Skip to content

Cybercrime Group Targets Gaming Giants: Caesars Pays $15 Million Ransom

September 14, 2023 – Published on Enterprise Security Tech

In the latest blow to the casino industry’s cybersecurity, Caesars, a major casino operator, reportedly paid a $15 million ransom to a cybercrime group just days before a cyberattack targeted MGM Resorts. Sources familiar with the situation revealed that the same group that attacked MGM had also demanded a $30 million ransom from Caesars, although the company negotiated to pay roughly half of that amount. While the costs will be partly covered by Caesars’ cyber insurance, the incident was deemed a “material event,” requiring disclosure in a U.S. Securities and Exchange Commission (SEC) filing.

These back-to-back high-profile attacks highlight the growing threat landscape faced by the gaming industry. The cybercrime group responsible for both incidents, identified as UNC3944 or Roasted 0ktapus, has been linked to other cyberattacks on companies. Security experts warn that despite the group’s relative lack of experience compared to established ransomware groups, they pose a serious threat, given their effectiveness as social engineers and native English-speaking abilities.

Drew Schmitt, Practice Lead, GuidePoint Research and Intelligence Team (GRIT) at GuidePoint Security, shared insights on the incident and the threat group:

“Scattered Spider (aka Roasted 0ktapus, UNC3944) is well known for its affinity for large targets, and the victimization of MGM and Caesars proves that the group possesses the motivation and means to be successful in their operations targeting substantial organizations. Scattered Spider is well known for having very well-established social engineering capabilities that many groups do not, mainly because they are rumored to have a significant presence in the United States, a characteristic many other groups do not share. Scattered Spider is exceptionally persistent and technically competent at many techniques, including phishing, SMiShing, MFA bombing, and SIM swapping, which have all contributed to their successful social engineering campaigns. Recently, there have been increasing speculations that Scattered Spider has partnered with AlphV on several occasions to extort the organizations they have victimized successfully.

Regarding the MGM hack, there has been a lot of emphasis on the fact that a brief social engineering phone call resulted in widespread compromise within a huge organization. We currently do not have the complete picture, and although this method of intrusion highlights some potential gaps in cybersecurity processes, there is likely much more to this intrusion than meets the eye. Scattered Spider is highly determined and persistent in their operations; if it wasn’t for this social engineering attempt, it could have been another that relied on more technical means. Sometimes attackers get lucky, and this could be one of those times.

The reality of this situation is that Caesars and MGM were enormous organizations that became victims of ransomware. Still, so far in 2023, there have been over 2,800 public ransomware victims posted across leak sites belonging to more than 52 different threat actors. This number doesn’t include the victims that pay a ransom demand, a number which organizations like Caesars would belong to. The ransomware pandemic continues to be the most prolific threat that all industries and organizations, regardless of size, face. The Caesars and MGM hacks are a reminder that partnerships in intelligence sharing and investing in cybersecurity teams should be a significant topic of discussion for all organizations and that, as an industry, we need to continue moving fast to keep up with evolving threats.”

Read More HERE.