MGM Resorts International, one of the largest casino operators in the world, faced a major cyberattack that disrupted its operations and affected its customers for several days. The attack, which started on September 12, 2023, targeted the company’s internal networks and systems, causing them to shut down as a precautionary measure. The hackers behind the attack claimed to be a group known as Scattered Spider, which specializes in social engineering and ransomware.
What is social engineering and ransomware?
Social engineering is a technique that hackers use to manipulate people into performing certain actions or revealing sensitive information, such as passwords or access codes. Hackers often impersonate someone or something that the victim trusts, such as a colleague, a friend, a bank, or a government agency. They may use phone calls, emails, text messages, or other forms of communication to trick the victim.
Ransomware is a type of malware that encrypts the victim’s files or locks their devices, preventing them from accessing their data or systems. The hackers then demand a ransom, usually in cryptocurrency, to restore the access or decrypt the files. If the ransom is not paid within a certain deadline, the hackers may threaten to delete the files or expose them to the public.
How did Scattered Spider hack MGM Resorts?
According to some reports citing the hackers themselves, Scattered Spider used vishing, or voice phishing, to gain access to MGM Resorts’ systems. Vishing is a form of social engineering that involves making phone calls to the victim and pretending to be someone else, such as an IT support staff, a vendor, or a customer. The hackers may use publicly available information or previous breaches to gather details about the victim and make their calls more convincing.
In this case, Scattered Spider allegedly called MGM Resorts’ employees and tricked them into revealing their login credentials or installing malicious software on their computers. Once they gained access to the company’s network, they deployed ransomware made by ALPHV, or BlackCat, a ransomware-as-a-service operation that provides hackers with ready-made malware and tools for launching attacks.
What was the impact of the attack?
The attack had a significant impact on MGM Resorts’ operations and customers. The company had to shut down many of its systems across its properties around the world, including its online sports betting arm. This resulted in widespread disruption across its hotels and casinos, with guests reporting that ATMs and slot machines were out of order, along with room digital key cards and electronic payment systems. Guests also faced long queues to check in and get physical room keys or handwritten receipts for casino winnings.
The company’s website also went offline for a while, and its phone lines were down. The company advised guests to use its Rewards app for bookings and waived change and cancellation fees for guests arriving until September 17.
It is not yet known what data was stolen from MGM Resorts’ systems by the hackers. However, some reports suggest that the hackers demanded $30 million in ransom from the company to prevent the disclosure of stolen data. It is unclear whether MGM Resorts paid the ransom or not.
How did MGM Resorts respond to the attack?
MGM Resorts did not disclose much information about the attack publicly. It only posted vague references to a “cybersecurity issue” on Twitter /X and assured guests that it was working to resolve the issue and that its resorts were staying open.
The company also said that it was cooperating with law enforcement authorities and cybersecurity experts to investigate the incident and restore its systems as soon as possible.
The company has not yet announced when it expects to fully recover from the attack or what measures it is taking to prevent future attacks.
What can we learn from this attack?
This attack shows how vulnerable even large and well-known organizations can be to cyberattacks if they do not have adequate security measures and awareness in place. Hackers can exploit human weaknesses and use social engineering techniques to bypass technical defenses and gain access to valuable data and systems.
Therefore, it is important for organizations and individuals alike to be vigilant and cautious when receiving unsolicited or suspicious phone calls, emails, or messages from unknown sources. They should also use strong passwords and multi-factor authentication for their accounts and devices, and avoid clicking on links or attachments that they do not trust.
Additionally, organizations should have backup plans and contingency measures in case of a cyberattack. They should also regularly update their software and hardware, train their staff on cybersecurity best practices, and conduct audits and tests to identify and fix any vulnerabilities in their systems.