* . *
  • About
  • Advertise
  • Privacy & Policy
  • Contact
Saturday, September 27, 2025
Earth-News
  • Home
  • Business
  • Entertainment
    Cardi B Adds More Dates to Little Miss Drama Tour: ‘Y’all Making Me Work’ – Yahoo

    Cardi B Extends Little Miss Drama Tour: “Y’all Making Me Work

    ‘Today’: Sheinelle Jones Thanks Katie Couric for Support After Husband’s Death – CBS 19 News

    Sheinelle Jones Expresses Heartfelt Thanks to Katie Couric for Support After Husband’s Passing

    Sate your hunger at DBA’s Taste of Downtown – Bakersfield.com

    Indulge Your Cravings at DBA’s Taste of Downtown!

    Caesars Entertainment (CZR): Assessing Valuation After Times Square Casino Setback and Mounting Investor Concerns – simplywall.st

    Caesars Entertainment Faces Times Square Casino Hurdles as Investor Concerns Mount

    Why Hilaria Baldwin Has Found the ‘DWTS’ Process ‘Embarrassing’ At Times – WFXG

    Hilaria Baldwin Opens Up About the Embarrassing Moments on Her ‘DWTS’ Journey

    Harvest Fest 2025 – yadkinripple.com

    Celebrate the Bounty: Harvest Fest 2025 is Coming!

  • General
  • Health
  • News

    Cracking the Code: Why China’s Economic Challenges Aren’t Shaking Markets, Unlike America’s” – Bloomberg

    Trump’s Narrow Window to Spread the Truth About Harris

    Trump’s Narrow Window to Spread the Truth About Harris

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Trending Tags

    • Trump Inauguration
    • United Stated
    • White House
    • Market Stories
    • Election Results
  • Science
  • Sports
  • Technology
    Aurora police hope to add facial recognition technology to crime-fighting tools – CBS News

    Aurora Police Aim to Boost Crime-Fighting with New Facial Recognition Technology

    Autonomous Solutions shows off cutting-edge technology for the public – Cache Valley Daily

    Autonomous Solutions Unveils Cutting-Edge Technology for the Public

    Amazon to Pay $2.5 Billion in Prime Membership Settlement – The New York Times

    Amazon to Pay $2.5 Billion in Prime Membership Settlement – The New York Times

    What are we really gaining from technology? – Fast Company

    What Are We Really Gaining from Technology?

    TOMI Environmental Solutions, Inc. Expands SteraMist iHP Technology Services in Healthcare Sector with New Provider Partnership – Quiver Quantitative

    TOMI Environmental Solutions Accelerates SteraMist iHP Technology Expansion in Healthcare with New Provider Partnership

    Indiana County Technology Center’s Joint Operating Committee looks to the future as program plans began to take shape – Indiana Gazette Online

    Indiana County Technology Center’s Joint Operating Committee Charts an Exciting Path Forward as New Program Plans Take Shape

    Trending Tags

    • Nintendo Switch
    • CES 2017
    • Playstation 4 Pro
    • Mark Zuckerberg
No Result
View All Result
  • Home
  • Business
  • Entertainment
    Cardi B Adds More Dates to Little Miss Drama Tour: ‘Y’all Making Me Work’ – Yahoo

    Cardi B Extends Little Miss Drama Tour: “Y’all Making Me Work

    ‘Today’: Sheinelle Jones Thanks Katie Couric for Support After Husband’s Death – CBS 19 News

    Sheinelle Jones Expresses Heartfelt Thanks to Katie Couric for Support After Husband’s Passing

    Sate your hunger at DBA’s Taste of Downtown – Bakersfield.com

    Indulge Your Cravings at DBA’s Taste of Downtown!

    Caesars Entertainment (CZR): Assessing Valuation After Times Square Casino Setback and Mounting Investor Concerns – simplywall.st

    Caesars Entertainment Faces Times Square Casino Hurdles as Investor Concerns Mount

    Why Hilaria Baldwin Has Found the ‘DWTS’ Process ‘Embarrassing’ At Times – WFXG

    Hilaria Baldwin Opens Up About the Embarrassing Moments on Her ‘DWTS’ Journey

    Harvest Fest 2025 – yadkinripple.com

    Celebrate the Bounty: Harvest Fest 2025 is Coming!

