Cybersecurity related to Las Vegas Strip casino operators has seemingly become vulnerable, with MGM Resorts International having fallen prey to a multi-pronged cyber attack. Its competitive company, Caesars Entertainment, will shortly come out with its revelation of having been the victim of a ransomware crime.
Some unknown informants who are aware of the case spoke to Bloomberg and divulged the fact that it was Scatter Spider, a hacking group also known as UNC 3944, who was responsible for targeting Caesars. It was a ransomware entry, and the hackers managed to extract an undisclosed amount. As per the guessing games doing the rounds, it is presumed that Caesars paid out to the tune of approximately $30 million.
According to the latest regulations put in place by the Securities and Exchange Commission (SEC), publicly traded businesses are required to divulge material events to investors, and cyber ransom is one of them. These reports are carried out through Item 1.05 Form 8-K, which will be filed shortly by Caesars.
As of now, MGM has not come out with any official statement that it has fallen prey to a ransomware attack. However, some skeptics are certain that there are apparent signs that the company has experienced a ransomware attack. It is also being presumed that Scatter Spider was not responsible for the MGM attack. As per reports from the media, the cyber attack on MGM took place with the hacker playing the role of a present MGM employee and utilizing that to obtain technical identity from MGM’s IT wing.
According to the casino news, Scatter Spider has supposedly carried out the hacking of Caesars through an external supplier to the company. As per sources from Bloomberg, this is being seen as the modus operandi of Scatter Spider to enter Caesars network, which apparently began sometime in August 2023.
In the case of MGM and Caesars Entertainment, they are known to be the two largest operators on the Las Vegas Strip. They are credited with having expansive portfolios related to local casinos throughout the US.
Caesars has not come out with the enormity of the financial loss of the cyber breach, and neither has MGM admitted to the ransomware theory. Moody’s Investors Service considers the MGM attack as a ‘credit negative’ event and focuses on the vulnerability in MGM’s business functions and its dependence on technology. Further risk factors related to MGM, in the opinion of Moody’s, are the supposed income loss when the systems were deactivated, the adverse impact on its image, and the costly investigative process that will soon begin.