The recent revelation that both Caesars Entertainment and MGM Resorts International, two major Nevada casino operators and prominent players in the U.S. hospitality industry, fell victim to sophisticated cyberattacks within weeks of each other has raised significant concerns within the industry. Caesars Entertainment reportedly paid a substantial ransom to hackers to prevent a data breach, while MGM Resorts continues to grapple with a major cyberattack affecting various systems.
Caesars Entertainment’s Ransom Payment:
Caesars Entertainment, which operates well-known casinos like Caesars Palace and Harrah’s, faced a cyberattack at the end of August. The company reportedly paid hackers tens of millions of dollars to prevent the release of sensitive company data. The exact amount paid remains a topic of debate, with some sources suggesting it was approximately half of the $30 million initially demanded. Caesars made this move to safeguard its data, minimize disruption, and avoid a potential public relations crisis.
MGM Resorts Cyberattack:
MGM Resorts, the largest gambling operator in the United States, has been dealing with a significant cyberattack affecting various systems, including credit card transactions, digital hotel room keys, slot machines, and sports betting kiosks. The ransomware gang ALPHV/BlackCat has claimed responsibility for this attack, impacting the company’s operations and causing guest inconveniences. Despite MGM’s claims of full operational recovery, guests continue to report issues.
The Hackers Behind the Attacks:
The cyberattack on Caesars Entertainment is attributed to the hacking group Scattered Spider. The MGM Resorts attack is believed to involve two groups: Scattered Spider and ALPHV/BlackCat. Social engineering, a method involving manipulation and interaction with employees to gain access to internal systems, may have been used in both attacks.
Business Response to Ransom Payments:
Paying hackers, while ethically contentious, can sometimes be the most pragmatic business decision in the face of cyberattacks. Such incidents can negatively impact a company’s stock value and credit rating, as seen with MGM Resorts. Prevention remains the most effective strategy to avoid such breaches.
Growing Threat of Digital Extortion:
These cyberattacks underscore the increasing threat of digital extortion in the modern era. The recent hacking of cryptocurrency offshore casino Stake.com, likely perpetrated by a North Korean state-sponsored group, further highlights this concern. Companies, regardless of their size, must prioritize cybersecurity to protect their systems from malicious actors.
Future Implications:
In response to these incidents, Caesars Entertainment is expected to make an official disclosure to the Securities and Exchange Commission (SEC) regarding the hack, following recent SEC rule changes mandating public companies to report cyberattacks and ransom payments to hackers. MGM Resorts continues its efforts to mitigate the effects of the cyberattack and restore full functionality.
The cybersecurity challenges faced by Caesars Entertainment and MGM Resorts serve as a stark reminder of the need for robust prevention measures in the face of growing cyber threats. The casino industry, like other sectors, must prioritize cybersecurity to safeguard sensitive data and operations.