  • General
  • Health
  • News

    Cracking the Code: Why China’s Economic Challenges Aren’t Shaking Markets, Unlike America’s” – Bloomberg

    Trump’s Narrow Window to Spread the Truth About Harris

    Trump’s Narrow Window to Spread the Truth About Harris

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Trending Tags

    • Trump Inauguration
    • United Stated
    • White House
    • Market Stories
    • Election Results
  • Science
  • Sports
  • Technology
    Aurora police hope to add facial recognition technology to crime-fighting tools – CBS News

    Aurora Police Aim to Boost Crime-Fighting with New Facial Recognition Technology

    Autonomous Solutions shows off cutting-edge technology for the public – Cache Valley Daily

    Autonomous Solutions Unveils Cutting-Edge Technology for the Public

    Amazon to Pay $2.5 Billion in Prime Membership Settlement – The New York Times

    Amazon to Pay $2.5 Billion in Prime Membership Settlement – The New York Times

    What are we really gaining from technology? – Fast Company

    What Are We Really Gaining from Technology?

    TOMI Environmental Solutions, Inc. Expands SteraMist iHP Technology Services in Healthcare Sector with New Provider Partnership – Quiver Quantitative

    TOMI Environmental Solutions Accelerates SteraMist iHP Technology Expansion in Healthcare with New Provider Partnership

    Indiana County Technology Center’s Joint Operating Committee looks to the future as program plans began to take shape – Indiana Gazette Online

    Indiana County Technology Center’s Joint Operating Committee Charts an Exciting Path Forward as New Program Plans Take Shape

    Trending Tags

    • Nintendo Switch
    • CES 2017
    • Playstation 4 Pro
    • Mark Zuckerberg
No Result
View All Result
Earth-News
No Result
View All Result
Home Technology

The chaotic and cinematic MGM casino hack, explained

September 16, 2023
in Technology
The chaotic and cinematic MGM casino hack, explained
Share on FacebookShare on Twitter

Did prominent casino chain MGM Resorts gamble with its customers’ data? That’s a question a lot of those customers are probably asking themselves now, days into a cyberattack that took down many of MGM’s systems. And it may have all started with a phone call, if reports citing the hackers themselves are to be believed.

MGM, which owns more than two dozen hotel and casino locations around the world as well as an online sports betting arm, reported on Monday that a “cybersecurity issue” was affecting some of its systems, which it shut down to “protect our systems and data.” For the next several days, reports said everything from hotel room digital keys to slot machines weren’t working. Even websites for its many properties went offline for a while. Guests found themselves waiting in hours-long lines to check in and get physical room keys or getting handwritten receipts for casino winnings as the company went into manual mode to stay as operational as possible. MGM Resorts didn’t respond to a request for comment, and has only posted vague references to a “cybersecurity issue” on Twitter/X, reassuring guests it was working to resolve the issue and that its resorts were staying open.

The attacks show how even organizations that you might expect to be especially locked down and protected from cybersecurity attacks — say, massive casino chains that pull in tens of millions of dollars every day — are still vulnerable if the hacker uses the right attack vector. And that’s almost always a human being and human nature. In this case, it appears that publicly available information and persuasive phone manner were enough to give the hackers all they needed to get into MGM’s systems and create what is likely to be some very expensive havoc that will hurt both the resort chain and many of its guests.

Spiders and Cats are claiming responsibility for the attack

A group known as Scattered Spider is believed to be responsible for the MGM breach, and it reportedly used ransomware made by ALPHV, or BlackCat, a ransomware-as-a-service operation. Scattered Spider specializes in social engineering, where attackers manipulate victims into performing certain actions by impersonating people or organizations the victim has a relationship with. The hackers are said to be especially good at “vishing,” or gaining access to systems through a convincing phone call rather than phishing, which is done through an email.

Scattered Spider’s members are thought to be in their late teens and early 20s, based in Europe and possibly the US, and fluent in English — which makes their vishing attempts much more convincing than, say, a call from someone with a Russian accent and only a working knowledge of English. In this case, it appears that the hackers found an employee’s information on LinkedIn and impersonated them in a call to MGM’s IT help desk to obtain credentials to access and infect the systems.

Someone claiming to be a representative of the group told the Financial Times that it stole and encrypted MGM’s data and is demanding a payment in crypto to release it. This was the backup plan; the group initially planned to hack the company’s slot machines but weren’t able to, the representative claimed.

If that all has you thinking that we’re in the middle of a remake of Ocean’s 13, you should also know that it may not be accurate. ALPHV/BlackCat is denying parts of these reports, especially the slot machine hacking attempt. The group posted a message on Thursday night claiming responsibility for the attack but denying that it was perpetrated by teenagers in the US and Europe or that anyone tried to tamper with slot machines. It also criticized what it said was inaccurate reporting on the hack and said it hadn’t officially spoken to anyone about the hack, and “most likely” wouldn’t in the future. The message said that data was stolen from MGM, which has thus far refused to engage with the hackers or pay any kind of ransom.

