{"id":521,"date":"2025-07-21T14:06:26","date_gmt":"2025-07-21T14:06:26","guid":{"rendered":"https:\/\/www.robustittraining.com\/blog\/?p=521"},"modified":"2025-07-21T15:38:58","modified_gmt":"2025-07-21T15:38:58","slug":"the-spiders-web-how-a-cyber-attack-crippled-las-vegas-in-2023","status":"publish","type":"post","link":"https:\/\/www.robustittraining.com\/blog\/2025\/07\/21\/the-spiders-web-how-a-cyber-attack-crippled-las-vegas-in-2023\/","title":{"rendered":"The Spider&#8217;s Web: How a Cyber Attack Crippled Las Vegas in 2023"},"content":{"rendered":"<p data-start=\"611\" data-end=\"967\">In September 2023, the bright lights of Las Vegas dimmed for a moment\u2014not due to a power outage, but a sophisticated cyberattack that brought two of the Strip\u2019s giants, <a class=\"\" href=\"https:\/\/www.robustittraining.com\/courses\/comptia\/security-plus.php\" target=\"_new\" rel=\"noopener\" data-start=\"780\" data-end=\"861\">MGM Resorts<\/a> and <a class=\"\" href=\"https:\/\/www.robustittraining.com\/courses\/ec-council\/ceh.php\" target=\"_new\" rel=\"noopener\" data-start=\"866\" data-end=\"950\">Caesars Entertainment<\/a>, to their knees.<\/p>\n<p data-start=\"969\" data-end=\"1184\">The culprit? A cybercriminal group known as <strong data-start=\"1013\" data-end=\"1033\">Scattered Spider<\/strong>. This wasn\u2019t your typical smash-and-grab; it was a masterclass in <strong data-start=\"1100\" data-end=\"1122\">social engineering<\/strong> that exposed vulnerabilities far beyond technical safeguards.<\/p>\n<hr data-start=\"1186\" data-end=\"1189\" \/>\n<h3 data-start=\"1191\" data-end=\"1219\">Who is Scattered Spider?<\/h3>\n<p data-start=\"1221\" data-end=\"1589\">Scattered Spider, known for tactics like \u201cvishing\u201d (voice phishing), didn\u2019t brute-force their way in. They <em data-start=\"1328\" data-end=\"1340\">researched<\/em> employees meticulously, then impersonated them in calls to internal IT help desks. Using persistence and manipulation, they tricked support staff into handing over login credentials\u2014often by exploiting <strong data-start=\"1543\" data-end=\"1588\">multi-factor authentication (MFA) fatigue<\/strong>.<\/p>\n<p data-start=\"1591\" data-end=\"1741\">In some cases, employees received an overwhelming number of MFA prompts and, in frustration, approved one, unknowingly granting attackers full access.<\/p>\n<hr data-start=\"1743\" data-end=\"1746\" \/>\n<h3 data-start=\"1748\" data-end=\"1800\">The Fallout: MGM Resorts &amp; Caesars Entertainment<\/h3>\n<p data-start=\"1802\" data-end=\"1846\">The consequences were swift and devastating:<\/p>\n<h4 data-start=\"1848\" data-end=\"1865\">MGM Resorts:<\/h4>\n<ul data-start=\"1866\" data-end=\"2042\">\n<li data-start=\"1866\" data-end=\"1892\">\n<p data-start=\"1868\" data-end=\"1892\">Casino floors went dark.<\/p>\n<\/li>\n<li data-start=\"1893\" data-end=\"1933\">\n<p data-start=\"1895\" data-end=\"1933\">Digital room keys stopped functioning.<\/p>\n<\/li>\n<li data-start=\"1934\" data-end=\"1967\">\n<p data-start=\"1936\" data-end=\"1967\">Online booking systems crashed.<\/p>\n<\/li>\n<li data-start=\"1968\" data-end=\"2003\">\n<p data-start=\"1970\" data-end=\"2003\">Restaurant reservations vanished.