Source: securityboulevard.com – Author: Richi Jennings
Not happening in Vegas: 12 hotels and casinos—nor in many more elsewhere, neither.
MGM Resorts has pulled the plug on its servers, because it’s come under cyberattack from scrotes unknown. It seems like a fair bet we’re talking about another ransomware attack.
MGM is a huge deal in Las Vegas, owning properties such as Bellagio, New York–New York and Luxor. In today’s SB Blogwatch, we’re not staying in Vegas.
Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: 20 years.
You’re Welcome to It
What’s the craic? Devin O’Connor reports—“MGM Resorts Suffers Cybersecurity Attack”:
“Nevada’s largest employer”
Brian Ahern, MGM’s executive director of communications, issued a statement … that the casino company has been hit with an unknown attack: “[We] took prompt action to protect our systems and data, including shutting down certain systems.” … (Ahern issued the company statement through a Gmail address, as employees do not currently have access to their company email because of the cyber incident.)
…
MGM Resorts’ last major cybersecurity event came in 2019 when personal information on 30 million guests was shared publicly on … Telegram. MGM confirmed in early 2020 that it was the victim of a data attack from a Russia-based hacking group.
…
MGM is Nevada’s largest employer and operates the most casinos on the Las Vegas Strip. … The outage, however, is apparently affecting MGM’s regional casinos, too [including] MGM National Harbor, … Borgata in Atlantic City, MGM Grand Detroit, MGM Springfield in Massachusetts, Beau Rivage in Mississippi, Empire City Casino in NYC, and MGM Northfield Park in Ohio.
What’s happening? Lucas Ropek knows—“Looks Like MGM Resorts Just Got Hacked”:
“Ransomware attacks”
MGM isn’t just any old casino vendor; it’s a huge corporate empire, encompassing a multitude of interlocking businesses. … The impact of a ransomware attack on its business operations could be immense. … We’ll have to wait to see just how screwed MGM really is.
…
Local news outlets in Las Vegas caught wind of various complaints from patrons of MGM businesses: Some said ATMs at associated hotels and casinos didn’t appear to be working; others said their hotel room keys had stopped functioning; still others noted that bars and restaurants located within MGM complexes had suddenly been shuttered. [And] MGM’s website [is] definitely not working the way that it’s supposed to.
…
While it’s still not totally clear what kind of attack we’re talking about here, the most likely culprit in a case like this would be ransomware. Ransomware attacks on casinos aren’t quite as common as, say, attacks on schools or small businesses—but they have been known to happen.
They have? Duncan Riley drives the point home—“‘Cybersecurity issue’ disables computer systems”:
“Wouldn’t be the first time”
The fact that MGM Resorts shut down certain systems points to one thing: A ransomware attack. A typical ransomware attack involves the code spreading across a network before encrypting data and demanding a ransom payment. The way to prevent ransomware from spreading across a network is to disable exposed parts of the network as soon as the ransomware is detected on internal systems, which is what MGM Resorts has done.
…
It wouldn’t be the first time ransomware operators have targeted hotel and resort owners. InterContinental Hotels Group PLC, the owner of hotel brands such as Holiday Inn, Crowne Plaza and Regent, was struck … in September 2022. … Hyatt Hotels Corp. suffered a similar attack in 2015.
A sweary u/GingerBeard_andWeird saw this coming:
Looooool ****ing morons. Worked in end user support for them. When MGM2020 plan was announced they told us it was to reinvest money into IT infrastructure including, most primarily, Cybersecurity. Clearly they didn’t.
…
[They] almost got ground to a total halt of business by WannaCry. It got into one of the main surveillance systems, and the only reason it didn’t blue screen that server was a glitch when it attempted to launch its payload. … Literally a stroke of luck kept them from having to shut down almost every casino.
…
****ing idiots. Hope they get roasted for this.
What are the scrotes after? andy800 says it’s the data, stupid:
1) They have large, very detailed databases with extensive customer records: Photos of drivers licenses, for example.
…
2) Easy attack vector: Heavily dependent on a variety of vendor software and systems that are way out of date, run by weak, underpaid and often uninformed IT staff.
