MGM Has Suffered One of the WORST Cyber Attacks in History
One of the worst cyberattacks in history has targeted multi-billion dollar corporation ‘MGM Resorts International,’ resulting in the breach of millions upon millions of customers' personal and financial information. The ransomware group responsible, “Scattered Spider”, used hacking tools created and provided by the notorious ‘BlackCat’ ransomware group to carry out the attack causing significant operational disruptions at MGM Resorts, forcing the corporation to shut down its IT systems. In an announcement made by the BlackCat ransomware group, they claimed responsibility for infiltrating MGM's infrastructure over the last few days, encrypting over 100 ESXi hypervisors after MGM brought down its internal infrastructure.
To add credibility to the claim, a well-known malware repository called “vx-underground” posted on X (formally known as Twitter) about the ransom gang that was able to breach MGM allegedly through a social engineering attack.
“All ALPHV ransomware group did to compromise MGM Resorts was hop on LinkedIn, find an employee, then call the Help Desk. A company valued at $33,900,000,000 was defeated by a 10-minute conversation,” the post said.
The Threat actors have reportedly said that they successfully stole data from the network and maintain access to some of MGM’s digital infrastructure, threatening to deploy new attacks unless MGM finally agrees to pay a ransom.
According to the hackers, MGM's response to the breach was to disconnect their Okta Sync servers, after discovering that the BlackCat/ALPHV group had been monitoring their Okta Agent servers. Nevertheless, the hackers claimed that they still maintained a presence on the MGM network, despite the shutdown of the Okta servers.
Virtualisation has become increasingly popular amongst major organisations over the last decade, resulting in a shift of their technology from bare metal machines to virtualised servers. Nick Hyatt, the cyber practice leader at Optiv, has explained that by applying encryption to ESXi servers, cyber attackers can severely impair functionality. Encrypting the host server would effectively disable all of the virtualised servers at once.
“This is not a new tactic, but it’s efficient,” said Hyatt. “As we see threat actor groups like this focus more on efficiency and payouts rather than causing carnage, organisations must rely on defense-in-depth and ensuring mission-critical applications are protected by multiple layers of defense and redundancy. It’s an expensive problem, but in the long run results in a more secure environment.”
What now for MGM?
Since last Monday, all 31 MGM resorts, including 12 situated on the Las Vegas strip, have experienced a website outage, along with the company's mobile rewards application. Consequently, front desk personnel have been scrambling to appease disgruntled guests who have been incessantly ranting on social media throughout the situation.
David Mound, who is a Senior Penetration Tester at SecurityScorecard, has stated that one of the particularly worrisome elements of the attack was the tampering with the casino's slot machines.
“Slot machines are usually on a segregated network, so it's not clear if they were taken down as a precaution or if somehow the attackers have managed to traverse across into it”, Mound said. “This really drives home the point that cyber attacks can throw a wrench into the most crucial parts of a business, potentially causing massive financial setbacks."
By Monday night, MGM announced that amenities like dining, entertainment, and gaming were functioning. However, the situation on Tuesday evening was drastically different at the MGM Bellagio, with queues at the front desk backing up for hours by 7 p.m. CT.
Posted in X (formerly known as Twitter) by user “JacobsVegasLife”
The app that MGM rewards members use to make reservations, gives access to digital keys for room unlocking, booking entertainment, reserving pool cabanas, and browsing dining options, which is currently not operational affecting an unknown amount of guests that were relying on the application.
"MGM Rewards is undergoing maintenance and digital keys are currently unavailable. Please see the front desk for assistance," the app states.
Know Your Cybersecurity
The data breach has had a substantial adverse effect on MGM's business and credibility, resulting in a decline in the company's stock prices. This recent cyberattack on MGM serves as a stark reminder of the importance of robust cybersecurity measures. As organisations increasingly rely on technology to store and process sensitive information, they must take steps to protect themselves against cyber threats. This includes implementing strong security protocols, training employees on best practices, and regularly testing and updating their defences.
Your Security is our Priority
Your friendly Support Team
Speak to us about all your computer needs
This is Part of our Cyber Security awareness educational campaign. Through this training, you will learn awareness and key principles, and best practices to protect yourself, your organisation, and the public from cyber attackers. You will also be equipped with the knowledge to identify potential threats and take action before any damage can occur.