Be part of the tech and startup scene

Tech Alley News

MGM Resorts and Caesars Cyberattacks:

Person in a black hoodie working on a laptop with multiple montors.
Michael Andrewes
September 19, 2023

With MGM Resorts having their gaming floors, payment systems, rewards systems, and other key systems disrupted by a cyberattack that started on September 10, 2023, Las Vegas locals and visitors have been paying a lot closer attention to cybersecurity than they typically would. Shortly after we realized MGM Resorts was having a major system disruption, news platforms began reporting that Caesars was dealing with a similar issue and had already paid a $15 million dollar ransom to a hacker group, which was half of what the group was demanding.

While it’s normal for people to take something more seriously once they can see a tangible example of it happening, cyberattacks have been a growing issue for quite some time now. According to IBM’s “Cost of a Data Breach 2023” report, the global average total cost of a data breach is now $4.45 million dollars, with the average breach taking 204 days to be identified and 73 days until it is contained. While this 78-page report is full of wild stats, these three are mind-boggling to consider, all on their own. How many companies can afford a breach that costs even a fraction of $4 million? Can company data be trusted once we know a hacker was living and breathing within the system for over six months? It’s not good.

It’s not confirmed yet, but the current explanation for the MGM Resorts breach was that the hackers found an employee profile on LinkedIn then pretended to be them in order to trick a helpdesk employee to hand over credentials, which were then used to conduct this cyberattack. This is what we call social engineering. Kaspersky defines social engineering as “a manipulation technique that exploits human error to gain private information, access, or valuables”. Social engineering has been a popular strategy for quite a while now. Why? People keep falling for these tactics, so there’s no reason for hackers to stop. If you’re involved with crypto, you or someone you know may have fallen victim to this through either an X (formerly Twitter) or Discord DM link to a phishing site that ends up draining your crypto assets.

What can be done about this? Well, to start, be skeptical of everything! Unless it’s a blood relative or longtime friend, it’s safe to assume that the link or file you received from your internet acquaintance is malicious, until you’re sure it is legitimate. Secondly, implement two-factor authentication (2FA) using a hardware key or at minimum, a smartphone-based authenticator app such as Google Authenticator. This way, even if someone gets your password or pin, your account will remain safe unless the hacker somehow gets access to your hardware key or authenticator app. The third and final safeguard we’ll cover is data backups. If you want to greatly increase the chances of keeping your data available, it should be backed up in a location that will not be impacted if you lose access to your primary file location.

In closing, the time to take cybersecurity seriously is today. Don’t wait until things go wrong. Proactive cybersecurity is much easier and less expensive. The resources on how to manage your cybersecurity are readily available online and can be found via web search, ChatGPT query, or YouTube video. There are also working groups, resources from the Cybersecurity and Infrastructure Security Agency (CISA), and a long list of managed service providers and consulting groups that can help. If you have questions, feel free to ping me at the local startup events, on LinkedIn, or via email.

Michael Andrewes
Michael Andrewes is the Yastis Founder and Lead Cybersecurity Consultant, helping small to mid-sized tech-enabled US businesses decrease cyber risk and increase regulatory compliance.
Share Your Story
Magazine Cover Jeanine CollinsMagazine Cover Yeves Perez