One sentence summary – Caesars Entertainment experienced a significant data breach orchestrated by a cybercrime gang, resulting in the theft of a substantial amount of data, including driver’s license numbers and/or social security numbers of loyalty program members, and hinting at the payment of a ransomware demand; however, the company cannot guarantee that the stolen data has been completely deleted, and there is no evidence to suggest that member passwords/PINs, bank account information, or payment card details were part of the stolen data.
At a glance
- Caesars Entertainment recently experienced a significant data breach orchestrated by a cybercrime gang.
- The hackers stole a substantial amount of data, including the company’s loyalty program database.
- Caesars Entertainment hinted that they paid a ransomware demand to mitigate the damage caused by the breach.
- No evidence suggests that member passwords/PINs, bank account information, or payment card details were part of the stolen data.
- The suspicious activity on Caesars’ network was traced back to a social engineering attack on a third-party support vendor.
The details
Caesars Entertainment, Inc. recently experienced a significant data breach.
The breach was orchestrated by a cybercrime gang.
The hackers infiltrated the company’s systems and stole a substantial amount of data.
This data included the company’s loyalty program database.
The stolen data reportedly includes driver’s license numbers and/or social security numbers of numerous program members.
Caesars Entertainment hinted that they paid a ransomware demand to mitigate the damage caused by the breach.
However, the company cannot guarantee that the stolen data has been completely deleted by the unauthorized actors.
There is no evidence to suggest that member passwords/PINs, bank account information, or payment card details were part of the stolen data.
The suspicious activity on Caesars’ network was traced back to a social engineering attack on a third-party support vendor.
In response to the breach, Caesars activated their incident response protocols and implemented containment and remediation measures.
Leading cybersecurity firms have been engaged to aid in the investigation.
Law enforcement, as well as state gaming regulators, have been notified about the breach.
Caesars’ customer-facing operations, both online and physical locations, remain unaffected by the breach.
Steps have been taken to ensure that the outsourced IT support vendor involved implements corrective measures to prevent similar incidents in the future.
MGM Resorts is also grappling with a cybersecurity issue that led to the temporary shutdown of its IT systems and websites.
A ransomware gang has claimed responsibility for the hack, impacting various systems and services within MGM Resorts.
The confirmation of the Caesars breach follows the news of this MGM Resorts cyberattack.
Personal details of police officers and staff from Greater Manchester Police were recently hacked in another cybersecurity breach.
The breach occurred at a company responsible for producing identity cards.
This marks the second major cyberattack on a British police force within a month.
The stolen information includes details found on identity badges and warrant cards, such as names, photos, and identity numbers.
No home addresses or financial information was compromised in this breach.
A criminal investigation is underway, and the National Crime Agency is leading the investigation.
The Greater Manchester Police Federation is working closely with the police force to minimize the damage caused by the breach.
This breach follows a similar security incident involving London’s Metropolitan Police.
There was a separate security breach in July involving the Police Service of Northern Ireland, where personal information was inadvertently published.
Officials are concerned that the obtained information may have fallen into the hands of Irish Republican Army dissidents.
A download manager site catering to Linux users was discovered to have been serving malware for over three years.
The attack involved establishing a reverse shell to an actor-controlled server and installing a Bash stealer on compromised systems.
The campaign took place between 2020 and 2022 and is no longer active.
The malware collected various sensitive information from infected systems, including system information, browsing history, saved passwords, cryptocurrency wallet files, and credentials for cloud services.
The specific website involved in this attack was freedownloadmanager[.]org, redirecting some users to a malicious domain called deb.fdmpkg[.]org.
The attackers likely used predefined filtering criteria to selectively target potential victims.
A malicious Debian package was employed, containing a post-install script that dropped two ELF files, including a DNS-based backdoor.
This backdoor established a reverse shell to a command-and-control server, with communication occurring either via SSL or TCP.
The objective of the attack was to deploy a stealer malware and harvest sensitive data from infected systems.
The collected information was then uploaded to the attackers’ server using an uploader binary downloaded from the command-and-control server.
