{"id":7389,"date":"2024-04-10T15:49:49","date_gmt":"2024-04-10T20:49:49","guid":{"rendered":"https:\/\/www.bbrown.com\/?post_type=insight&#038;p=7389"},"modified":"2024-04-10T15:49:49","modified_gmt":"2024-04-10T20:49:49","slug":"a-look-back-at-the-mgm-and-caesars-incident","status":"publish","type":"insight","link":"https:\/\/www.bbrown.com\/us\/insight\/a-look-back-at-the-mgm-and-caesars-incident\/","title":{"rendered":"A Look Back at the MGM and Caesars Incident"},"content":{"rendered":"<div class=\"wpb-content-wrapper\"><p>[vc_row row_style=&#8221;page-hero&#8221; full_width=&#8221;stretch_row_content&#8221;][vc_column]\n\t<div class=\"hero hero--wrap    \">\n\n\t\t<div class=\"hero--background-image hero--background-image-blur\">\n\t\t\t<div class=\"hero--overlay\"><\/div>\n\t\t\t\t\t\t\t<div class=\"hero-background\" style=\"background: url(https:\/\/www.bbrown.com\/wp-content\/uploads\/2024\/04\/A-Look-Back-at-the-MGM-and-Caesars-Incident-Brown-Brown-External_web-image.jpg) center center no-repeat; background-size: cover;\"><\/div>\n\t\t\t\t\t<\/div>\n\n\t\t<div class=\"hero--container\">\n\t\t\t<div class=\"container\">\n\t\t\t\t<div class=\"hero--inner width-100\">\n\n\t\t\t\t\t\n  <div class='content-heading  100%  '>\n    <p class='text-white subheading'>Property &amp; Casualty<\/p>\n    <h1 class='text-white    '>\n      A Look Back at the MGM and Caesars Incident\n    <\/h1>\n\t\n  <\/div>\t\t\t\t\t\n\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t<\/div>\n\t\t<\/div>\n\n\t<\/div>\n\n\t\n[\/vc_column][\/vc_row][vc_row][vc_column width=&#8221;2\/3&#8243;]\n  <div class='content-heading  100% content-heading--ruled '>\n    \n    <h1 class='text-brand-dark-blue    h2'>\n      A Look Back at the MGM and Caesars Incident\n    <\/h1>\n\t\n  <\/div>[vc_column_text]The MGM Resorts International and Caesars Entertainment cyberattacks in September 2023 serve as a cautionary tale for those in the cyber world.<\/p>\n<h3>Incident Timeline:<\/h3>\n<ul>\n<li><strong>Early September 2023:<\/strong> Both MGM and Caesars experience suspicious activity within their IT systems.<\/li>\n<li><strong>September 7th:<\/strong> Caesars suffers a data breach, acknowledging a social engineering attack targeting a third-party IT vendor.<\/li>\n<li><strong>September 11th:<\/strong> MGM faces a ransomware attack by the Scattered Spider (UNC3944) group, causing widespread disruption.<\/li>\n<li><strong>September 14th:<\/strong> Scattered Spider claims to have exfiltrated 6 terabytes of data from both companies.<\/li>\n<li><strong>Mid-September:<\/strong> Caesars reportedly pays a $15 million ransom, while MGM opts for collaboration with law enforcement.<\/li>\n<li><strong>Late September:<\/strong> Both companies restore normal operations.<\/li>\n<\/ul>\n<p>The attack unfolded in stages. Scattered Spider, a cybercrime group, initially gained a foothold through social engineering, likely phishing for employee credentials. This breach provided access to the Okta platform, a crucial access management system. The attackers then capitalized on weak multi-factor authentication (MFA) to escalate privileges and gain control of the Azure Active Directory domain controller. This unfettered access allowed them to exfiltrate sensitive data and deploy BlackCat\/ALPHV ransomware, crippling critical MGM\u2019s systems.<\/p>\n<p>The MGM and Caesars attacks were not directly linked but rather showcased the general cyber threats faced by businesses in the hospitality sector. If you imagine two houses on the same street being robbed one after the other, while not directly connected, the incidents highlight a vulnerability in the neighborhood and prompt residents to improve their security measures. Some reports suggest the same threat actor group (Scattered Spider) might have been involved in both attacks; however, concrete evidence is limited.