Caesars Entertainment revealed in an SEC filing that the company had been the victim of a social engineering attack on an outsourced IT support vendor used by the company.
The website and smartphone apps for the corporation have been down for almost a week.
Weeks before the attack on MGM Resorts, Caesars was attacked.
The attack severely disrupted MGM's operations, making check-in for visitors a lengthy process and rendering electronic payments, digital key cards, slot machines, ATMs, and paid parking systems useless.
Known ransomware-as-a-service organisations seem to have targeted both businesses. ALPHV.
TPRM report: https://scoringcyber.rankiteo.com/company/caesars-entertainment-inc
"id": "cae85317923",
"linkid": "caesars-entertainment-inc",
"type": "Cyber Attack",
"date": "09/2023",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'industry': 'Hospitality and Entertainment',
'name': 'Caesars Entertainment',
'type': 'Enterprise'}],
'attack_vector': 'Social Engineering',
'description': 'Caesars Entertainment was the victim of a social engineering '
'attack on an outsourced IT support vendor, which resulted in '
'the disruption of their website and smartphone apps for '
'almost a week.',
'impact': {'downtime': 'Almost a week',
'operational_impact': ['Check-in process',
'Electronic payments',
'Digital key cards',
'Slot machines',
'ATMs',
'Paid parking systems'],
'systems_affected': ['Website', 'Smartphone apps']},
'ransomware': {'ransomware_strain': 'ALPHV'},
'threat_actor': 'ALPHV',
'title': 'Social Engineering Attack on Caesars Entertainment',
'type': 'Social Engineering',
'vulnerability_exploited': 'Outsourced IT support vendor'}