It seems that MGM wasn’t the only casino chain hit by a recent cyberattack. Caesars Entertainment paid millions of dollars to hackers who breached its systems around the same time as MGM and was able to continue operations as normal. Caesars admitted to the breach in a filing with the Securities and Exchange Commission on Thursday, where it said an “outsourced IT support vendor” was the victim of a “social engineering attack” that resulted in sensitive data about members of its customer loyalty program being stolen. Though the method is very similar to those reportedly used by Scattered Spider and the attack happened at nearly the same time as MGM’s, the alleged representative of the group told the Financial Times that it wasn’t behind it. Although, again, another group seems to be denying that Scattered Spider did any of the attacks, or at least how the events have been reported isn’t accurate.

A betting kiosk in MGM Grand displays a sad-face emoji and the message, “I’m having trouble communicating with the system. When the link is restored, your session will resume.”

A betting kiosk at MGM Grand on September 12, two days into the hack shut down many of MGM’s systems.

K.M. Cannon/Las Vegas Review-Journal/Tribune News Service via Getty Images

Why vishing works

Though we don’t yet have confirmation of who attacked MGM or even how, the alleged method, vishing, is a known cybersecurity threat that many organizations haven’t sufficiently protected themselves from. A portmanteau of “voice” and “phishing,” vishing, like all social engineering techniques, targets what’s usually the weakest link in the cybersecurity chain: us. More than 90 percent of cyberattacks start with phishing, and it’s one of the most common ways that organizations are penetrated as well. And vishing is a particularly effective avenue of attack: A 2022 IBM report found that targeted phishing attacks that included phone calls were three times more effective than those that didn’t.

“There’s always a little back door, and all the best defenses and all the expensive tools can be fooled by one good social engineering attack,” Peter Nicoletti, global chief information security officer at cybersecurity company Check Point Software, told Vox.

Ransomware attacks aren’t unusual these days. They’ve shut down major gas pipelines, banks, hospitals, schools, meat producers, governments, and journalism outlets. At this point, you’d be hard-pressed to find an industry or sector that hasn’t been hit by a ransomware attack. “Vishing,” on the other hand, is a method that hasn’t gotten nearly as much attention yet, but we may well see a lot more.

“What we’re seeing, especially in the new age of artificial intelligence, is the attackers are leveraging not only hacked information that they find about you, but also all of your social profile information,” Nicoletti said.

Stephanie Carruthers, who is a “chief people hacker” for IBM, uses social engineering to test client organizations’ systems to find potential vulnerabilities. That includes vishing, which gives her a front-row seat on how it can be used to gain access to a target.

“From the attacker point of view, vishing is easy,” she told Vox. “With phishing, I have to set up infrastructure, I have to craft an email and do all these extra technical things. But with vishing … it’s picking up the phone and calling someone and asking for a password reset. It’s pretty simple.”

One of the keys to a successful vishing attack is knowing enough about a system, company, or employee to pull off the impersonation. You can learn a lot about people and organizations just from what’s publicly available — including who companies’ high-value targets are.

“It makes the job of an attacker so much easier,” Carruthers said. “Things like LinkedIn and different types of people search engines, that is the first step into making a successful vish.” From there, the attacker can use other social engineering techniques like adding a sense of authority or urgency to a request. Organizations with inadequate verification processes to prove that the caller is who they claim to be are especially vulnerable. “It’s something we see happen all the time,” Carruthers added.

It doesn’t help that companies often overlook vishing in their employee cybersecurity training, and they aren’t asking people like Carruthers to test for vishing vulnerabilities, as they do for phishing. A highly publicized attack like MGM’s might change that. But it may also lead to an increase in vishing attacks, now that other hackers see that it gets results.

So what you can do to protect yourself? When it comes to attempts to vish you personally, the same general rules about being careful what information you share and with whom apply. Don’t give out your login credentials and passwords, and be careful about your publicly available data as well, since attacks may use it against you (or to impersonate you to trick someone else). Verify that people are who they claim to be before engaging with them. Use different passwords across all of your accounts, so that if someone gets access to one of them, they aren’t then able to get into others, and use multi-factor authentication for another layer of protection.

In this case, however, there’s not much people can do when a company they trusted with their data didn’t have sufficient systems in place to protect it — which a lot of them don’t. But they can do a few things after the fact to minimize any possible damage. Nicoletti says MGM customers should check their bank statements in case their debit card numbers were exposed in the breach, if not ask their bank for a new card entirely. He also says MGM customers should be especially wary of emails claiming to be from MGM, in case the hackers obtained customers’ email addresses. And definitely don’t click on any links or provide any credentials if asked.