<\/p>\n<p>Several security shortcomings exacerbated the situation. Inadequate MFA practices, exemplified by the compromised twofactor authentication, proved insufficient to prevent further intrusion. Additionally, a lack of proper security awareness training left employees susceptible to social engineering tactics. Furthermore, the absence of network segmentation granted the attackers unrestricted movement within the system, facilitating lateral movement and data exfiltration. Lastly, limited detection and response (D&amp;R) capabilities delayed the identification and containment of the attack and allowed the situation to escalate.<\/p>\n<p>Learning from these missteps, organizations can take proactive measures to bolster their defenses. Implementing robust MFA solutions with hardware tokens or biometrics significantly strengthens the login process. Regular security awareness training equips employees to recognize and resist phishing attempts. Network segmentation restricts an attacker\u2019s reach by isolating critical systems. Investing in advanced D&amp;R tools and processes allows for swifter threat detection and response, minimizing damage. Penetration testing and vulnerability assessments regularly identify and address security gaps before they can be exploited.<\/p>\n<p>The MGM and Caesars incidents serve as a stark reminder of the evolving cyber threat landscape. By adopting a multi-layered approach to cybersecurity, organizations can significantly enhance their defenses. Additionally, an organizaton can improve their recovery process by taking charge of cybersecurity defenses, empowering teammates and employing a team of cyber insurance risk advisors.[\/vc_column_text]\t<div class='wpb_content_element text-left btn-container'>\n\t\t\t\t\t<a class='btn btn-brand-green  '\n\t\t\t\thref='https:\/\/www.bbrown.com\/wp-content\/uploads\/2024\/04\/A-Look-Back-at-the-MGM-and-Caesars-Incident-Brown-Brown-External_web.pdf' target='_blank' data-toggle=''>\n\t\t\t\t<span class=\"btn-text-color--default\">Download PDF<\/span>\n\t\t\t<\/a>\n\t\t\t<\/div>\n[\/vc_column][vc_column width=&#8221;1\/3&#8243;][vc_single_image image=&#8221;1021&#8243; alignment=&#8221;center&#8221;][vc_separator border_width=&#8221;2&#8243; el_width=&#8221;60&#8243;][vc_column_text]<\/p>\n<h6 style=\"text-align: center;\">Property &amp; Casualty Team<\/h6>\n<p>[\/vc_column_text]\t<div class='wpb_content_element text-center btn-container'>\n\t\t\t\t\t<a class='btn btn-brand-dark-blue  '\n\t\t\t\thref='\/us\/contact\/contact-general\/' target='' data-toggle=''>\n\t\t\t\t<span class=\"btn-text-color--default\">Connect Now<\/span>\n\t\t\t<\/a>\n\t\t\t<\/div>\n[\/vc_column][\/vc_row]<\/p>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>[vc_row row_style=&#8221;page-hero&#8221; full_width=&#8221;stretch_row_content&#8221;][vc_column][\/vc_column][\/vc_row][vc_row][vc_column width=&#8221;2\/3&#8243;][vc_column_text]The MGM Resorts International and Caesars Entertainment cyberattacks in September 2023 serve as a cautionary tale for those in the cyber world. Incident Timeline: Early September 2023: [&hellip;]<\/p>\n","protected":false},"author":66,"featured_media":7390,"template":"","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"insight_category":[34],"class_list":["post-7389","insight","type-insight","status-publish","has-post-thumbnail","hentry","insight_category-property-casualty"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.0 (Yoast SEO v27.0) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>A Look Back at the MGM and Caesars Incident - Brown &amp; Brown<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.bbrown.com\/us\/insight\/a-look-back-at-the-mgm-and-caesars-incident\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"A Look Back at the MGM and Caesars Incident\" \/>\n<meta property=\"og:description\" content=\"[vc_row row_style=&#8221;page-hero&#8221; full_width=&#8221;stretch_row_content&#8221;][vc_column][\/vc_column][\/vc_row][vc_row][vc_column width=&#8221;2\/3&#8243;][vc_column_text]The MGM Resorts International and Caesars Entertainment cyberattacks in September 2023 serve as a cautionary tale for those in the cyber world. Incident Timeline: Early September 2023: [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.bbrown.com\/us\/insight\/a-look-back-at-the-mgm-and-caesars-incident\/\" \/>\n<meta property=\"og:site_name\" content=\"Brown &amp; Brown\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.bbrown.com\/wp-content\/uploads\/2024\/04\/A-Look-Back-at-the-MGM-and-Caesars-Incident-Brown-Brown-External_linkedin-graphic.