In the wake of a cyberattack that forced MGM Resorts to shut down systems across all of its properties, the company continues to suffer from widespread outages. The majority of MGM's internal networks were shut down for most of Sunday, the evening before the Grand Opening of its Las Vegas Strip hotels and casinos such as the Bellagio, Aria and Cosmopolitan.
Due to this technical failure, ATMs and slot machines throughout the company's hotels and casinos experienced widespread disruptions, and guests have reported issues with their room digital key cards and electronic payment systems, as well as the electronic payment systems in the casinos.
“MGM is an enormous company, but there are countless cases where small and medium-sized businesses are victimized by ransomware every week and it does not usually make the headlines,” says Alex Hammerstone, who is an advisory solutions director at TrustedSec, a cybersecurity firm based in Ohio.
According to the company on Monday, a "cybersecurity issue" had affected some of its systems and was forcing the company to shut down some of its systems, which were owned by MGM, which has over two dozen hotels and casinos around the world and an online sports betting arm as well. Several reports indicated that everything from hotel room keys to slot machines did not work for the next several days.
A number of the properties of the company were also taken offline for a while, including their websites.
There was a lot of confusion among guests when the company went into manual mode to remain as functional as possible as the company moved from an electronic system to a manual system as it struggled to keep up with demand. There was no response received from MGM Resorts to a request for comment, and no vague references were made to a "cybersecurity issue" on Twitter/X to reassure guests that the company was working to resolve it and that there would be no interruption to the resorts.
MGM Breach Claimed by Scattered Spider
A group called Scattered Spider is thought to have been involved in the MGM breach, and they reportedly used ransomware developed by ALPHV, or BlackCat, a ransomware-as-a-service operation known as ransomware-as-a-service.
The Scattered Spider attack is the result of social engineering, where attackers impersonate people and organizations that have a relationship with the victim and attempt to manipulate them into performing certain actions.
The hackers are particularly adept at "vishing," which is convincingly gaining access to systems through phone calls instead of the more traditional phishing, which is conducted through emails.
Black-hat actors such as ALPHV have become extremely well-known in the cybersecurity industry as they have been credited with damaging attacks on companies such as Reddit and Western Digital, among others, in recent times.
CISA, an American cyber security agency, issued an alert on ALPHV in April 2022 based on information found in a Flash report released by the FBI, noting that the criminal group had "compromised at least 60 entities across the globe.
There has been no public description of the nature of the security breach by either MGM or the FBI, and MGM has not responded to Forbes' multiple requests for comments about the breach.
During the investigation, the FBI confirmed that they were involved.
It is believed that the members of the scattered spider are between the ages of 18 and 20, they may be based in Europe or possibly in the United States, and they may have fluency in English, so their vishing attempts are much more convincing than, for example, a phone call from someone with a Russian accent and only a basic understanding of the language.
The hacker appears to have obtained the personal information of one of the employees on LinkedIn and posed as them in an attempt to impersonate them to obtain credentials from MGM's IT support desk so they could access and infect the systems.
In a financial newspaper report, someone claiming to be a representative of the group said the group had stolen and encrypted MGM's data along with requesting money in crypto to be released. This was the backup plan; initially, the group planned to hack the company's slots, but they were unable to accomplish this goal, according to the company representative.
Cybersecurity experts say that VX-Underground may be a trustworthy source for the attack even though ALPHV's responsibility has not been verified.
As reported by VX-underground, Scatter Spider used social engineering as a means of compromising MGM, as the hackers allegedly found an employee on LinkedIn and called their help desk to gain access to the account.
As a result of the hacking techniques of Scattered Spider, employees have been tricked into granting hackers access to large corporate networks through social engineering tactics. There are reportedly young adults and teenagers among the members of the transatlantic hacking group as well as similar hacking and extortion groups like Lapsus$, who resemble similar groups in terms of their activities.
A spokesperson for the FBI, who declined to be identified, confirmed the investigation into the MGM cyberattack was in progress, but would be unable to provide more information at this time.
Cyberattack victims and individuals facing extortion have long been advised by US authorities not to pay ransom in the event of cybercrime.