<\/p>\n<\/li>\n<li data-start=\"2004\" data-end=\"2042\">\n<p data-start=\"2006\" data-end=\"2042\">Guests waited <strong data-start=\"2020\" data-end=\"2029\">hours<\/strong> to check in.<\/p>\n<\/li>\n<\/ul>\n<p data-start=\"2044\" data-end=\"2323\">The incident involved collaboration with another threat group\u2014<strong data-start=\"2106\" data-end=\"2126\">ALPHV (BlackCat)<\/strong> ransomware operators. MGM took a hardline stance and refused to pay the ransom. Still, they suffered <strong data-start=\"2228\" data-end=\"2249\">over $100 million<\/strong> in losses, with disruptions affecting both operations and customer trust.<\/p>\n<h4 data-start=\"2325\" data-end=\"2352\">Caesars Entertainment:<\/h4>\n<p data-start=\"2353\" data-end=\"2610\">Here, the attack vector was different\u2014a <strong data-start=\"2393\" data-end=\"2418\">third-party IT vendor<\/strong>. But the outcome was just as severe. Scattered Spider exfiltrated sensitive data from a <strong data-start=\"2507\" data-end=\"2537\">loyalty programme database<\/strong>, including <strong data-start=\"2549\" data-end=\"2609\">driver\u2019s licence numbers and Social Security information<\/strong>.<\/p>\n<p data-start=\"2612\" data-end=\"2766\">Unlike MGM, Caesars reportedly <strong data-start=\"2643\" data-end=\"2675\">paid a ransom of $15 million<\/strong>, halving the original $30 million demand in hopes of preventing the leak of customer data.<\/p>\n<hr data-start=\"2768\" data-end=\"2771\" \/>\n<h3 data-start=\"2773\" data-end=\"2801\">Lessons for the Industry<\/h3>\n<p data-start=\"2803\" data-end=\"2852\">These attacks served as a powerful reminder that:<\/p>\n<ul data-start=\"2854\" data-end=\"3240\">\n<li data-start=\"2854\" data-end=\"2914\">\n<p data-start=\"2856\" data-end=\"2914\"><strong data-start=\"2856\" data-end=\"2899\">Human error is a critical vulnerability<\/strong> in any system.<\/p>\n<\/li>\n<li data-start=\"2915\" data-end=\"2980\">\n<p data-start=\"2917\" data-end=\"2980\">Social engineering can bypass even robust technical safeguards.<\/p>\n<\/li>\n<li data-start=\"2981\" data-end=\"3053\">\n<p data-start=\"2983\" data-end=\"3053\"><strong data-start=\"2983\" data-end=\"3009\">Cybersecurity training<\/strong> for all employees\u2014not just IT\u2014is essential.<\/p>\n<\/li>\n<li data-start=\"3054\" data-end=\"3144\">\n<p data-start=\"3056\" data-end=\"3144\">Multi-factor authentication must be configured to prevent abuse (e.g. limiting prompts).<\/p>\n<\/li>\n<li data-start=\"3145\" data-end=\"3240\">\n<p data-start=\"3147\" data-end=\"3240\">Incident response plans must account for <strong data-start=\"3188\" data-end=\"3210\">internal deception<\/strong> and <strong data-start=\"3215\" data-end=\"3239\">third-party breaches<\/strong>.<\/p>\n<\/li>\n<\/ul>\n<hr data-start=\"3242\" data-end=\"3245\" \/>\n<h3 data-start=\"3247\" data-end=\"3308\">Cybersecurity Training That Prepares You for Real Threats<\/h3>\n<p data-start=\"3310\" data-end=\"3420\">If these stories highlight anything, it\u2019s this: today\u2019s threats don\u2019t just target networks\u2014they target people.