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1000\" \/>\n\t<meta property=\"og:image:height\" content=\"500\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.bbrown.com\/us\/insight\/a-look-back-at-the-mgm-and-caesars-incident\/\",\"url\":\"https:\/\/www.bbrown.com\/us\/insight\/a-look-back-at-the-mgm-and-caesars-incident\/\",\"name\":\"A Look Back at the MGM and Caesars Incident - Brown &amp; Brown\",\"isPartOf\":{\"@id\":\"https:\/\/www.bbrown.com\/us\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.bbrown.com\/us\/insight\/a-look-back-at-the-mgm-and-caesars-incident\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.bbrown.com\/us\/insight\/a-look-back-at-the-mgm-and-caesars-incident\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.bbrown.com\/wp-content\/uploads\/2024\/04\/A-Look-Back-at-the-MGM-and-Caesars-Incident-Brown-Brown-External_web-image.jpg\",\"datePublished\":\"2024-04-10T20:49:49+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.bbrown.com\/us\/insight\/a-look-back-at-the-mgm-and-caesars-incident\/#breadcrumb\"},\"inLanguage\":\"us\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.bbrown.com\/us\/insight\/a-look-back-at-the-mgm-and-caesars-incident\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"us\",\"@id\":\"https:\/\/www.bbrown.com\/us\/insight\/a-look-back-at-the-mgm-and-caesars-incident\/#primaryimage\",\"url\":\"https:\/\/www.bbrown.com\/wp-content\/uploads\/2024\/04\/A-Look-Back-at-the-MGM-and-Caesars-Incident-Brown-Brown-External_web-image.jpg\",\"contentUrl\":\"https:\/\/www.bbrown.com\/wp-content\/uploads\/2024\/04\/A-Look-Back-at-the-MGM-and-Caesars-Incident-Brown-Brown-External_web-image.jpg\",\"width\":1000,\"height\":667,\"caption\":\"Profile photo of it specialist guy lady two business people night coworking watch, together indicate monitor testing debugging java script code smart professionals office indoors\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.bbrown.com\/us\/insight\/a-look-back-at-the-mgm-and-caesars-incident\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.bbrown.com\/us\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Insights\",\"item\":\"https:\/\/www.bbrown.com\/us\/news-events\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"A Look Back at the MGM and Caesars Incident\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.bbrown.com\/us\/#website\",\"url\":\"https:\/\/www.bbrown.com\/us\/\",\"name\":\"Brown &amp; Brown\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.bbrown.com\/us\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.bbrown.com\/us\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"us\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.bbrown.com\/us\/#organization\",\"name\":\"Brown &amp; Brown\",\"url\":\"https:\/\/www.bbrown.com\/us\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"us\",\"@id\":\"https:\/\/www.bbrown.com\/us\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.bbrown.com\/wp-content\/uploads\/2021\/12\/cropped-BBRetail002-RGBrevs.png\",\"contentUrl\":\"https:\/\/www.bbrown.com\/wp-content\/uploads\/2021\/12\/cropped-BBRetail002-RGBrevs.png\",\"width\":1000,\"height\":136,\"caption\":\"Brown &amp; Brown\"},\"image\":{\"@id\":\"https:\/\/www.bbrown.com\/us\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"A Look Back at the MGM and Caesars Incident - Brown &amp; Brown","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.bbrown.com\/us\/insight\/a-look-back-at-the-mgm-and-caesars-incident\/","og_locale":"en_US","og_type":"article","og_title":"A Look Back at the MGM and Caesars Incident","og_description":"[vc_row row_style=&#8221;page-hero&#8221; full_width=&#8221;stretch_row_content&#8221;][vc_column][\/vc_column][\/vc_row][vc_row][vc_column width=&#8221;2\/3&#8243;][vc_column_text]The MGM Resorts International and Caesars Entertainment cyberattacks in September 2023 serve as a cautionary tale for those in the cyber world. Incident Timeline: Early September 2023: [&hellip;]","og_url":"https:\/\/www.bbrown.com\/us\/insight\/a-look-back-at-the-mgm-and-caesars-incident\/","og_site_name":"Brown &amp; Brown","og_image":[{"width":1000,"height":500,"url":"https:\/\/www.bbrown.com\/wp-content\/uploads\/2024\/04\/A-Look-Back-at-the-MGM-and-Caesars-Incident-Brown-Brown-External_linkedin-graphic.png","type":"image\/png"}],"twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.bbrown.com\/us\/insight\/a-look-back-at-the-mgm-and-caesars-incident\/","url":"https:\/\/www.bbrown.com\/us\/insight\/a-look-back-at-the-mgm-and-caesars-incident\/","name":"A Look Back at the MGM and Caesars Incident - Brown &amp; Brown","isPartOf":{"@id":"https:\/\/www.bbrown.com\/us\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.bbrown.com\/us\/insight\/a-look-back-at-the-mgm-and-caesars-incident\/#primaryimage"},"image":{"@id":"https:\/\/www.bbrown.com\/us\/insight\/a-look-back-at-the-mgm-and-caesars-incident\/#primaryimage"},"thumbnailUrl":"https:\/\/www.bbrown.com\/wp-content\/uploads\/2024\/04\/A-Look-Back-at-the-MGM-and-Caesars-Incident-Brown-Brown-External_web-image.jpg","datePublished":"2024-04-10T20:49:49+00:00","breadcrumb":{"@id":"https:\/\/www.bbrown.com\/us\/insight\/a-look-back-at-the-mgm-and-caesars-incident\/#breadcrumb"},"inLanguage":"us","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.bbrown.com\/us\/insight\/a-look-back-at-the-mgm-and-caesars-incident\/"]}]},{"@type":"ImageObject","inLanguage":"us","@id":"https:\/\/www.bbrown.com\/us\/insight\/a-look-back-at-the-mgm-and-caesars-incident\/#primaryimage","url":"https:\/\/www.bbrown.com\/wp-content\/uploads\/2024\/04\/A-Look-Back-at-the-MGM-and-Caesars-Incident-Brown-Brown-External_web-image.jpg","contentUrl":"https:\/\/www.bbrown.com\/wp-content\/uploads\/2024\/04\/A-Look-Back-at-the-MGM-and-Caesars-Incident-Brown-Brown-External_web-image.jpg","width":1000,"height":667,"caption":"Profile photo of it specialist guy lady two business people night coworking watch, together indicate monitor testing debugging java script code smart professionals office indoors"},{"@type":"BreadcrumbList","@id":"https:\/\/www.bbrown.com\/us\/insight\/a-look-back-at-the-mgm-and-caesars-incident\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.bbrown.com\/us\/"},{"@type":"ListItem","position":2,"name":"Insights","item":"https:\/\/www.bbrown.com\/us\/news-events\/"},{"@type":"ListItem","position":3,"name":"A Look Back at the MGM and Caesars Incident"}]},{"@type":"WebSite","@id":"https:\/\/www.bbrown.com\/us\/#website","url":"https:\/\/www.bbrown.com\/us\/","name":"Brown &amp; Brown","description":"","publisher":{"@id":"https:\/\/www.bbrown.com\/us\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.bbrown.com\/us\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"us"},{"@type":"Organization","@id":"https:\/\/www.bbrown.com\/us\/#organization","name":"Brown &amp; Brown","url":"https:\/\/www.bbrown.com\/us\/","logo":{"@type":"ImageObject","inLanguage":"us","@id":"https:\/\/www.bbrown.com\/us\/#\/schema\/logo\/image\/","url":"https:\/\/www.bbrown.com\/wp-content\/uploads\/2021\/12\/cropped-BBRetail002-RGBrevs.png","contentUrl":"https:\/\/www.bbrown.com\/wp-content\/uploads\/2021\/12\/cropped-BBRetail002-RGBrevs.png","width":1000,"height":136,"caption":"Brown &amp; Brown"},"image":{"@id":"https:\/\/www.bbrown.com\/us\/#\/schema\/logo\/image\/"}}]}},"_links":{"self":[{"href":"https:\/\/www.bbrown.com\/us\/wp-json\/wp\/v2\/insight\/7389","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.bbrown.com\/us\/wp-json\/wp\/v2\/insight"}],"about":[{"href":"https:\/\/www.bbrown.com\/us\/wp-json\/wp\/v2\/types\/insight"}],"author":[{"embeddable":true,"href":"https:\/\/www.bbrown.com\/us\/wp-json\/wp\/v2\/users\/66"}],"version-history":[{"count":0,"href":"https:\/\/www.bbrown.com\/us\/wp-json\/wp\/v2\/insight\/7389\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.bbrown.com\/us\/wp-json\/wp\/v2\/media\/7390"}],"wp:attachment":[{"href":"https:\/\/www.bbrown.com\/us\/wp-json\/wp\/v2\/media?parent=7389"}],"wp:term":[{"taxonomy":"insight_category","embeddable":true,"href":"https:\/\/www.bbrown.com\/us\/wp-json\/wp\/v2\/insight_category?post=7389"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}