The Slots Fall Silent

The MGM company’s casinos and hotels have experienced severe IT web outage and disruption, with financial impacts of the outage expected to be significant. MGM Resorts International reported a "cyber security issue" on 11th September, which has affected its hospitality, gaming and entertainment properties across the US and MGM. 

This resulted in a shut down a number of its computer systems including its website in response to a “cybersecurity issue,” the company said in a social media post 

The initial shutdown impacted nearly every aspect of the casino operator’s business. Everything from slot machines, room keys, ATMs and reservations have been affected.

Employees are currently unable to access their company emails and almost a week later it remains unclear when systems will be back online.

According to reports, the same hackers who breached MGM have also attacked another leading casino operator, Caesars Entertainment, breaking into their systems as well as those of three other non-gaming companies. David Bradbury, chief security officer of the identity management company Okta, told reporters that five of the company's clients, including MGM and Caesars, had fallen victim to hacking groups known as ALPHV and Scattered Spider since August.

Multiple MGM sites have been affected including the MGM Grand Detroit, MGM Northfield Park in Ohio, Empire City Casino in NYC, Beau Rivage in Mississippi, Borgata in Atlantic City and MGM Springfield in Massachusetts. Reservation systems, booking systems, online reservations, and in-casino services, like ATMs, slot machines, and credit card machines, hotel electronic key card systems, and the casino floors were all apparently impacted by the outage. 

ALPHV Claim Responsibility

In an unprecedented development, ransomware group ALPHV has publicly claimed responsibility for the MGM Resorts attack, publishing a statement on their Dark Web website. ALPHV warned MGM of further attacks if it didn't strike a deal. It's unclear how much ransom ALPHV has demanded.

Now, the cybersecurity company Check Point have produced a blog detailing up to date stats on the group including the geographical spread of their victims and the sectors they target.

Threat intelligence group manager at Check Point Research Sergey Shykevich observed: “This incident is yet more proof of the growing trend of ransomware attackers focusing on data extortion and targeting of non-windows operating systems. The model of ransomware as a service (RaaS) continues to be very successful, combining strong technological infrastructure for the attacks, with savvy and sophisticated affiliates that find the way to penetrate major corporations."

The resort owner issued a further statement, saying it recently identified an issue "affecting some of the company's systems.. Promptly after detecting the issue, we quickly began an investigation with assistance from leading external cyber security experts...  Our investigation is ongoing, and we are working diligently to determine the nature and scope of the matter."

Casino industry site Vital Vegas said the attack was "devastating" because "MGM Resorts has about 48,000 rooms on The Strip."

According to Okta, a different hacking gang alternately known as known as UNC3944 or Scattered Spider appears to have worked with ALPHV on the latest hacks "Think of them more as business associates or affiliates," David Bradbury said. Mandiant  has described UNC3944, as one of the most disruptive hacking groups in the United States

Guests at some other Las Vegas locations, which include Aria, Bellagio, Luxor and Mandalay Bay took to social media to report continued disruptions affecting ATM and credit card machines, digital room keys, slot machines, and other electronics systems.

CNBC:    CheckPoint:     MGMResorts:   NBC:    Regsiter:    ITPro:    Mirror:   Bleeping Computer

USA Today:     Reuters:     Mandiant

Image: Cottonboro Studio

You Might Also Read: 

The Intercontinental Hotels Group was ‘Hacked for Fun!’:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible



 

« Another British Police Force Leaks Confidential Data
Dealing With Security Incidents In The Enterprise Sector  »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

American International Group (AIG)

American International Group (AIG)

AIG, is an American multinational insurance corporation. Commercial services include cyber risk insurance.

OPSWAT

OPSWAT

OPSWAT is a software company that provides solutions to secure and manage IT infrastructure.

Japan Information Security Audit Association (JASA)

Japan Information Security Audit Association (JASA)

JASA is non-profit association active in developing and managing the quality of Information Security Auditing and Auditors in Japan.

Innovative Solutions (IS)

Innovative Solutions (IS)

Innovative Solutions is a specialized professional services company delivering Information Security products and solutions for Saudi Arabia and the Gulf region.

Sweepatic

Sweepatic

The Sweepatic reconnaissance platform discovers and analyses all internet facing assets and their exposure to risk.

IdentityIQ

IdentityIQ

IdentityIQ is a US-based identity theft and credit protection company designed to help users stay on top identity thieves and data breaches.

Nordic Cyber Summit

Nordic Cyber Summit

Nordic Cyber Security Summit addresses a wide range of technological issues from the IT Security spectrum and also provides a wider perspective from all aspects of the industry.

CertiPath

CertiPath

CertiPath create products and services that ensure the highest levels of validation for digital identities that attempt to access customers’ networks.

CYBRScore

CYBRScore

CYBRScore is a premium, performance-based cyber skills training and assessment provider that quantifies a user’s ability to defend a network.

Elemental Cyber Security

Elemental Cyber Security

Elemental is a game changing cyber security compliance automation and enforcement technology provider.

Gluu

Gluu

Modern Authentication for Digital Enterprise. Organizations around the world trust Gluu for large-scale, high-security identity & access management.

NanoVMs

NanoVMs

NanoVMs is the industry's only unikernel platform available today. NanoVMs runs your applications as secure, isolated virtual machines faster than bare metal installs.

Triaxiom Security

Triaxiom Security

Triaxiom Security offers penetration testing, security audits, and strategic consulting customized to meet your needs.

Concourse Labs

Concourse Labs

Concourse Labs Security Guardrails continuously verify cloud infrastructure and workloads. Continuously assess clouds for security, resiliency, and regulatory compliance.

Ampsight

Ampsight

Ampsight specializes in enabling cloud integration, securing data, and navigating complications that drive critical-mission success.