MGM and Caesars Attacked, Forced to Pay Millions in Ransom by Infamous Group

MGM and Caesars have been disrupted by a series of cyberattacks from a group of young hackers called “Scattered Spider,” an SEC regulatory filing confirmed.

MGM claims that it has dealt with the issues caused by the attacks, but it reportedly still had problems with slot machines and hotel communications as recently as this week. Caesars confirmed in a filing published Thursday that it also dealt with a variety of issues when it was attacked in August.

The FBI has already joined the investigation. Until a resolution is reached, alternatives to modern approaches, such as cash-only transactions, will become the norm.

According to Bloomberg, Caesars paid half of a requested $30 million ransom to the hackers after its systems were breached.

The hackers performed what the casino company referred to as a “social engineering attack.” A member of the group masqueraded as a casino employee and was able to get a representative of a tech company to change the log-in password, thus granting them access to a trove of privileged information, including driver’s license numbers and social security numbers.

“We have taken steps to ensure that the stolen data is deleted by the unauthorized actor, although we cannot guarantee this result,” Caesars said in its SEC filing. “We are monitoring the web and have not seen any evidence that the data has been further shared, published, or otherwise misused. Nonetheless, out of an abundance of caution, we are offering credit monitoring and identity theft protection services to all members of our loyalty program.”

Scattered Spider also allegedly demanded a payment from MGM, Fortune reported. It is unknown what their asking price was and which databases and systems they were able to access.

Moody’s, an international finance group, said that MGM’s heavy reliance on tech and the resultant attacks could hurt its credit rating.

Caesars and MGM have estimated net worths of a combined $26.6 billion. They also have large customer bases and extremely valuable, privileged information, which made them attractive targets for the hackers.

There is little confirmed information available about Scattered Spider, but it is believed to be comprised of English-speaking 19-22-year-olds in England and the U.S.

Scattered Spider frequently uses social engineering techniques to aid its attacks. Social engineering is the act of using trickery or deceit to help obtain access to back-end systems, such as what they did with the Caesars hack.

The group is also credited with attacks on various telecommunications and business entities.

Scattered Spider used social engineering in a brief phone call with MGM to launch its attack. After posing as IT workers on LinkedIn, they called the company’s help desk and were able to convince them to allow them access to the backend systems.

Several outlets have suggested that a faction of Scattered Spider known as ALPHV, or Blackcat, was behind the attacks.

The Cybersecurity and Infrastructure Security Agency said in April 2022 that ALPHV had “compromised at least 60 entities worldwide,” thus labeling the group as dangerous and highly potent.

MGM reported $1.2 billion in revenue across its hotels and casinos during the most recent quarter ending June 30, and it can afford to pay a ransom. But the greater issue is the vulnerability of its (and Caesars’) systems.

“Casinos around the world should be on heightened alert because ransomware groups love it when they get this kind of attention, so we will likely see copycats,” Allan Liska, an intelligence analyst for security firm Recorded Future, told Reuters.