safe. Impacts of a Cyberattack Caesars and MGM have divulged little about the attacks. However, Forbes reports that Caesars was hit in late August by a group called Scattered Spider. In early September, a group called ALPHV, or Black Cat, infiltrated MGMs systems. Scattered Spider gained entry to Caesars system by deceiving a third-party IT support vendor. The group impersonated a Caesars employee and convinced the IT vendor to provide login credentials to Caesars access management provider, Okta. Similarly, ALPHV hacked MGM by using information from employee LinkedIn profiles to gain Okta and Azure access from MGMs IT department. The hackers promptly made ransom demands once they had control of the organizations systems and access to sensitive guest and employee information. Caesars reportedly paid the ransom, asserting that the event did not impact its operations. MGM, however, refused to pay, which forced the organization to shut down internal networks. This led to widespread havoc and...

... (truncated for display)

Quick Facts

Company:: MGM Resorts and Caesars Entertainment
Date:: Late August and Early September 2023
Status:: Resolved
Decision Maker:: nan
Position:: nan
Published:: 6/12/2023

Source Information

Original Query

Caesars Entertainment vs MGM Resorts ransomware response and recovery comparison

View Original Source

Timeline

Information Published

6/12/2023

Incident Occurred

Late August and Early September 2023 (830 days ago)

Status: Resolved

Estimated resolution based on age

Actions

View Company Profile

Navigation

Quick Stats