Global fintech and funding innovation ecosystem

MGM Resorts Faces Major Ransomware Attack in Las Vegas

Cybersecurity | Sep 18, 2023

Unsplash David Vives MGM Grand - MGM Resorts Faces Major Ransomware Attack in Las Vegas

Image: Unsplash/David Vives

MGM Resorts fell victim to a debilitating ransomware attack. The impact was widespread, affecting several of its properties, notably the iconic MGM Grand and Bellagio casinos in Las Vegas.

The recent cybersecurity breach at MGM Resorts has sent shockwaves throughout the industry, raising concerns about the vulnerability of even the most fortified systems.

The Incident and Perpetrators

  • MGM Resorts, one of the largest casino owners in Las Vegas, fell victim to a significant cybersecurity attack.  The first signs of the attack emerged on a Sunday evening, with guests experiencing difficulties accessing their rooms due to disabled mobile apps and digital key cards. The ramifications extended to ATMs, cashier offices, parking systems, and even slot machines.
  • While the recovery process has been arduous, with MGM's digital platforms still facing issues days after the attack, the perpetrators remain a topic of debate. A group named ALPHV has claimed responsibility, citing a targeted approach via LinkedIn. However, another faction, Scattered Spiders, is also under suspicion.
  • Videos circulated on social media showed video slot machines that had gone dark, and some customers reported that their hotel room cards weren't functioning. By the following Friday, booking capabilities were still down, with MGM Resorts offering penalty-free room cancellations through September 17th.

See:  Small Businesses Incur Greatest Loss of Cyber Attacks | 67% Suffer Repeat Attacks Within 12 Months

  • Among the affected was FTC Chairwoman Lina Khan, who, along with about 45 other guests, had to manually write down their credit card information when checking into the MGM Grand Hotel due to the reservation system's shutdown. This incident raised concerns about the protection of consumer data, especially when such high-profile individuals are involved.

Implications and Response

  • The MGM breach wasn't an isolated incident. By the following Thursday, Caesars Entertainment, the world's largest casino owner, confirmed it too had been hit by a cybersecurity attack.
  • While MGM Resorts' systems were still down, Caesars reported that its casino and hotel computer operations weren't disrupted. However, the company couldn't confirm the security of personal information of its vast customer base following the data breach. This series of attacks has shattered the public perception that casino security is impenetrable, requiring an "Oceans 11"-level effort to defeat.
  • The financial impact can be calculated based on lost revenue and increased costs - one report calculates approximately $650k lost per hour.
  • The nature and scope of the attack might indicate significant issues in the company's control system.  Concerns include how so many systems were vulnerable to a single attack, potential failures in authentication procedures, and the inadequacy of backup systems and business continuity plans.
  • The MGM incident has sparked discussions on the materiality of such breaches. From a quantitative standpoint, businesses need to evaluate the financial repercussions, considering lost revenues and additional costs. On the qualitative front, the nature and extent of the attack can indicate significant systemic issues that stakeholders should be made aware of.
  • While the Securities and Exchange Commission's (SEC) new rules on cybersecurity attack disclosures were not applicable to this incident, they are set to be enforced by year-end, making this event all the more significant.

Lessons for the Future

The recent cyberattacks on MGM Resorts and Caesars Entertainment highlight the evolving challenges in the realm of cybersecurity. As technology continues to advance, so do the tactics and strategies of cybercriminals. The hospitality industry, with its vast troves of personal and financial data, remains a prime target. It's imperative for businesses to continually update and fortify their cybersecurity measures, ensuring the safety and trust of their patrons.

See:  Zurich CEO: Cyber Attacks May Become ‘Uninsurable’

  • The interconnectedness of modern systems and the risks associated with a single point of failure.
  • The importance of stringent authentication procedures to prevent social engineering attacks.
  • The critical role of backup systems and business continuity plans in ensuring operational resilience.

The incident emphasizes the need for businesses to adopt a proactive approach to cybersecurity, continually evaluating and updating their measures in line with evolving threats.


NCFA Jan 2018 resize - MGM Resorts Faces Major Ransomware Attack in Las VegasThe National Crowdfunding & Fintech Association (NCFA Canada) is a financial innovation ecosystem that provides education, market intelligence, industry stewardship, networking and funding opportunities and services to thousands of community members and works closely with industry, government, partners and affiliates to create a vibrant and innovative fintech and funding industry in Canada. Decentralized and distributed, NCFA is engaged with global stakeholders and helps incubate projects and investment in fintech, alternative finance, crowdfunding, peer-to-peer finance, payments, digital assets and tokens, artificial intelligence, blockchain, cryptocurrency, regtech, and insurtech sectors. Join Canada's Fintech & Funding Community today FREE! Or become a contributing member and get perks. For more information, please visit: www.ncfacanada.org

Latest news - MGM Resorts Faces Major Ransomware Attack in Las VegasFF Logo 400 v3 - MGM Resorts Faces Major Ransomware Attack in Las Vegascommunity social impact - MGM Resorts Faces Major Ransomware Attack in Las Vegas

Support NCFA by Following us on Twitter!







NCFA Sign up for our newsletter - MGM Resorts Faces Major Ransomware Attack in Las Vegas




 

Leave a Reply

Your email address will not be published. Required fields are marked *

nine + twenty =