Author: Summer Stratton, Digital Marketing Manager
Las Vegas is known for its dazzling casinos, entertainment, and nightlife. But recently, MGM Resorts International was hit by a cyberattack that disrupted some of the most iconic casino hotels, such as the Bellagio, Mandalay Bay, and the Cosmopolitan. The hackers stole customer data, locked out guests from their rooms, and demanded ransom to restore the systems. How did this happen and what can businesses learn from this incident?
The cyberattack was carried out by a group of hackers known as Scattered Spider, who used a combination of techniques to breach the computer systems of the casinos. According to security experts, the hackers used:
- Social engineering: The hackers tricked an IT support contractor into giving them access to the customer loyalty program database of Caesars Entertainment, where they stole Social Security numbers and driver’s license numbers of thousands of customers.
- Spearphishing: The hackers sent personalized emails that looked like they were from trusted sources, such as vendors or executives, and lured the recipients into clicking on malicious links or attachments that installed malware on their computers.
- Malware: The hackers used ransomware, a type of malware that encrypts the data on the infected systems and demands payment for the decryption key. The ransomware also disabled the digital keys that guests used to access their rooms, as well as the payment systems and reservation systems.
- Typosquatting: The hackers registered domains that were similar to the legitimate ones of the casinos, such as mgmresorts.com instead of mgmmresorts.com, and used them to send phishing emails or host fake websites that mimicked the real ones
The cyberattack caused significant financial and reputational damage to the casinos, as well as inconvenience and frustration to their guests. The casinos had to shut down some of their operations, offer refunds or compensation to their customers, and pay for the recovery and restoration of their systems. The casinos also faced potential lawsuits and regulatory fines for failing to protect their customer data.
The cyberattack also exposed the vulnerabilities of the casino industry, which relies heavily on digital technology to run its business. The casinos have large amounts of customer data, such as credit card numbers, personal information, and gambling habits, that are attractive to cybercriminals. The casinos also have complex networks that connect multiple devices, such as slot machines, cameras, kiosks, and sensors, that can be exploited by hackers. Moreover, the casinos have a high turnover rate of employees and contractors, who may not be trained or vetted properly on cybersecurity.
So how can businesses prevent themselves from falling victim to similar cyberattacks? Here are some cybersecurity best practices that businesses can follow:
- Train your employees: Employees are often the weakest link in cybersecurity, as they may fall for phishing emails or use weak passwords. Businesses should educate their employees on how to identify and report suspicious emails, use good internet browsing practices, avoid suspicious downloads, enable authentication tools (e.g., strong passwords, multi-factor authentication), and protect sensitive data.
- Secure your networks: Businesses should safeguard their internet connection by encrypting data and using a firewall. They should also secure their Wi-Fi network by hiding it from public view, password-protecting it, and using a virtual private network (VPN) for remote access.
- Use antivirus software and keep all software updated: Businesses should equip all their devices with antivirus software and update them regularly. They should also install patches and updates for all their software applications to fix security problems and improve functionality.
- Prevent typosquatting: Businesses should register domains that are similar to their own and set up alerts for any domain name changes. They should also use email verification protocols for any requests involving money or sensitive information.
- Develop an incident response plan: Businesses should prepare for a possible cyberattack by creating a written incident response plan (IRP) that outlines the roles and responsibilities of different team members, the steps to take before, during, and after an incident, and the communication channels to use with internal and external stakeholders.
Cybersecurity is not a one and done event but an ongoing process that requires constant vigilance. By following these best practices, businesses can reduce their risk of cyberattacks and protect their assets and reputation.
Remember: always verify before you trust.