<\/p>\n<p data-start=\"3422\" data-end=\"3559\">Want to gain the skills needed to defend organisations against this level of attack? Consider starting with the following certifications:<\/p>\n<ul data-start=\"3561\" data-end=\"4054\">\n<li data-start=\"3561\" data-end=\"3656\">\n<p data-start=\"3563\" data-end=\"3656\"><a class=\"\" href=\"https:\/\/www.robustittraining.com\/courses\/ec-council\/ceh.php\" target=\"_new\" rel=\"noopener\" data-start=\"3563\" data-end=\"3656\">Certified Ethical Hacker (CEH)<\/a><\/p>\n<\/li>\n<li data-start=\"3657\" data-end=\"3746\">\n<p data-start=\"3659\" data-end=\"3746\"><a class=\"\" href=\"https:\/\/www.robustittraining.com\/courses\/comptia\/security-plus.php\" target=\"_new\" rel=\"noopener\" data-start=\"3659\" data-end=\"3746\">CompTIA Security+<\/a><\/p>\n<\/li>\n<li data-start=\"3747\" data-end=\"3834\">\n<p data-start=\"3749\" data-end=\"3834\"><a class=\"\" href=\"https:\/\/www.robustittraining.com\/courses\/comptia\/network-plus.php\" target=\"_new\" rel=\"noopener\" data-start=\"3749\" data-end=\"3834\">CompTIA Network+<\/a><\/p>\n<\/li>\n<li data-start=\"3835\" data-end=\"3940\">\n<p data-start=\"3837\" data-end=\"3940\"><a class=\"\" href=\"https:\/\/www.robustittraining.com\/courses\/microsoft\/sc-900.php\" target=\"_new\" rel=\"noopener\" data-start=\"3837\" data-end=\"3940\">Microsoft SC-900 Security Fundamentals<\/a><\/p>\n<\/li>\n<li data-start=\"3941\" data-end=\"4054\">\n<p data-start=\"3943\" data-end=\"4054\"><a class=\"\" href=\"https:\/\/www.robustittraining.com\/pathways\/how-to-become-a-certified-ethical-hacker.php\" target=\"_new\" rel=\"noopener\" data-start=\"3943\" data-end=\"4054\">Cybersecurity Pathway<\/a><\/p>\n<\/li>\n<\/ul>\n<hr data-start=\"4056\" data-end=\"4059\" \/>\n<h3 data-start=\"4061\" data-end=\"4108\">Weekly Cybersecurity Webinar \u2013 Join Us Live<\/h3>\n<p data-start=\"4110\" data-end=\"4186\">Every <strong data-start=\"4116\" data-end=\"4140\">Wednesday at 6:15 PM<\/strong>, we host a live cybersecurity career webinar.<\/p>\n<p data-start=\"4188\" data-end=\"4306\">Learn how to enter this critical industry, get certified, and start your journey toward becoming a cyber professional.<\/p>\n<p data-start=\"4308\" data-end=\"4363\"><a class=\"\" href=\"https:\/\/cyber-webinar.com\" target=\"_new\" rel=\"noopener\" data-start=\"4311\" data-end=\"4363\">Reserve your place here<\/a><\/p>\n<hr data-start=\"4365\" data-end=\"4368\" \/>\n<h3 data-start=\"4370\" data-end=\"4384\">Conclusion<\/h3>\n<p data-start=\"4386\" data-end=\"4754\">In the cat-and-mouse game of cybersecurity, it\u2019s no longer enough to rely on firewalls and antivirus. The Las Vegas attacks of 2023 are a stark reminder that the real battlefield lies in <strong data-start=\"4573\" data-end=\"4593\">human psychology<\/strong> and <strong data-start=\"4598\" data-end=\"4621\">strategic deception<\/strong>. Whether you&#8217;re an aspiring cybersecurity professional or an enterprise leader, staying informed\u2014and prepared\u2014is no longer optional.