Travel TechnologyIt all began on LinkedIn: Hackers held US casino resorts to ransom after simple security breaches.

Humans are the weakest link in MGM cyberattack

By
|
The preferred tactic for ransom gangs is to use social engineering to gain access into the companies’ IT systems.
The preferred tactic for ransom gangs is to use social engineering to gain access into the companies’ IT systems. Photo Credit: Adobe Stock/arrow

Caesars Entertainment has revealed that the company paid off an organisation behind a ransomware attack that threatened its operations.

The hotel, entertainment and casino company said had it been the victim of “a social engineering attack on an outsourced IT support vendor used by the company”.

The attack on Caesars happened weeks prior to the most recent attack on MGM Resorts that has crippled MGM’s operations, forcing guests to wait hours to check in and disrupting electronic payments, digital key cards, slot machines, ATMs and paid parking systems.

Both companies appear to have been targeted by known ransomware-as-a-service groups, Forbes said.

ALPHV, also known as Black Cat, claimed responsibility for attacking MGM while an affiliated group that calls itself Scattered Spider hit Caesars.

Forbes said the preferred tactic for both ransom gangs is to use social engineering to gain access into the companies’ IT systems.

ALPHV reportedly claimed that it took 10 minutes to infiltrate MGM’s system after identifying an MGM tech employee on LinkedIn and then calling the company’s support desk. Scattered Spider gained entry to Caesars’ system by deceiving an employee at a third-party vendor.

“It’s bonkers,” Alex Waintraub, a cyber crisis management expert, who has worked on hundreds of ransom cases, told Forbes. “Companies are spending sometimes hundreds of millions of dollars on preventative care, detection care, protection care, endpoint detection response, and so on.

“And guess what? The simplest, unsophisticated ways are how the threat actors are getting in: Click on this link and type in your credentials.”

The continued success of social engineering as a tactic demonstrates that humans are often the weakest link in the chain, says Alex Hamerstone, advisory solutions director at TrustSec, an Ohio-based cybersecurity firm.

“If you’re designing a resilient IT infrastructure, calling one person and getting one password or link or whatever should not take down your whole company.”

The Wall Street Journal reported that Caesars paid a US$30 million ransom to regain control of its operations.

Cyberattacks were up globally 156% in the second quarter of 2023 compared to the first three months of the year, according to a report from the World Economic Forum.

Related NewsPreviousNext

Outlook: Fortune favours the bold
January - March 2024 eBook

As we firmly step into 2024, meet Asia’s most influential travel industry leaders and what they are keeping their eye on in the year ahead

Read Now



Popular Today

Top Stories

Silversea’s luxury expedition cruises fulfill bucket-list dreams by granting exclusive access to breathtaking destinations in the polar regions that are only accessible by sea.From pole to pole: Epic ways to discover the world’s most remote corners
Kayaking in El Nido, Palawan, Philippines.The supercharged guide to the Philippines
Elegance meets excellence in a guestroom at Dai-ichi Hotel Tokyo, a member of WorldHotels Elite and a local landmark in the Japanese capital.Seasonal wonders: Secrets and tips for a unique Japan holiday
Macao is one of the top concert destinations for musicians and performers, thanks to its location, world-class infrastructure, and unique cultural appeal.Why Macao is the next stop for top-notch concert experiences

Copyright © 2024 Northstar Travel Media, LLC. All Rights Reserved. Northstar Travel Media Singapore Pte Ltd, 91 Bencoolen Street #04-08, Singapore 189652, Contact number: +65 6801 0450

JDS Travel News JDS Viewpoints JDS Africa/MI