The backdoor identified in this attack is a variant of a known backdoor called Bew, while the Bash stealer malware has been documented before.
The exact method of compromise and the campaign’s end goals remain unclear.
Notably, the rogue package managed to evade detection for years, as not every user who downloaded the software received the malicious version.
This highlights the challenge of detecting ongoing cyberattacks on Linux machines and emphasizes the need for reliable security solutions.
Article X-ray
Two broken padlocks hanging on a fence, symbolizing the major data breaches experienced by Caesars Entertainment and MGM Resorts.
This section links each of the article’s facts back to its original source.
If you have any suspicions that false information is present in the article, you can use this section to investigate where it came from.
| securityweek.com |
|---|
| – Caesars Entertainment, Inc. has been hacked by a cybercrime gang. – |
| The hackers stole a significant amount of data, including the company’s loyalty program database. – |
| The stolen data includes driver’s license numbers and/or social security numbers of many members. – Caesars hinted that a ransomware demand was paid to minimize the damage. – |
| The company cannot guarantee that the stolen data has been deleted by the unauthorized actor. |
| – There is no evidence that member passwords/PINs, bank account information, or payment card information were part of the stolen data. – |
| The suspicious activity on Caesars’ network resulted from a social engineering attack on a third-party support vendor. |
| – Caesars activated incident response protocols and implemented containment and remediation measures. – Leading cybersecurity firms were engaged to assist with the investigation. |
| – Law enforcement and state gaming regulators were notified about the breach. – Caesars’ customer-facing operations were unaffected, both online and physical locations. – Steps have been taken to ensure the outsourced IT support vendor involved implements corrective measures. – MGM Resorts is also dealing with a cybersecurity issue that took its IT systems and websites offline. – |
| A ransomware gang has claimed responsibility for the MGM Resorts hack, impacting various systems and services. – |
| The Caesars breach confirmation follows the news of the MGM Resorts cyberattack. |
| securityweek.com |
|---|
| – Personal details of thousands of police officers and staff from Greater Manchester Police have been hacked – |
| The hack occurred at a company that makes identity cards – This is the second cyberattack to affect a major British police force in less than a month – Details on identity badges and warrant cards, including names, photos, and identity numbers were stolen – The third-party supplier responsible for the breach was not identified – No home addresses or financial information was stolen – The attack is being treated seriously and a criminal investigation is underway – The National Crime Agency is leading the investigation – The Greater Manchester Police Federation is working with the police force to limit the damage – The breach follows a similar security breach involving London’s Metropolitan Police – The Police Service of Northern Ireland also had a security incident in July where personal information was inadvertently published – Officials are concerned that the information may have been obtained by Irish Republican Army dissidents. |
| thehackernews.com |
|---|
| – A download manager site for Linux users served malware that stole passwords and sensitive information for over three years. – |
| The attack involved establishing a reverse shell to an actor-controlled server and installing a Bash stealer on compromised systems. – |
| The campaign took place between 2020 and 2022 but is no longer active. – |
| The malware collected system information, browsing history, saved passwords, cryptocurrency wallet files, and credentials for cloud services. – |
| The website in question is freedownloadmanager[.]org, which redirected some users to a malicious domain called deb.fdmpkg[.]org. – |
| The malware authors likely used predefined filtering criteria to selectively target potential victims. – |
| The malicious Debian package contained a post-install script that dropped two ELF files, including a DNS-based backdoor. – |
| The backdoor launched a reverse shell to a command-and-control server, and communication was either SSL or TCP. – |
| The goal of the attack was to deploy a stealer malware and harvest sensitive data from the system. – |
| The collected information was uploaded to the attacker’s server using an uploader binary downloaded from the command-and-control server. – |
| The backdoor used in the attack is a variant of a known backdoor called Bew, while the Bash stealer malware has been documented before. – |
| The exact method of compromise and the campaign’s end goals are unclear. – |
| The rogue package evaded detection for years, as not everyone who downloaded the software received the malicious version. |
| – Detecting ongoing cyberattacks on Linux machines can be challenging, highlighting the need for reliable security solutions. |
English 
Portuguese 
Turkish 
Chinese 
German