MGM Resorts International, a major player in the gaming industry valued at $14 billion, has suffered a major cyberattack from the group known as Scattered Spider, according to multiple sources. U.S. law enforcement officials have initiated an investigation as the casino giant works to manage the fallout from the breach.
After the attack, MGM shut down several of its computer systems to contain what it described as a "cybersecurity issue." These systems remained offline for a third consecutive day, disrupting operations at various MGM venues worldwide, including those in Las Vegas and Macau. "We are investigating the incident," said an MGM spokesperson, confirming ongoing efforts to understand the full scope of the attack.
"We are investigating the incident,"
The impact of this incident is unfolding, and several reports suggest that the casino industry is increasingly vulnerable to cyber threats. A recent report highlighted another major operator, Caesars Entertainment, which allegedly paid a ransom after a data breach. This news, combined with MGM’s incident, has raised concerns in the market, resulting in a decline in the stock prices of both casino entities.
Eyewitness reports and social media posts have indicated that various slot machines and systems at MGM venues are experiencing significant disruptions. Analysts have identified Scattered Spider, alternatively known as UNC3944, as a growing threat. "They leverage tradecraft that is challenging for many organizations with mature security programs to defend against," stated Charles Carmakal, chief technology officer at Mandiant Intelligence, emphasizing the sophistication of the group's tactics.
"They leverage tradecraft that is challenging for many organizations with mature security programs to defend against,"
Scattered Spider has gained notoriety for employing social engineering techniques, persuading users to share their login details or one-time-passwords (OTPs), thereby bypassing multi-factor authentication. "Although members of the group may be less experienced and younger than many of the established multifaceted extortion/ransomware groups, they are a serious threat to large organizations in the U.S.," Carmakal continued.
By the Numbers
Casino operators are indeed appealing targets for cybercriminals, as highlighted by statements from security analysts. "They’re more likely to get paid because they’re disrupting casino operations," remarked Allan Liska, an intelligence analyst with Recorded Future. His insights suggest that this trend warrants a heightened alert among casinos globally, as the intrigue surrounding high-profile attacks could encourage copycat incidents.
"They’re more likely to get paid because they’re disrupting casino operations,"
The FBI has confirmed it is investigating the MGM breach but has not provided further details regarding the nature of the attack. The implications of this incident are compounded by Moody's warning, indicating that the breach could negatively affect MGM’s credit rating. The rating agency stated, "A breach of this magnitude not only disrupts operations but also raises concerns regarding the long-term security posture of the organization."
Cybersecurity experts assert that breaches in the casino sector often resemble ransomware incidents where hackers encrypt victims’ data and demand ransom payments in cryptocurrencies. Given the highly lucrative nature of casino operations and their dependencies on customer data, the appeal for cybercriminals is clear.
Looking Ahead
As the situation develops, analysts underscore the need for heightened vigilance across the casino sector. "This is a wakeup call for all casino operators to bolster their cybersecurity measures and prepare for potential future attacks," Liska advised.
"This is a wakeup call for all casino operators to bolster their cybersecurity measures and prepare for potential future attacks,"
