Atelio Secured Credit Solutions July 2024 Banner

Report: Casino Hacks Likely Caused by Malware-Driven Theft of Employee Credentials

Casino hacks, MGM, Caesars, cybersecurity, malware

The recent cyberattacks on Caesars Entertainment and on MGM Resorts reportedly may have been launched with stolen login credentials.

A cybersecurity company based in London, DynaRisk, discovered that the login credentials of MGM and Caesars employees were being sold on underground forums for cybercriminals, the Financial Times (FT) reported Friday (Sept. 15).

The data set contained the credentials of a mid-level IT engineer at MGM, along with 95 other MGM employees and some employees at Caesars Entertainment, according to the report.

“Out of 96 hacked employees, one of them has had a staggering 63 credentials stolen, while 26 more had between 2-5 credentials stolen, and the remaining 69 only had one,” DynaRisk said in a blog post.

The stolen credentials of employees working in the IT division pose a significant risk as they could potentially provide access to the internal workings of the casino operators’ networks, the FT report said. While it has not been confirmed if the hackers gained access to MGM’s systems through these stolen credentials, the presence of employee details on underground forums underscores the evolving methods that hackers use to breach networks.

The stolen login credentials were likely obtained from a computer infected with a malware called Redline, which disguises itself behind pirated copies of video games or other software, per the report. Redline not only steals passwords but also captures cookies, which are used by browsers to identify frequent visitors to websites.

hacking group known as Scattered Spider claimed responsibility for the breach at MGM, including attempts to tamper with the casino resort’s slot machines, according to the report. This group has been linked to at least 100 attacks on major U.S. corporations and is considered a significant threat to Western companies. They often impersonate employees they have studied on social media and use this information to generate fresh passwords during phone calls to company help desks.

DynaRisk CEO Andrew Martin told the FT that more companies are at risk, as recent data sets traded on underground forums included credentials for employees at over 500 other companies, per the report.

This suggests that cyber attacks are on the rise and companies need to be proactive in strengthening their security measures.