Splitit - Installment Plans Becoming a Key Part of Shoppers Toolkit - September 2023 Banner

Security Expert: Casino Hacks Were Part of Wider Crime Wave

The hackers who broke into the systems of two casino giants recently also carried out cyberattacks on three other companies.

That’s according to David Bradbury, chief security officer of the identity management company Okta, who said in an interview with Reuters on Tuesday (Sept. 19) that the groups that breached MGM Resorts and Caesars Entertainment also attacked his company’s clients in the manufacturing retail and technology sectors.

According to Reuters, the hacks date back to August. Bradbury did not identify the other companies targeted, but said Okta was cooperating with investigators.

The report said MGM and Caesars both lost market value following the attacks, with MGM’s operations still disrupted at gaming venues and hotels around the world.

As noted here last week, there is evidence that the attacks were launched using stolen employee login credentials. The Financial Times reported that London-based cybersecurity company DynaRisk discovered that the login credentials of MGM and Caesars workers were being sold on underground forums for cybercriminals.

“Out of 96 hacked employees, one of them has had a staggering 63 credentials stolen, while 26 more had between 2-5 credentials stolen, and the remaining 69 only had one,” DynaRisk said in a blog post.

A hacking group dubbed by cybersecurity experts as Scattered Spider has claimed responsibility for the MGM breach. The group has been tied to at least 100 attacks on major U.S. companies, often impersonating employees they’ve studied via social media.

This week also saw Clorox reveal in a Securities and Exchange Commission (SEC) filing that it suffered its own cyberattack, which disrupted the company’s operations and supply chain, impacting the production of household goods and cleaning supplies.

While the attack has been dealt with, Clorox said in the SEC filing that it “is repairing the infrastructure and is reintegrating the systems that were proactively taken offline. The company expects to begin the process of transitioning back to normal automated order processing the week of Sept. 25.”

As PYMNTS wrote, these hacks are a sign that cybercriminals are growing bolder, and that companies need to rethink their anti-fraud strategies.

The PYMNTS Intelligence report “Fraud Losses From Impersonator Scam Double for Largest US Banks,” a PYMNTS and Hawk AI collaboration, found that 48% of financial institutions (FIs) are either adding or will add new anti-fraud tech in the next year. 

And 66% of FIs say they’re using artificial intelligence or machine learning to fend off attacks, representing a 34% jump from last year.