Las Vegas Casino Cyberattacks Underscore Importance of ‘Human Firewalls” and Employee Training

They say Las Vegas never sleeps, But a massive cyberattack recently brought many of the strip’s most famed casinos to a standstill. Hornetsecurity’s Andy Syrewicze shares his tips for how to add a “human firewall” to your protection against cybercrime.

Tags: cloud, cyberattacks, firewall, GenAI, Hornetsecurity, phishing, ransomware, security,

Andy Syrewicze, Hornetsecurity
Andy Syrewicze
Technical Evangelist

"Properly trained, all employees can definitely provide a second level of protection against cyberattacks. "

Enterprise Integration Summit
Integration Powers Digital Transformation for APIs, Apps, Data & Cloud

December 7, 2023
A Virtual Summit

No industry is safe from cyberattacks—and the latest victims come out of Las Vegas, Nevada. Popular casino brands MGM Resorts International and Caesars Entertainment were victims of separate cyberattacks that occurred in September.


These attacks were successful on many fronts, and they provide many hard lessons learned.


In this article, we’ll take a look at important details and outcomes from the attack – and examine ways companies can better protect themselves (and their customers) from such attacks.

Anatomy of the Casino Cyberattack

In the case of the casino hacks, cybercriminals were successful due to phishing via social engineering, which included text phishing (smishing) and phone calls (vishing) to help desks to attempt to obtain password resets and multifactor bypass codes.


Analysts estimate the cyberattack cost MGM Resorts and Caesars Entertainment millions of dollars in lost revenue, Adding to the money losses, according to a Wall Street Journal report, Caesars Entertainment paid nearly $15 million to hackers who breached its systems in this hack—half of the requested $30 million ransom.

Even worse for both companies, cybercriminals captured user data from loyalty program customers, including social security numbers and driver's license numbers. Abd during the attack guests were inconvenienced for days - unable to make room charges or access their rooms with their digital keys as a result.


It’s suspected that the group responsible for the attack found an employee's information on LinkedIn and impersonated them in a call to MGM’s IT help desk to obtain credentials as part of the attack chain. Further, it’s reported in some media the attackers even outsourced some of the attack technology, using a “ransomware-as-a-service” provider.

Lessons from the Cyberattack

Believe it or not, ransomware attacks like these have been a threat for over three decades, although such attacks have certainly become more sophisticated and brazen as time  has passed. The impact on IT and corporate business is widespread.


According to a recent study, 23.9% of IT professionals responded that their organization has been the victim of a ransomware attack. Further, it was found that 58.6% of ransomware attacks originated from malicious email or phishing attacks.


Despite advancements in preventive cyberattack technologies (and accompanying increases in budgets for such tech), there are troubling signs that cyberattacks will continue to succeed.  That said, there is an emerging technique that offers promising increases in prevention and protection.


This proven technique to thwart cyberattacks is a concept of a ‘dual firewall”

One firewall is an “IT firewall” and comes from IT and security professionals who deploy security measures, high-tech hardware and software and best practices.  Such IT security measures include utilizing email filters, firewalls, network and data monitoring tools, and regular software patches. To reduce the risks of account hijacking and identity theft, innovative two-factor identification (2FA) methods such as FIDO2 (Fast IDentity Online) are also recommended.


The second firewall is a “human firewall” built from employees, knowledge and on-going training. Properly trained, all employees can definitely provide a second level of protection against cyberattacks.   All employees, not simply IT or security staff, should be trained on how to identify spear phishing or ransomware attacks   Equipping all employees with this type of training and awareness would likely have prevent the massive attack at the Las Vegas casinos.

Moreover, this crucial “human firewall” offers a layer of human defense where companies can also establish a “sustainable safety culture” throughout all areas – IT and beyond.  In turn, companies benefit from layers of concentric rings of firewall protection – making it more difficult for attackers to break through.


Implementing the “Human Firewall” of Cyberattack Protection

Here is how to implement a “human firewall: to protect against a wide range of modern cyberattacks.

Implementing a “human firewall” takes three a triad of sets: “Mindset - Skillset – Toolset.”  These sets mean organizations no longer rely alone on cybersecurity technology and protective measures. Further, this 3-set triad provides a force multiplier for all your IT and technology investments. 

Mindset: Raising employees' cybersecurity awareness and educating them on the threats of cyberattacks.


Skillset: Awareness training that combines non-practical forms of learning, such as e-learning or in-person training with realistic spear-phishing simulations. Reenacted phishing attacks help train employees to be less quick and impulsive in their internet activities, which is often responsible for the unmindful clicks on phishing emails.


Toolset: Contains processes and tools that strengthen the security behavior of employees. This includes tools such as password managers that help users implement a stronger password system, rather than relying on the same passwords repeatedly for convenience.

These 3 tactics can help instill long-lasting behavioral change in employees, where they become familiar with and are able to identify spear-phishing attempts.


It’s also proven that regular simulations or drills offer teachable moments that alert employees to potentially harmful behavior at the right moment. As an example, this can include taking consideration before opening an email rather than opening it on impulse, and checking all incoming emails for authenticity, even amid hectic situations, for possible spear-phishing attempts. If anything seems questionable, it is best to pause and alert IT on the best next steps.

A Note About Generative AI and Cyberattacks

One technological advancement affecting cybercrime is generative AI, which hackers are using to automate spear-phishing attacks. At Hornetsecurity, we’re already seeing evidence that generative AI has become a popular tool for  cybercriminals.


With generative AI, criminals require only a few pieces of information about a potential victim, such as an email address. This small piece of information is enough for the AI system to search the internet for and possibly acquire their position in a company or their professional qualifications. Since the tool is scalable at will, countless variants of spear-phishing messages can then be generated quickly and sent to many different victims.


But while generative AI poses a looming threat by cybercriminals, it’s not all bad news.  Companies are also using generative AI as their latest defense.


In fact, Gen AI is already proving especially helpful in threat detection.


According to a Forbes report, threat detection as a defense has Gen AI’s ability to understand language-based data which allows it to learn about the most recent threats from online intelligence communities. This means Gen AI can quickly discover existing threats, uncover new ones  – and even help workers respond to them using simple voice prompts.


Even better news, Gen AI can also be used to implement the “human firewall” method we discussed above.  Having Gen AI as a tool on hand saves employees and cybersecurity professionals so much time in researching the nature of an attack – and even keeps employees ahead of the curve on emerging new attacks.

If something new was to be established, professionals would be made aware and have the opportunity to pivot if need be – not just for a “technology firewall” but for preparing a “human firewall” with updated sets of trainings and protocols.


Cybercriminals aren’t the only ones using AI to their advantage—the latest security tools also use AI for attack detection—as ransomware attacks evolve, it is still important to increase and regulate IT security measures.


While these large corporations have increased their due diligence and the funds to invest in proper cybersecurity measures, the success of cyberattacks increasingly relies on human behavior from employees.

It’s impossible to completely avoid ransomware attacks, but thankfully there are steps that can help prevent organizations from being left too vulnerable. Although IT security measures should be a top priority within any business, training employees is not only equally important, but necessary for effective 360-degree cybersecurity protection.



Andy Syrewicze is Technical Evangelist at Hornetsecurity ,a security and backup solution provider for Microsoft 365 safeguarding emails, documents and files. He is a 20+ year IT professional  specializing in security, virtualization, cloud and Microsoft technologies.  He holds the Microsoft MVP award in Cloud and Datacenter Management.