…
3) Casino companies are typically heavily incented to simply pay the ransom, rather than face regulatory scrutiny and consumer distrust.
Idiots? Weak? Uninformed? These are things that make Phaidros go, “Hmm”: [You’re fired—Ed.]
Hmm. Having worked with teams at MGM, I can tell you that the networks are air-gapped. I would guess either a vendor was compromised, or someone made a huge mistake (read: $$$$).
The situation sounds like a nightmare for employees. Here’s u/DokiDokiLove, for example:
This is just in my department (room service). I can’t imagine how it is in the others:
…
A lot of people thought room service was closed because they couldn’t access [it]. And we couldn’t access the multiple programs that lets us see the comp orders hosts have for guests—and the hosts couldn’t access their notes to call and tell us what the orders where and to whom they were going. … We had to hand write everything for the kitchen and the servers. It’s a good thing we had the right kind of carbon copy paper.
…
Management couldn’t order specific things from the warehouse, workforce couldn’t email them to tell them who called out or to call employees in. Management couldn’t access employee phone records to call them in themselves. Employees had to write down the coworker’s phone numbers that they had and give them to the managers so they could call staff in because our schedules are stupid. … The warehouse will only be sending supplies that were sent the day of week before. So we’ll have extra of certain things and nothing of other things.
Whatever next? photonthug’s ID is appropriate:
Maybe most of the LED displays are run by the same IT department. So if I were an evil genius, this latest attack would be only the first salvo of bewildering hijinks perpetrated in the service of a multistep heist. The ultimate goal: Rickroll the entire city after hijacking The Sphere.
Meanwhile, an unsympathetic UrbanAchiever sounds slightly sarcastic:
Oh my God I hope this doesn’t eat away at their near $13B in revenue fleeced mostly off of people with poor habit control.
And Finally:
You have been reading SB Blogwatch by Richi Jennings. Richi curates the best bloggy bits, finest forums, and weirdest websites … so you don’t have to. Hate mail may be directed to @RiCHi, @richij or [email protected]. Ask your doctor before reading. Your mileage may vary. Past performance is no guarantee of future results. Do not stare into laser with remaining eye. E&OE. 30.
Image sauce: David Vives (via Unsplash; leveled and cropped)
Recent Articles By Author
Original Post URL: https://securityboulevard.com/2023/09/mgm-ransomware-richixbw/
Category & Tags: Analytics & Intelligence,Application Security,AppSec,Cloud Security,Cyberlaw,Cybersecurity,Data Privacy,Data Security,Deep Fake and Other Social Engineering Tactics,DevOps,DevSecOps,Editorial Calendar,Endpoint,Featured,Governance, Risk & Compliance,Humor,Identity & Access,Identity and Access Management,Incident Response,Industry Spotlight,Insider Threats,Malware,Most Read This Week,Network Security,News,Popular Post,Ransomware,Regulatory Compliance,Securing the Cloud,Securing the Edge,Security at the Edge,Security Boulevard (Original),Security Operations,Social Engineering,Spotlight,Threat Intelligence,Threats & Breaches,Vulnerabilities,Zero-Trust,casino,casinos,las vegas,MGM Resorts,SB Blogwatch,Vegas – Analytics & Intelligence,Application Security,AppSec,Cloud Security,Cyberlaw,Cybersecurity,Data Privacy,Data Security,Deep Fake and Other Social Engineering Tactics,DevOps,DevSecOps,Editorial Calendar,Endpoint,Featured,Governance, Risk & Compliance,Humor,Identity & Access,Identity and Access Management,Incident Response,Industry Spotlight,Insider Threats,Malware,Most Read This Week,Network Security,News,Popular Post,Ransomware,Regulatory Compliance,Securing the Cloud,Securing the Edge,Security at the Edge,Security Boulevard (Original),Security Operations,Social Engineering,Spotlight,Threat Intelligence,Threats & Breaches,Vulnerabilities,Zero-Trust,casino,casinos,las vegas,MGM Resorts,SB Blogwatch,Vegas
Views: 0