DEVELOPING STORY. SCROLL DOWN FOR MORE.
$52 million in lost revenues and counting, a cyber attack on MGM Resorts International, a $14 billion Las Vegas gaming empire with Hollywood-famous hotel spreads like the Bellagio, Cosmopolitan, Excalibur, Luxor, and the MGM Grand itself, had the house brought down by a perfect example of vishing…a 10-minute phone call.
Gamblers could not gamble. Guests could not access rooms. Lights went out. Panic set in. The attack led to hours of delays in guest check-ins and affected electronic payments, key cards, thousands of slot machines, ATMs, parking, and other systems.
A malware research group called VX-Underground claimed that the ransomware-as-a-service group “ALPHV” (a.k.a. BlackCat) was responsible for the attack. An earlier Reuters story on 9/13 initially reported “Scattered Spider” (a group of kids operating in the U.S. and UK), as the perpetrator.
What happened? Social engineering happened.
A member of the criminal group used the identity of an MGM employee found easily on LinkedIn, called the MGM help desk and asked for a password change. The IT person working on the help desk happily complied, and the hacker went into business, leaving no chips on the table.
ALPHV has a history of targeting other entities like Reddit and Western Digital. While MGM and the FBI have not provided details about the breach, cybersecurity experts consider VX-Underground, the group that claimed ALPHV did the deed, a reliable source.
The financial implications for MGM will be significant. Its Las Vegas Strip properties generate over $13 million per day in revenue from hotel rooms and casinos alone. The rating agency Moody's warned the breach could negatively impact MGM's credit rating.
While MGM has not yet publicly acknowledged receiving a ransom demand, they are collaborating with the FBI and cybersecurity experts to investigate the breach and restore affected systems.
Paying ransoms to cyber attackers does not guarantee recovery of encrypted data. The FBI advises against making such payments to extortionists for fear of encouraging further attacks.
The most effective approach to safeguarding organizations against ransomware attacks? A long list of best practices that entails implementing security measures like phishing-resistant MFA, data encryption, and frequent employee security awareness training with monthly phishing security tests.
By prioritizing these measures, organizations can enhance their resilience against ransomware attacks and avoid potential business interruption, loss of reputation and customer confidence, and millions in damages.
RELATED POST: MGM Suffers Ransomware Attack that Started with a Simple Helpdesk Call: https://blog.knowbe4.com/mgm-suffers-ransomware-attack-that-started-with-a-simple-helpdesk-call
UPDATE SEPT 19, 2023:
Hackers who breached casino giants MGM, Caesars also hit 3 other firms, Okta stated: Hackers who breached casino giants MGM Resorts International and Caesars Entertainment in recent weeks also broke into the systems of three other companies in the manufacturing, retail, and technology space, a security executive familiar with the matter said.
David Bradbury, chief security officer of the identity management company Okta, said five of the company's clients, including MGM and Caesars, had fallen victim to hacking groups known as ALPHV and Scattered Spider since August.
In an interview with Reuters, Bradbury didn't name the other companies, but said Okta was cooperating with official investigations into the breaches.