Others

"Social engineering’ proves powerful tool in casino cyberattacks", experts say

Monday 18 de September 2023 / 12:00

⏱ 3 min read

(Las Vegas).- The apparent cyberattack that hobbled MGM Resorts International this past week is the latest in a string of high-profile security breaches to befall Las Vegas casinos in recent months.

"Social engineering’ proves powerful tool in casino cyberattacks", experts say

As MGM deals with what it has called a “cyber issue,” the gaming and hospitality giant apparently hasn’t been the only one to be targeted by potentially devastating cyber criminals lately. Caesars Entertainment also paid tens of millions to hackers to prevent them from releasing stolen data, Bloomberg reported Wednesday.

But the casinos have always been targets for robbers, fraudsters, hackers and, of course, cheaters. It’s just the way they’re being targeted that continues to evolve, experts say. Which means the gaming industry as a whole will have to keep evolving to avoid being further victimized by such high-stakes shakedowns.

Hackers claiming responsibilty for the MGM outage claimed they compromised the company’s infrastructure through simple social engineering, rather than unleashing ransomware.

The hacker gang ALPHV, also known as BlackCat, said that it had breached the gaming giant with a simple phone call, according to a post on X from malware repository vx-underground.

Then on Thursday, the group said it would unleash ransomware on the company’s computer systems “if a deal is not reached.”

While MGM has avoided the term cyberattack, the company has not commented on the cause of its computer failures, although the FBI confirmed earlier in the week that it was investigating the matter.

“I think this is kind of a bit of a never-ending story, as criminals find new ways to enact their crimes,” said Alan Feldman, who is the Distinguished Fellow in Responsible Gaming for UNLV’s International Gaming Institute. “So it’s a constant evolution of security systems, protocols and technologies.”

Although July was a month of record revenues for Nevada casinos, September has obviously been a month of headaches for MGM Resorts International. On Sept. 1, a hotel operations manager at MGM’s Aria turned himself in to the Metropolitan Police Department amid allegations he stole over $773,000 between July 2022 and July 2023 by issuing more than 200 false refunds to his debit card.

In June, Circa became victim to a so-called impostor scam. Downtown Las Vegas’ biggest hotel was swindled out of $1.17 million after an employee was duped into believing she was delivering bags of cash to two men at four different locations on behalf of one of the hotel’s owners.

Erik Gutierrez Martinez, a 23-year-old man who was living in an east Las Vegas trailer park with his aunt, was also accused of involvement in similar casino-targeting con jobs.

If MGM is indeed facing a cyberattack, as appears to be the likely scenario, and the reports about Caesars are true, the common thread, along with the Circa heist, would be social engineering, which basically refers to the component of hacking that involves human interaction.

To combat hacking, experts say, companies and government agencies need to be aware of and vigilant against this human element.

Social engineering happens when hackers are able to exploit vulnerabilities in a targeted company’s or government institution’s systems by deceiving an employee or employees into divulging information or allowing access, whether it be by phone, email or some other means.

“From what I’ve seen with these threat actors, that’s their main MO. That’s what they do,” said Alex Waintraub, a cybersecurity expert at CYGNVS Inc., whose mission is to help other companies navigate cyber crises. “They use the least sophisticated tactic there is, the human, to actually get into environments and and cause cyber havoc.”

Mehmet Erdem, professor of hotel operations and technology at UNLV, said that by and large Las Vegas casinos are generally good about security, and are forever playing catch-up in their efforts to beat the hackers whose techniques are constantly evolving.

 

By Brett Clarkson

Categoría:Others

Tags: Sin tags

País: United States

Región: North America

Event

PERU GAMING SHOW – PGS 2026

17 de June 2026

APADELA and the Future of Sports Betting in Peru Following Regulation

(Lima, SoloAzar Exclusive).- During the Peru Gaming Show 2026, Gonzalo Rosell, President of the Peruvian Association of Online Sports Betting and Related Activities (APADELA), analyzed the current state of the Peruvian remote gaming and sports betting market following the implementation of the regulatory framework. In his presentation, “Current Situation of the Remote Gaming and Sports Betting Industry Post-Regulation in Peru,” the executive highlighted the tax challenges facing the formal industry and called for a review of the selective consumption tax.

Friday 10 Jul 2026 / 12:00

Beyond Compliance: New Challenges in Anti-Money Laundering for the Gaming Industry

(Lima, SoloAzar Exclusive).- At Peru Gaming Show (PGS) 2026, Carlos Hermoza Horna, Founder & Managing Partner at CompliLab Legal Latam, delivered a conference focused on how anti-money laundering (AML) compliance in the gaming sector must evolve beyond regulatory obligations. His presentation highlighted the growing sophistication of financial crime, the importance of technology, and the need to build a genuine compliance culture across gaming organizations.

Thursday 09 Jul 2026 / 12:00

Matías Magallón, CEO of ALPS after PGS 2026: "The industry's conversations are becoming more mature"

(Lima, SoloAzar Exclusive).- Following its participation at Peru Gaming Show 2026, ALPS CEO Matías Magallón discusses the company's objectives in Peru, the industry's evolving priorities and the opportunities emerging across Latin America.

Wednesday 08 Jul 2026 / 12:00

SUSCRIBIRSE

Para suscribirse a nuestro newsletter, complete sus datos

Reciba todo el contenido más reciente en su correo electrónico varias veces al mes.