MGM Grand Cano & Other Properties Under Cyber Attack
It appears that MGM Resorts experienced a cyberattack on September 10th, causing disruptions to its operations, particularly in Las Vegas, where MGM Grand is a major player in the hospitality industry. Here are some key points about the incident:
Nature of the Attack: The cyberattack on MGM Resorts is suspected to be a ransomware attack. Ransomware attacks involve malicious software that encrypts a victim’s data and demands a ransom in exchange for the decryption key.
Impact on Operations: The attack disrupted various aspects of MGM Resorts’ operations, with a significant impact on Las Vegas properties. Key card systems in hotels were affected, leaving guests unable to access their rooms, and old-fashioned keys had to be used.
Additionally, reports suggest that slot machines on the casino floors were also down, causing inconvenience to guests.
Response: MGM Resorts quickly responded to the incident by initiating an investigation with the help of external cybersecurity experts. They also notified law enforcement agencies and took measures to protect their systems and data, including shutting down certain systems.
Website Outage: As of the latest information available, MGM Resorts’ websites were still offline, and customers were directed to make reservations by phone. This suggests that the cyberattack had a broader impact on the company’s digital infrastructure.
Continued Operations: Despite the cyberattack, MGM Resorts emphasized that its resorts, including dining, entertainment, and gaming, were operational and continued to offer the experiences for which the company is known.
Ongoing Investigation: MGM Resorts stated that the investigation is ongoing and is being conducted in cooperation with law enforcement authorities. This is a standard practice in cybersecurity incidents to identify the perpetrators and gather evidence.
Cybersecurity incidents like these can have significant financial and reputational impacts on organizations, especially in the hospitality and entertainment industries. MGM Resorts’ response and cooperation with law enforcement are essential steps in addressing and mitigating the effects of the cyberattack.
MGM Resorts Cyberattack Looks Like Ransomware
It’s clear from experts’ assessments that the disruption experienced by MGM Resorts bears strong indications of a ransomware cyberattack. Here are some key points from their observations:
Nature of the Attack: Experts are noting that the widespread outages and disruptions align closely with the characteristics of a ransomware attack. Ransomware attacks typically involve the encryption of data or systems, followed by a demand for a ransom in exchange for a decryption key.
Scope of Impact: The breadth of affected systems and services suggests a coordinated effort to disrupt operations, which is a common objective in ransomware attacks where attackers aim to disrupt and paralyze an organization’s operations until a ransom is paid.
Alternative Possibilities: While ransomware is the leading theory, experts acknowledge that other possibilities, such as a distributed denial-of-service (DDoS) attack or the involvement of an advanced persistent threat (APT) group, cannot be ruled out entirely at this early stage of the investigation.
Casino Industry as a Target: The experts highlight that casinos are attractive targets for cybercriminals due to the substantial wealth and vast volumes of personal and financial data they hold. Casinos are highly motivated to minimize operational downtime, making them more likely to consider paying a ransom to restore services quickly.
Lateral Movement and Data Exposure: The attackers appear to have gained significant access and control over interconnected systems within MGM Resorts, affecting various aspects of the business, from electronic room keys to rewards programs.
This suggests that the attackers may have compromised a core application or system, allowing for the lateral movement seen in the attack. The targeting of the rewards program is particularly concerning, as it could provide threat actors with a vast amount of sensitive customer data.
As the investigation into the cyberattack continues, it will be essential for MGM Resorts to work closely with cybersecurity experts and law enforcement to identify the exact nature of the attack, the extent of data exposure, and to take appropriate measures to restore normal operations and secure their systems against future attacks.
Insider Threat Suspected
The theory of compromised user accounts leading to the MGM Resorts breach aligns with the historical patterns observed in cyberattacks targeting casinos. Here are some insights from cybersecurity experts:
Insider Threat Possibility: Zane Bond, the head of product at Keeper Security, points out that many successful casino attacks in the past have been linked to insider threats. This suggests that an individual or group with access and knowledge of the organization’s systems could have played a role in the attack.
The fact that the breach affected multiple cities indicates that it could be a significant incident that spread from within.
Potential Ransom Payment: Fergal Lyons, a cybersecurity evangelist with Centripetal, speculates that given MGM Resorts’ ongoing struggle to recover from the cyber incident, it may become increasingly likely that they will pay the ransom demand.
This is not uncommon in the casino industry, as cybercriminals have found ransomware attacks to be profitable, especially when targeting organizations with a low tolerance for operational downtime.
Challenges for MGM Resorts Security Teams: Joseph Carson, chief security scientist and advisory CISO at Delinea, highlights the challenges faced by MGM Resorts’ IT and security teams. Dealing with a significant cyber incident like this is a complex and high-pressure situation.
Having a well-prepared incident response plan is crucial in such scenarios, and the security teams must be equipped to handle the incident effectively.
Cyberattacks, especially those involving ransomware, can be disruptive and financially damaging to organizations. MGM Resorts’ response to this incident, including its approach to recovery and cybersecurity measures, will be closely watched, and it underscores the importance of robust cybersecurity practices and incident preparedness in today’s digital landscape.