Carruthers recommends that MGM customers be on the lookout for weird charges to their credit cards. She also recommends that they consider freezing their credit, which is free and easy to do and prevents would-be identity thieves from taking out credit cards in their names.

We’re here to shed some clarity

One of our core beliefs here at Vox is that everyone needs and deserves access to the information that helps them understand the world, regardless of whether they can pay for a subscription. With the 2024 election on the horizon, more people are turning to us for clear and balanced explanations of the issues and policies at stake. We’re so grateful that we’re on track to hit 85,000 contributions to the Vox Contributions program before the end of the year, which in turn helps us keep this work free. We need to add 2,500 contributions this month to hit that goal.
Will you make a contribution today to help us hit this goal and support our policy coverage? Any amount helps.

$5/month

$10/month

$25/month

$50/month

Other

Yes, I’ll give $5/month

Yes, I’ll give $5/month

We accept credit card, Apple Pay, and

Google Pay. You can also contribute via

>>> Read full article>>>
Copyright for syndicated content belongs to the linked Source : Recode – https://www.vox.com/technology/2023/9/15/23875113/mgm-hack-casino-vishing-cybersecurity-ransomware

Tags: chaoticcinematictechnology
Previous Post

The best web browsers for 2023

Next Post

TikTok’s shopping push left my For You page in shambles

New Delhi 2025: Preview, stars and how to watch the World Championships – Paralympic.org

New Delhi 2025 World Championships: Top Athletes to Watch and How You Can Catch the Action

September 27, 2025
Stock market exodus to Wall Street hits 20-year high – EL PAÍS English

Stock market exodus to Wall Street hits 20-year high – EL PAÍS English

September 27, 2025
October Prime Day TV Deals: Elevate Your Entertainment Space With These Early Savings – CNET

October Prime Day TV Deals: Upgrade Your Entertainment Space with These Early Savings

September 27, 2025
Georgia’s Medicaid work requirement program spent twice as much on administrative costs as on health care, GAO says – North Carolina Health News

Georgia’s Medicaid Work Requirement Program Spent Twice as Much on Administration as on Patient Care, GAO Finds

September 27, 2025
TGIF: Ian Donnis’ Rhode Island politics roundup for Sept. 26, 2025 – The Public’s Radio

TGIF: Ian Donnis’ Rhode Island politics roundup for Sept. 26, 2025 – The Public’s Radio

September 27, 2025
City Parks Initiative Launches Ecological Tracker for Bond Projects – Citizen Portal AI

Revolutionary Ecological Tracker Unveiled to Transform Monitoring of City Parks Bond Projects

September 27, 2025
Award-winning science writer leads student discussions at Eckerd – theonlinecurrent.com

Award-Winning Science Writer Inspires Student Discussions at Eckerd College

September 27, 2025
Human Head Transplants: Where the Science Stands, and Why the Ethics Are So Complicated – Discover Magazine

Human Head Transplants: The Science Behind the Procedure and the Complex Ethical Debate

September 27, 2025
New lifestyle brand TENŌRE set to open flagship store in Waikīkī – KITV

New lifestyle brand TENŌRE set to open flagship store in Waikīkī – KITV

September 27, 2025
Aurora police hope to add facial recognition technology to crime-fighting tools – CBS News

Aurora Police Aim to Boost Crime-Fighting with New Facial Recognition Technology

September 27, 2025

Categories

Archives

September 2025
M T W T F S S
1234567
891011121314
15161718192021
22232425262728
2930  
« Aug    
Earth-News.info

The Earth News is an independent English-language daily published Website from all around the World News

Browse by Category

  • Business (20,132)
  • Ecology (839)
  • Economy (860)
  • Entertainment (21,734)
  • General (17,270)
  • Health (9,903)
  • Lifestyle (872)
  • News (22,149)
  • People (861)
  • Politics (870)
  • Science (16,069)
  • Sports (21,359)
  • Technology (15,842)
  • World (842)

Recent News

New Delhi 2025: Preview, stars and how to watch the World Championships – Paralympic.org

New Delhi 2025 World Championships: Top Athletes to Watch and How You Can Catch the Action

September 27, 2025
Stock market exodus to Wall Street hits 20-year high – EL PAÍS English

Stock market exodus to Wall Street hits 20-year high – EL PAÍS English

September 27, 2025
  • About
  • Advertise
  • Privacy & Policy
  • Contact

© 2023 earth-news.info

No Result
View All Result

© 2023 earth-news.info

No Result
View All Result

© 2023 earth-news.info

Go to mobile version