A Tale of Two Casinos

for now these are my preliminary notes on the Caesars/MGM events and I'll be doing a write-up soon.

Caesars

• breached August, 2023
• initial vector was social engineering of third-party
• Scattered Spider
• ransom/data-leak threat modus operandi
• $30m initial ransom request
• $15m paid ransom
• no operational impact

MGM

• breached September, 2023
• initial vector was social engineering
• ALPHV/BlackCat [2,3]
• unknown modus operandi
• unknown initial ransom request
• no ransom paid
• operations impacted Sept 10-18 and beyond
• "Moody’s Investors Service warned that the attack could hurt the company’s credit." [1]
• ALPHV still has a foothold in MGM's environment as of 9/14 [3]
• breach cost between $4.2m and $8.4m/day -- $33-67 million as of the 18th -- actual costs are likely higher [4]

[1] https://www.marketwatch.com/story/mgms-and-caesars-updates-on-cyberattacks-leave-customers-wanting-to-know-more-c2859f59?mod=mw_quote_news

[2] https://www.reuters.com/business/caesars-entertainment-paid-heavy-ransom-after-cyberattack-bloomberg-news-2023-09-13/?rpc=401&

[3] https://www.reddit.com/r/cybersecurity/comments/16iubsc/alphv_blackcat_just_released_an_annoucement_about/

[4] https://www.dailymail.co.uk/news/article-12531567/MGM-Resorts-cyberattack-Las-Vegas.html