Others

"Social engineering’ proves powerful tool in casino cyberattacks", experts say

Monday 18 de September 2023 / 12:00

⏱ 3 min read

(Las Vegas).- The apparent cyberattack that hobbled MGM Resorts International this past week is the latest in a string of high-profile security breaches to befall Las Vegas casinos in recent months.

"Social engineering’ proves powerful tool in casino cyberattacks", experts say

As MGM deals with what it has called a “cyber issue,” the gaming and hospitality giant apparently hasn’t been the only one to be targeted by potentially devastating cyber criminals lately. Caesars Entertainment also paid tens of millions to hackers to prevent them from releasing stolen data, Bloomberg reported Wednesday.

But the casinos have always been targets for robbers, fraudsters, hackers and, of course, cheaters. It’s just the way they’re being targeted that continues to evolve, experts say. Which means the gaming industry as a whole will have to keep evolving to avoid being further victimized by such high-stakes shakedowns.

Hackers claiming responsibilty for the MGM outage claimed they compromised the company’s infrastructure through simple social engineering, rather than unleashing ransomware.

The hacker gang ALPHV, also known as BlackCat, said that it had breached the gaming giant with a simple phone call, according to a post on X from malware repository vx-underground.

Then on Thursday, the group said it would unleash ransomware on the company’s computer systems “if a deal is not reached.”

While MGM has avoided the term cyberattack, the company has not commented on the cause of its computer failures, although the FBI confirmed earlier in the week that it was investigating the matter.

“I think this is kind of a bit of a never-ending story, as criminals find new ways to enact their crimes,” said Alan Feldman, who is the Distinguished Fellow in Responsible Gaming for UNLV’s International Gaming Institute. “So it’s a constant evolution of security systems, protocols and technologies.”

Although July was a month of record revenues for Nevada casinos, September has obviously been a month of headaches for MGM Resorts International. On Sept. 1, a hotel operations manager at MGM’s Aria turned himself in to the Metropolitan Police Department amid allegations he stole over $773,000 between July 2022 and July 2023 by issuing more than 200 false refunds to his debit card.

In June, Circa became victim to a so-called impostor scam. Downtown Las Vegas’ biggest hotel was swindled out of $1.17 million after an employee was duped into believing she was delivering bags of cash to two men at four different locations on behalf of one of the hotel’s owners.

Erik Gutierrez Martinez, a 23-year-old man who was living in an east Las Vegas trailer park with his aunt, was also accused of involvement in similar casino-targeting con jobs.

If MGM is indeed facing a cyberattack, as appears to be the likely scenario, and the reports about Caesars are true, the common thread, along with the Circa heist, would be social engineering, which basically refers to the component of hacking that involves human interaction.

To combat hacking, experts say, companies and government agencies need to be aware of and vigilant against this human element.

Social engineering happens when hackers are able to exploit vulnerabilities in a targeted company’s or government institution’s systems by deceiving an employee or employees into divulging information or allowing access, whether it be by phone, email or some other means.

“From what I’ve seen with these threat actors, that’s their main MO. That’s what they do,” said Alex Waintraub, a cybersecurity expert at CYGNVS Inc., whose mission is to help other companies navigate cyber crises. “They use the least sophisticated tactic there is, the human, to actually get into environments and and cause cyber havoc.”

Mehmet Erdem, professor of hotel operations and technology at UNLV, said that by and large Las Vegas casinos are generally good about security, and are forever playing catch-up in their efforts to beat the hackers whose techniques are constantly evolving.

 

By Brett Clarkson

Categoría:Others

Tags: Sin tags

País: United States

Región: North America

Event

PERU GAMING SHOW – PGS 2026

17 de June 2026

At PGS 2026, MINCETUR Explained How to Handle a Regulatory Inspection: Rights and Obligations for Compliance

(Lima, SoloAzar Exclusive).- As part of Peru Gaming Show (PGS) 2026, one of the most important gaming industry events in Latin America, José Luis Pérez, Director of Organization and Registration at MINCETUR’s General Directorate of Casino Games and Slot Machines, delivered a conference for land-based gaming operators. During his presentation, he explained the rights and obligations of license holders during regulatory inspections, detailed how inspectors carry out their duties, and emphasized the importance of fostering a strong culture of compliance to strengthen the regulated market.

Tuesday 07 Jul 2026 / 12:00

Reusable Identity and Smoother Access: JUMIO’s Approach at Peru Gaming Show 2026

(Lima, SoloAzar Exclusive).- Peru Gaming Show (PGS) 2026 hosted the conference “Reusable Identity: Less Friction, More Play – How to Simplify Player Access,” led by Pilar Pereira, Director of Strategic Alliances at JUMIO. She explained how the evolution of digital identity is transforming user experiences on online betting platforms amid strong global growth in the sector.

Friday 03 Jul 2026 / 12:00

Andres Troelsen: "Peru remains one of EGT Digital's strategic markets in LATAM"

(Lima, SoloAzar Exclusive).- Following his participation in the Peru Gaming Show, Andres Troelsen, Regional Sales Director LATAM of EGT Digital, reflects on the company's priorities in the region, the evolving demands of operators, and the opportunities emerging across the Latin American gaming market for EGT Digital.

Friday 03 Jul 2026 / 12:00

SUSCRIBIRSE

Para suscribirse a nuestro newsletter, complete sus datos

Reciba todo el contenido más reciente en su correo electrónico varias veces al mes.