MGM Resorts International faced a major disruption due to a "cybersecurity issue." Customers experienced significant inconveniences, from inoperable slot machines to challenges with digital room key access. Although MGM Resorts did not dive deep into specifics, they were quick to assure that their resorts "continue to deliver the experiences for which MGM is known." Despite their efforts to control the narrative, the larger concern hinged on the underlying cause. Dr. Greg Moody, an associate professor of information systems and cybersecurity at the University of Nevada, Las Vegas, posited that such "cybersecurity issues" typically point towards a malicious cyber attack.
Fast on the heels of the MGM episode, news broke about another Las Vegas titan, Caesars Entertainment Inc. This prominent entertainment company allegedly paid tens of millions of dollars to hackers following a breach. In an even more chilling revelation, this breach was orchestrated by a group identified as Scattered Spider or UNC 3944. Notably adept at social engineering, this group initiated their attack on Caesars by first infiltrating an external IT vendor.
A distinct feature of Scattered Spider’s modus operandi lies in its composition. Some members of this hacking group are reportedly young adults, with a few being as young as 19, primarily residing in the US and the UK. Their demands typically revolve around cryptocurrency ransoms, either to unlock encrypted computer files or, as in Caesars' case, to prevent the release of stolen data.
The troubling sequence of events raises several questions. Foremost among them: Why the targeting of casino and entertainment giants? Dr. Arthur Salmon, director of the cybersecurity program at the College of Southern Nevada, shed light on this, suggesting that certain industries face elevated risks. Utility companies, hospitals, and casinos are prime targets due to the high stakes involved - be it public complaints, life-threatening disruptions, or the potential reputational damage stemming from leaked customer information.
As these incidents unfold, they offer a somber reflection on the evolving landscape of cyber threats. As Dr. Salmon aptly put it, “Their security team has to be right 100 percent of the time... The attacker just has to be right once.” As Las Vegas reels from these back-to-back cyber incidents, one can only hope that other establishments take note, tightening their defenses and preparing for what seems to be an escalating wave of sophisticated cyber threats.
Trusted by industry-leading organizations across the globe.
Welcome to the new age of predictive cybersecurity.
Leverage the power of AI to discover and prioritize cybersecurity risks, vulnerabilities and misconfigurations across your entire environment