Caesars Entertainment has revealed that the company paid off an
organisation behind a ransomware attack that threatened its operations.
The hotel, entertainment and casino company said had it been the
victim of “a social engineering attack on an outsourced IT support
vendor used by the company”.
The attack on Caesars happened weeks prior to the most recent attack
on MGM Resorts that has crippled MGM’s operations, forcing guests to
wait hours to check in and disrupting electronic payments, digital key
cards, slot machines, ATMs and paid parking systems.
Both companies appear to have been targeted by known ransomware-as-a-service groups, Forbes said.
ALPHV, also known as Black Cat, claimed responsibility for attacking
MGM while an affiliated group that calls itself Scattered Spider hit
Forbes said the preferred tactic for both ransom gangs is to use
social engineering to gain access into the companies’ IT systems.
ALPHV reportedly claimed that it took 10 minutes to infiltrate MGM’s
system after identifying an MGM tech employee on LinkedIn and then
calling the company’s support desk. Scattered Spider gained entry to
Caesars’ system by deceiving an employee at a third-party vendor.
“It’s bonkers,” Alex Waintraub, a cyber crisis management expert, who
has worked on hundreds of ransom cases, told Forbes. “Companies are
spending sometimes hundreds of millions of dollars on preventative care,
detection care, protection care, endpoint detection response, and so
“And guess what? The simplest, unsophisticated ways are how the
threat actors are getting in: Click on this link and type in your
The continued success of social engineering as a tactic demonstrates
that humans are often the weakest link in the chain, says Alex
Hamerstone, advisory solutions director at TrustSec, an Ohio-based
“If you’re designing a resilient IT infrastructure, calling one
person and getting one password or link or whatever should not take down
your whole company.”
The Wall Street Journal reported that Caesars paid a US$30 million ransom to regain control of its operations.
Cyberattacks were up globally 156%
in the second quarter of 2023 compared to the first three months of the
year, according to a report from the World Economic Forum.