MGM
MGM

MGM grand cyberattack allegedly caused by 10-minute phone call

What To Know

  • According to their findings, ALPHV successfully infiltrated the systems of MGM Resorts International within a mere ten-minute timeframe, resulting in the disruption of operations across the entirety of the company’s establishments throughout the United States.
  • An ongoing investigation seeks to ascertain the full extent of the cyberattack, which, according to an MGM spokesperson cited by AP News, impacted not only Las Vegas reservation systems and casino floors but also extended to various other locations, encompassing Maryland, Massachusetts, Michigan, Mississippi, New Jersey, New York, and Ohio.
  • In a notable incident in 2017, hackers exploited a fish tank’s sensors, which were linked to an internal PC responsible for regulating temperature, food, and cleanliness, to breach a North American casino.
  • Although the specific casino’s identity and the nature of the stolen data were not disclosed, The Washington Post reported that the hackers transmitted 10 gigabytes of data to a device in Finland.

The cyber intrusion that led to the temporary shutdown of MGM Grand casinos on Monday has been attributed to the ransomware collective known as ALPHV, also operating under the alias “BlackCat.” This revelation comes from a report published by the malware repository, vx-underground.

According to their findings, ALPHV successfully infiltrated the systems of MGM Resorts International within a mere ten-minute timeframe, resulting in the disruption of operations across the entirety of the company’s establishments throughout the United States.

The modus operandi of the ransomware group is reported to have been strikingly uncomplicated, as detailed by vx-underground. Their tweet read, “All that the ALPHV ransomware group needed to breach MGM Resorts was to peruse LinkedIn, identify an employee, and subsequently engage in a telephone conversation with the Help Desk.”

This strikingly brief interaction with a corporate entity boasting a valuation of $33.9 billion culminated in a breach of its security defenses, a fact that vx-underground underscored with the remark, “A company of such immense worth was compromised through a mere ten-minute dialogue.”

Vx-underground opined that MGM Grand has thus far resisted the extortion demands of the ransomware syndicate, asserting, “In our assessment, MGM is unlikely to acquiesce to these demands.”

Hackers claim it only took a 10-minute phone call to shut down MGM Resorts

Responding to the outage reports, MGM Grand issued a statement on Monday via Twitter, assuring the public that immediate measures had been undertaken to fortify their systems. An ongoing investigation seeks to ascertain the full extent of the cyberattack, which, according to an MGM spokesperson cited by AP News, impacted not only Las Vegas reservation systems and casino floors but also extended to various other locations, encompassing Maryland, Massachusetts, Michigan, Mississippi, New Jersey, New York, and Ohio.

The Federal Bureau of Investigation (FBI) is closely monitoring the situation, affirming in a statement to the media that the incident remains an active matter. MGM Resorts, in a statement released on Monday night, informed the public that their dining, entertainment, and gaming facilities remain operational, and guests can access their hotel accommodations despite earlier reports of hotel key card malfunctions.

The repercussions of the cybersecurity breach were far-reaching, causing delays for patrons attempting to check in, triggering error messages on slot machines, disabling paid parking systems, and rendering the company’s website inaccessible.

As of Wednesday, the website continues to display an error message, and the MGM booking portal remains offline, advising customers to direct their inquiries to the customer support team. The site reassures affected customers, stating, “Our dedicated teams are diligently working to restore full functionality, and we will keep you updated on our progress.”

David Kennedy, the CEO of the cybersecurity firm TrustedSec, expressed minimal surprise at the MGM hack, remarking, “Casinos are currently prime targets.” He further noted that he had responded to numerous cyberattacks on casinos in recent times.

Brett Callow, a threat analyst at Emsisoft, a cybersecurity company, identified casinos as conspicuous candidates for ransomware operators due to their substantial financial resources and the high costs associated with downtime. Callow commented, “Their willingness to pay may be higher given the financial stakes involved.”

The FBI has issued warnings to both brick-and-mortar and online casinos regarding the escalating threat of cyberattacks, which have afflicted several casinos in recent years. In a notable incident in 2017, hackers exploited a fish tank’s sensors, which were linked to an internal PC responsible for regulating temperature, food, and cleanliness, to breach a North American casino.

Although the specific casino’s identity and the nature of the stolen data were not disclosed, The Washington Post reported that the hackers transmitted 10 gigabytes of data to a device in Finland.

MGM Resorts faced a similar breach in 2019, resulting in the exposure of data and information belonging to approximately 10.6 million customers. Additionally, earlier this month, the North Korean hacking group known as Lazarus executed a virtual currency heist, pilfering $41 million from the online casino and betting platform, Stake.com.