> In 2023, hackers used vishing (voice phishing) to impersonate employees and gain access to the internal systems of MGM Resorts International and Caesars Entertainment on the Las Vegas Strip, causing hundreds of millions of dollars in financial losses.
First time I’ve heard the term “vishing” to describe the attack we’ve all seen coming.
I was in Las Vegas when this happened, though we had no idea that day that this is what was happening. My wife and I went to get tickets to the Titanic exhibit at the Luxor and they said "our computers systems are down, we can only take cash". I had cash, and they sold us the tickets for extremely cheap.
Long story short, I've always felt like I stole from the casino that day too! :-)
I was on call when that happened. Absolute nightmare for a few weeks and most of the team didn´t sleep for days. I hold no grudge but the business thinks differently for sure. Cheers to those guys because the way they got access and made it through was very clever after the social engineering part.
MGM reportedly refused to pay a ransom, resulting in an estimated $100 million in losses and roughly 10 days of system outages affecting reservations, slot machines, room keys and websites. Caesars, in contrast, was reported by the Wall street Journal to have paid $15 million of a $30 million ransom demand and experienced less operational disruption.
Access to this page is disabled
The law prohibits participation in games of chance organized by unauthorized persons through means of electronic communication.
The authorized organizers of games of chance via means of electronic communication are the State Lottery of Serbia and persons authorized by the Ministry of Finance.
How can it be a planned conspiracy if only one person was involved? US law is so weird when it comes to bogus charges just to blow up the case artificially.
Is the offender a person with multiple identity disorder or what's the reasoning here?
Because they protect against the user.
Computer security has evolved: we must milk the user of its data and make sure he doen't interfere with the milking process.
What always interests me in these type of cases is how do hackers get identified? Aren't they savvy enough to use some sort of proxies to cover their tracks?
Hack a wifi, connect longer-range radio IoT module, link it to your base, attach it to a firework rocket, hide it inabush near the target wifi, hack, ???, ignite.
It should be illegal to pay a ransom to cyber criminals, every time it happens you’re increasing the incentives for these activities and you’re making it more likely to happen again in the future. If it’s illegal, these groups would feel less attracted to attack companies, because they know they wouldn’t be compensated for it.
21 comments
[ 3.3 ms ] story [ 57.8 ms ] threadFirst time I’ve heard the term “vishing” to describe the attack we’ve all seen coming.
Long story short, I've always felt like I stole from the casino that day too! :-)
Access to this page is disabled The law prohibits participation in games of chance organized by unauthorized persons through means of electronic communication.
The authorized organizers of games of chance via means of electronic communication are the State Lottery of Serbia and persons authorized by the Ministry of Finance.
How can it be a planned conspiracy if only one person was involved? US law is so weird when it comes to bogus charges just to blow up the case artificially.
Is the offender a person with multiple identity disorder or what's the reasoning here?