The Slots Fall Silent

The MGM company’s casinos and hotels have experienced severe IT web outage and disruption, with financial impacts of the outage expected to be significant. MGM Resorts International reported a "cyber security issue" on 11th September, which has affected its hospitality, gaming and entertainment properties across the US and MGM. 

This resulted in a shut down a number of its computer systems including its website in response to a “cybersecurity issue,” the company said in a social media post 

The initial shutdown impacted nearly every aspect of the casino operator’s business. Everything from slot machines, room keys, ATMs and reservations have been affected.

Employees are currently unable to access their company emails and almost a week later it remains unclear when systems will be back online.

According to reports, the same hackers who breached MGM have also attacked another leading casino operator, Caesars Entertainment, breaking into their systems as well as those of three other non-gaming companies. David Bradbury, chief security officer of the identity management company Okta, told reporters that five of the company's clients, including MGM and Caesars, had fallen victim to hacking groups known as ALPHV and Scattered Spider since August.

Multiple MGM sites have been affected including the MGM Grand Detroit, MGM Northfield Park in Ohio, Empire City Casino in NYC, Beau Rivage in Mississippi, Borgata in Atlantic City and MGM Springfield in Massachusetts. Reservation systems, booking systems, online reservations, and in-casino services, like ATMs, slot machines, and credit card machines, hotel electronic key card systems, and the casino floors were all apparently impacted by the outage. 

ALPHV Claim Responsibility

In an unprecedented development, ransomware group ALPHV has publicly claimed responsibility for the MGM Resorts attack, publishing a statement on their Dark Web website. ALPHV warned MGM of further attacks if it didn't strike a deal. It's unclear how much ransom ALPHV has demanded.

Now, the cybersecurity company Check Point have produced a blog detailing up to date stats on the group including the geographical spread of their victims and the sectors they target.

Threat intelligence group manager at Check Point Research Sergey Shykevich observed: “This incident is yet more proof of the growing trend of ransomware attackers focusing on data extortion and targeting of non-windows operating systems. The model of ransomware as a service (RaaS) continues to be very successful, combining strong technological infrastructure for the attacks, with savvy and sophisticated affiliates that find the way to penetrate major corporations."

The resort owner issued a further statement, saying it recently identified an issue "affecting some of the company's systems.. Promptly after detecting the issue, we quickly began an investigation with assistance from leading external cyber security experts...  Our investigation is ongoing, and we are working diligently to determine the nature and scope of the matter."

Casino industry site Vital Vegas said the attack was "devastating" because "MGM Resorts has about 48,000 rooms on The Strip."

According to Okta, a different hacking gang alternately known as known as UNC3944 or Scattered Spider appears to have worked with ALPHV on the latest hacks "Think of them more as business associates or affiliates," David Bradbury said. Mandiant  has described UNC3944, as one of the most disruptive hacking groups in the United States

Guests at some other Las Vegas locations, which include Aria, Bellagio, Luxor and Mandalay Bay took to social media to report continued disruptions affecting ATM and credit card machines, digital room keys, slot machines, and other electronics systems.

CNBC:    CheckPoint:     MGMResorts:   NBC:    Regsiter:    ITPro:    Mirror:   Bleeping Computer

USA Today:     Reuters:     Mandiant

Image: Cottonboro Studio

You Might Also Read: 

The Intercontinental Hotels Group was ‘Hacked for Fun!’:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible



 

« Another British Police Force Leaks Confidential Data
Dealing With Security Incidents In The Enterprise Sector  »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Cloudera

Cloudera

Cloudera provide the world’s fastest, easiest, and most secure data platform built on Hadoop.

Deltagon

Deltagon

Deltagon develops information security solutions to protect companies’ confidential information in e-communication and e-services.

SecuTech Solutions

SecuTech Solutions

SecuTech is a global leader in providing strong authentication and software licensing management solutions.

Medigate

Medigate

Medigate is a dedicated medical device security platform protecting all of the connected medical devices on health care provider networks.

Procilon Group

Procilon Group

Procilon Group specialize in the development of cryptographic software as well as strategic advice on information security and data protection.

Trusted Objects

Trusted Objects

Trusted Object's mission is to provide state of the art security solutions and services enabling a strong root of trust for the IoT ecosystem.

MagicCube

MagicCube

MagicCube is a device independent IoT security platform that protects against on-device, cloud, and network attacks.

Asia Data Destruction (ADD)

Asia Data Destruction (ADD)

ADD is the leading IT Assets Disposal and Data Destruction Company in Thailand.

iSecurity Consulting

iSecurity Consulting

iSecurity delivers a complete lifecycle of digital protection services across the globe for public and private sector clients.

Trail of Bits

Trail of Bits

Trail of Bits combine high-end security research with a real-world attacker mentality to reduce risk and fortify code.

Sentinel

Sentinel

Sentinel works with governments, media and defence agencies to help protect democracies from disinformation campaigns by developing a state-of-the-art AI detection platform.

Atlantic Data Security

Atlantic Data Security

Atlantic Data Security is skilled in the analysis, recommendation, deployment, and management of all critical components of the security infrastructure.

Obsidian Security

Obsidian Security

Protect your business-critical applications by mitigating threats and reducing risk with Obsidian, the first truly comprehensive security solution for SaaS.

CaseMatrix

CaseMatrix

Discover a new era of legal intelligence with CaseMatrix. We identify potential class action cases arising from cyber incidents and data breaches.

Databarracks

Databarracks

Databarracks deliver award winning IT resilience and continuity services. We help organisations get the most out of the cloud and protect their data, wherever it lives.

Liberty Technology

Liberty Technology

Liberty Technology has a host of highly trained, certified experts who assist our clients with immediate remote support as well as on-site service.