On September 11, 2023, MGM Resorts International, a renowned premium destination resort brand in the United States, fell victim to a ransomware attack.
The luxury hospitality company, with operations spanning Las Vegas, Massachusetts, Michigan, Mississippi, Maryland, Ohio, and New Jersey, confirmed the MGM Resorts cyber attack, which necessitated the shutdown of specific systems.
The cyber attack on MGM Resorts has been linked to the ransomware group ALPHV, also known as Blackcat.
Currently, there is no clarity on the ransom amount demanded by the hackers, and the extent of data exfiltration in the attack has not been publicly disclosed.
What’s particularly astounding about the MGM Resorts cyber attack is the simplicity of the hackers’ entry. Reportedly, in just a brief 10-minute conversation, using basic techniques, they managed to breach a company valued at over $30 billion.
MGM Resorts Cyber Attack Explained
After news of the MGM Resorts cyber attack emerged, Twitter was inundated with concerned customers seeking information about their hotel reservations and casino access. The impact of the MGM Resorts cyber attack was most keenly felt by customers in Las Vegas.
Users took to social media expressing concerns over failed access to the gambling machines at MGM Resorts. Making reservations, and using the digital room keys were also among the issues faced by customers, after the MGM cyber attack.
In an update posted on September 12, the global resort giant announced that the majority of its facilities had returned to normal operations.
This included the restoration of resorts, dining establishments, entertainment venues, and gaming facilities.
However, the impact on ATMs left guests searching for alternative options. Additionally, it was reported that all 31 MGM resort websites and the company’s mobile reward app remained inaccessible.
“Our guests remain able to access their hotel rooms and our Front Desk staff is ready to assist our guests as needed,” offering the much needed relief to affected guests of MGM Resorts.
How ALPHV Conducted the MGM Resorts Ransomware Attack
The cyberattack on MGM Resorts, also known as the Las Vegas cyber attack, has been linked to the ALPHV ransomware group.
VX-Underground, a platform hosting a vast repository of malware samples, among other content, posted a tweet regarding the MGM security breach.
It read, “All ALPHV ransomware group did to compromise MGM Resorts was hop on LinkedIn, find an employee, then call the Help Desk,” suggesting the possibility of it being the modus operandi of ALPHV gang.
If true, the tweet sheds light on how the ransomware group possibly gained access to the MGM Resorts systems that disrupted most of its facilities for over a day.
The hackers likely posed as an employee of MGM Resorts and called the help desk of MGM for access-related information.
The hackers took to the LinkedIn page of the hospitality and resorts company to find an employee’s data that they could easily exploit to convince the help desk that they were an employee of the company.
“A company valued at $33,900,000,000 was defeated by a 10-minute conversation,” VX-Underground concluded.
It is not clear whether the call made by ALHV group members lasted for 10 minutes however, if so, this seems like an attack mechanism that needs immediate attention of company employees.
Twitterati Express Concerns Over MGM Resorts Cyber Attack
Numerous news agencies, users, and cybersecurity experts voiced their apprehensions and sought information regarding the ransomware attack on MGM Resorts.
In response to a user’s query about potential ransom payment, VX-Underground indicated that it was improbable for the company to entertain such a possibility.
Addressing to the malicious skill set of the hackers, VX-Underground wrote, “This particular subgroup of ALPHV ransomware has established a reputation of being remarkably gifted at social engineering for initial access.”
Responding to the social engineering attack claims on MGM Resorts a user asked if the company missed putting in place mechanisms for security clearance and checks for those impersonating an employee.
A retired employee of the National Security Agency of the US, Cyber Omniscience reacted to the social engineering claims on Twitter.
They wrote, “ALPHV has demonstrated a higher level of sophistication with the new capabilities of their Sphinx variant. They are very adept at social engineering for access so this isn’t a complete surprise.”
A user was found noting that the ransomware attack on MGM may delay crediting the salary to the employees.
The resort, Caesar’s Palace in Las Vegas was rumored to have been subjected to a ransomware attack owing to which the company paid $30 million to ‘avoid the problems MGM is experiencing,’ Cybernews reported.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