<\/p>\n<hr data-start=\"4756\" data-end=\"4759\" \/>\n<h3 data-start=\"4761\" data-end=\"4775\">Next Steps<\/h3>\n<ul data-start=\"4777\" data-end=\"5353\">\n<li data-start=\"4777\" data-end=\"4920\">\n<p data-start=\"4779\" data-end=\"4920\"><a class=\"\" href=\"https:\/\/www.robustittraining.com\/pathways\/how-to-become-a-certified-ethical-hacker.php\" target=\"_new\" rel=\"noopener\" data-start=\"4779\" data-end=\"4920\">Explore our beginner-friendly cybersecurity pathway<\/a><\/p>\n<\/li>\n<li data-start=\"4921\" data-end=\"5056\">\n<p data-start=\"4923\" data-end=\"5056\"><a class=\"\" href=\"https:\/\/www.robustittraining.com\/knowledge-base\/certification\/exam-preparation.php\" target=\"_new\" rel=\"noopener\" data-start=\"4923\" data-end=\"5056\">Read how to prepare for your cybersecurity exam<\/a><\/p>\n<\/li>\n<li data-start=\"5057\" data-end=\"5180\">\n<p data-start=\"5059\" data-end=\"5180\"><a class=\"\" href=\"https:\/\/www.robustittraining.com\/success-stories.php\" target=\"_new\" rel=\"noopener\" data-start=\"5059\" data-end=\"5180\">See success stories of students who transitioned into cyber roles<\/a><\/p>\n<\/li>\n<li data-start=\"5181\" data-end=\"5272\">\n<p data-start=\"5183\" data-end=\"5272\"><a class=\"\" href=\"https:\/\/www.robustittraining.com\/communities\/index.php\" target=\"_new\" rel=\"noopener\" data-start=\"5183\" data-end=\"5272\">Check out our support community<\/a><\/p>\n<\/li>\n<li data-start=\"5273\" data-end=\"5353\">\n<p data-start=\"5275\" data-end=\"5353\"><a class=\"\" href=\"https:\/\/www.robustittraining.com\/contact-us.php\" target=\"_new\" rel=\"noopener\" data-start=\"5275\" data-end=\"5353\">Book your free consultation<\/a><\/p>\n<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>A chilling cyberattack hit Las Vegas in 2023, bringing two casino giants to a halt. Here\u2019s how social engineering, ransomware, and human error collided \u2014 and what this breach means for the future of cybersecurity.<\/p>\n","protected":false},"author":4,"featured_media":522,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[27],"tags":[335,336,9,67,337,338,334,131,333,177],"class_list":["post-521","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-caesars","tag-cyber-attacks","tag-cybersecurity","tag-cybersecurity-training","tag-data-breaches","tag-ethical-hacker","tag-mgm","tag-ransomware","tag-scattered-spider","tag-social-engineering"],"jetpack_publicize_connections":[],"_links":{"self":[{"href":"https:\/\/www.robustittraining.com\/blog\/wp-json\/wp\/v2\/posts\/521","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.robustittraining.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.robustittraining.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.robustittraining.com\/blog\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.robustittraining.com\/blog\/wp-json\/wp\/v2\/comments?post=521"}],"version-history":[{"count":2,"href":"https:\/\/www.robustittraining.com\/blog\/wp-json\/wp\/v2\/posts\/521\/revisions"}],"predecessor-version":[{"id":525,"href":"https:\/\/www.robustittraining.com\/blog\/wp-json\/wp\/v2\/posts\/521\/revisions\/525"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.robustittraining.com\/blog\/wp-json\/wp\/v2\/media\/522"}],"wp:attachment":[{"href":"https:\/\/www.robustittraining.com\/blog\/wp-json\/wp\/v2\/media?parent=521"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.robustittraining.com\/blog\/wp-json\/wp\/v2\/categories?post=521"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.robustittraining.com\/blog\/wp-json\/wp\/v2\/tags?post=521"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}