Tag Archive for: resorts

Services at MGM Resorts restored following ransomware attack


Services at hotels and casinos owned by MGM Resorts International Inc. have been at least mostly restored following a ransomware attack that crippled services provided by the company last week.

The cyberattack was first detected on Sept. 10 and affected systems, including websites, online reservations, ATMs, credit card machines and MGM Resorts across the U.S. In Las Vegas, it was reported that the attack also affected slot machines and room key systems.

To this point, MGM has still not formally disclosed the form of what the company still described as a “cybersecurity issue.” But a report on Sept. 13 linked the attack to the ALPHV/BlackCat ransomware group. VX-Unground, a malware research group, claimed on X (formerly Twitter) that the ransomware group compromised the company by calling the MGM Resorts helpline and undertaking a 10-minute conversation.

Other reports have since linked the attack to a group going by the name of “Scatter Spider,” the same group that was linked to a similar attack on casino operator Caesars Entertainment Inc. earlier this month. According to a report on Sept. 14, Scatter Spider, also known as UNC3944, is an affiliate of ALPHV/BlackCat.

Ransomware affiliates collaborate with ransomware creators, in this case, ALPHV/BlackCat, by deploying the ransomware within victim networks and are sometimes responsible for specific tasks like data theft or extortion based on their expertise.

In a statement on X on Sept. 20, MGM Resorts said services in its hotel and casinos are now operating normally — though one reporter said she still couldn’t book a room there.

The attack on MGM Resorts has drawn widespread attention to the problem of ransomware attacks and the need to enhance cybersecurity measures.

“The recent cyberattack on MGM Resorts International unveiled the significant deficiencies in the company’s cyber infrastructure and training, paralyzing key sectors of the business,” Lisa Plaggemier, executive director at the non-profit security awareness and educational organization

Source…

MGM Resorts breach: Russian hackers claim attack, irritating visitors


A collaboration of Russian ransomware hacker gangs may have been responsible for MGM Resorts International’s cybersecurity issue that has plagued the company for four days.

The hacker gang ALPHV, also known as BlackCat, said that it had breached the gaming giant with a simple phone call, according to a post on X from malware repository vx-underground.

ALPHV provided the ransomware and the infrastructure and affiliate groups have used it to carry out the attacks, experts said. A group calling itself Scattered Monkey is believed to have carried out the attack, according to Brett Callow, a threat analyst for Emsisoft, an anti-malware software company.

MGM has not commented on the cause of the issue, which it hasn’t characterized as a cyberattack.

MGM, the state’s largest employer, has a major presence on the Strip with 10 resorts under its control. In addition to hosting thousands of visitors each night, MGM properties are major destinations for conventioneers with its Mandalay Bay Convention Center and sports fans with affiliations with multiple arenas, including T-Mobile Arena.

Some Cosmopolitan of Las Vegas employees who asked for anonymity said they’ve been told by supervisors that the outage could take seven to 10 days to resolve.

Meanwhile, a report published Wednesday said another casino giant, Reno-based Caesars Entertainment Inc., also was hacked in late August.

Bloomberg reported that Caesars paid millions of dollars in ransom after being cyberattacked by a group known as Scattered Spider or UNC 3944. The report said Caesars would soon issue a regulatory filing addressing the incident.

Another Las Vegas resort, Westgate Las Vegas, experienced some computer issues in mid-August, but it turned out that a construction crew had sliced through a fiber-optic cable, rendering some computer systems inoperable. A Westgate spokesman said systems were back online within 24 hours.

SEC filing

For MGM, the incident was financially material enough for the company to issue a Securities and Exchange Commission filing late Tuesday, which didn’t elaborate on the cybersecurity issue.

Companies generally disclose material information on the SEC’s Form 8-K, a report to announce…

Source…

Cybersecurity ‘issue’ prompts computer shutdowns at MGM Resorts properties across US


Casino and hotel giant MGM Resorts International says a cybersecurity issue led to the shutdown of computer systems at its properties across the U.S. A statement Monday from the Las Vegas-based company said the incident began Sunday, and the extent of …

ByThe Associated Press

September 11, 2023, 2:58 PM

FILE - The Las Vegas Monorail passes by MGM Grand, April, 27, 2006, in Las Vegas. A “cybersecurity issue” led to the shutdown of some casino and hotel computer systems at MGM Resorts International properties across the U.S., a company official reported Monday, Sept. 11, 2023. (AP Photo/Jae C. Hong, File)

FILE – The Las Vegas Monorail passes by MGM Grand, April, 27, 2006, in Las Vegas. A “cybersecurity issue” led to the shutdown of some casino and hotel computer systems at MGM Resorts International properties across the U.S., a company official reported Monday, Sept. 11, 2023. (AP Photo/Jae C. Hong, File)

The Associated Press

LAS VEGAS — A “cybersecurity issue” led to the shutdown of some casino and hotel computer systems at MGM Resorts International properties across the U.S., a company official reported Monday.

The incident began Sunday. The extent of its effect was not immediately known on reservation systems and casino floors in Las Vegas and states including Maryland, Massachusetts, Michigan, Mississippi, New Jersey, New York and Ohio, company spokesman Brian Ahern said.

The FBI is “aware of the incident,” the bureau said in a statement from its national press office. It characterized the event as “still ongoing” and did not disclose details.

MGM Resorts said in a statement it identified a “cybersecurity issue affecting some of the company’s systems” and that its investigation involved external cybersecurity experts.

The nature of the issue was not described, but the statement said efforts to protect data included “shutting down certain systems.” It said the investigation was continuing.

A post on the company website said the site was down. It listed telephone numbers to reach the reservation system and properties.

A post on the company’s BetMGM website in Nevada acknowledged that some customers were unable to log on.

The company has tens of thousands of hotel rooms in Las Vegas at properties including the MGM Grand, Bellagio, Cosmopolitan, Aria, New York-New York, Park MGM, Excalibur, Luxor, Mandalay Bay and Delano.

It also operates properties in China and Macau.

Source…

MGM Resorts hacked: 10.6 million guests have their personal data exposed on hacking forum

Over 10 million people who have stayed at MGM Resorts hotels – including Twitter boss Jack Dorsey and pop idol Justin Bieber – have had their personal details posted online by hackers.

Read more in my article on the Tripwire State of Security blog.

Graham Cluley