"Social engineering’ proves powerful tool in casino cyberattacks", experts say
Monday 18 de September 2023 / 12:00
2 minutos de lectura
(Las Vegas).- The apparent cyberattack that hobbled MGM Resorts International this past week is the latest in a string of high-profile security breaches to befall Las Vegas casinos in recent months.

As MGM deals with what it has called a “cyber issue,” the gaming and hospitality giant apparently hasn’t been the only one to be targeted by potentially devastating cyber criminals lately. Caesars Entertainment also paid tens of millions to hackers to prevent them from releasing stolen data, Bloomberg reported Wednesday.
But the casinos have always been targets for robbers, fraudsters, hackers and, of course, cheaters. It’s just the way they’re being targeted that continues to evolve, experts say. Which means the gaming industry as a whole will have to keep evolving to avoid being further victimized by such high-stakes shakedowns.
Hackers claiming responsibilty for the MGM outage claimed they compromised the company’s infrastructure through simple social engineering, rather than unleashing ransomware.
The hacker gang ALPHV, also known as BlackCat, said that it had breached the gaming giant with a simple phone call, according to a post on X from malware repository vx-underground.
Then on Thursday, the group said it would unleash ransomware on the company’s computer systems “if a deal is not reached.”
While MGM has avoided the term cyberattack, the company has not commented on the cause of its computer failures, although the FBI confirmed earlier in the week that it was investigating the matter.
“I think this is kind of a bit of a never-ending story, as criminals find new ways to enact their crimes,” said Alan Feldman, who is the Distinguished Fellow in Responsible Gaming for UNLV’s International Gaming Institute. “So it’s a constant evolution of security systems, protocols and technologies.”
Although July was a month of record revenues for Nevada casinos, September has obviously been a month of headaches for MGM Resorts International. On Sept. 1, a hotel operations manager at MGM’s Aria turned himself in to the Metropolitan Police Department amid allegations he stole over $773,000 between July 2022 and July 2023 by issuing more than 200 false refunds to his debit card.
In June, Circa became victim to a so-called impostor scam. Downtown Las Vegas’ biggest hotel was swindled out of $1.17 million after an employee was duped into believing she was delivering bags of cash to two men at four different locations on behalf of one of the hotel’s owners.
Erik Gutierrez Martinez, a 23-year-old man who was living in an east Las Vegas trailer park with his aunt, was also accused of involvement in similar casino-targeting con jobs.
If MGM is indeed facing a cyberattack, as appears to be the likely scenario, and the reports about Caesars are true, the common thread, along with the Circa heist, would be social engineering, which basically refers to the component of hacking that involves human interaction.
To combat hacking, experts say, companies and government agencies need to be aware of and vigilant against this human element.
Social engineering happens when hackers are able to exploit vulnerabilities in a targeted company’s or government institution’s systems by deceiving an employee or employees into divulging information or allowing access, whether it be by phone, email or some other means.
“From what I’ve seen with these threat actors, that’s their main MO. That’s what they do,” said Alex Waintraub, a cybersecurity expert at CYGNVS Inc., whose mission is to help other companies navigate cyber crises. “They use the least sophisticated tactic there is, the human, to actually get into environments and and cause cyber havoc.”
Mehmet Erdem, professor of hotel operations and technology at UNLV, said that by and large Las Vegas casinos are generally good about security, and are forever playing catch-up in their efforts to beat the hackers whose techniques are constantly evolving.
By Brett Clarkson
Categoría:Others
Tags: Sin tags
País: United States
Región: North America
Event
Peru Gaming Show 2025
18 de June 2025
Facephi presented its digital identity verification solutions for the online gaming sector in Peru at PGS 2025
(Lima, SoloAzar Exclusive).- Facephi is consolidating its position as a strategic partner for responsible online gaming in Peru, presenting advanced identity verification, fraud prevention, and regulatory compliance solutions at PGS 2025, adapted to an increasingly digital and demanding ecosystem. In this interview, Bruno Rafael Rivadeneyra Sánchez, the firm's Identity Solutions Senior Manager, explores how its technology is redefining gaming security standards, with a preventative, seamless, and 100% regional approach.
Friday 18 Jul 2025 / 12:00
From PGS 2025, Win Systems Redoubles its Commitment to Peru: Innovation, Proximity, and Regional Expansion
(Lima, SoloAzar Exclusive).- In a revealing interview, Galy Olazo, Country Manager of Win Systems in Peru, analyzes the company's strategic role in one of the most thriving markets in the region. Its participation in the PGS 2025 trade show not only left its mark with its technological advances, such as the new Gold Club Colors electronic roulette wheels and the WIGOS management system, but also reaffirmed its commitment to the transformation of the sector and its consolidation in Latin America.
Tuesday 15 Jul 2025 / 12:00
Key debate during PGS 2025: Enforcement: Process to ensure compliance (laws, norms, rules)
(Lima, SoloAzar Exclusive).- During the 2025 edition of the Peru Gaming Show, the conference ‘Enforcement: Process to ensure compliance (laws, norms, rules)’ took place, with an international panel of professionals who debated about the current challenges to combat illegal gaming and guarantee the application of the laws in the sector, both in Peru and in the Latam region.
Monday 14 Jul 2025 / 12:00
SUSCRIBIRSE
Para suscribirse a nuestro newsletter, complete sus datos
Reciba todo el contenido más reciente en su correo electrónico varias veces al mes.