MGM Resorts has announced that all its hotels and casinos are now operating normally, marking a successful recovery from a recent cyberattack that disrupted their systems. This major incident, which lasted for nine days, saw the company’s websites go offline, slot machines cease to function, and some transactions limited to cash only. MGM Rewards accounts are expected to be updated at a later date, and certain promotional offers may still be temporarily unavailable.
The cyberattack was attributed to the ALPHV ransomware group, who claimed responsibility shortly after the systems went offline. Their method involved social engineering tactics, which typically involve gaining the trust of employees to access sensitive systems. Once access is secured, ransomware groups often demand payment in exchange for restoring access or preventing the release of sensitive information.
Interestingly, reports emerged that MGM’s competitor, Caesars Entertainment, which also owns casinos along the Las Vegas strip, had experienced a similar attack. Unlike MGM, Caesars reportedly paid a substantial sum, rumored to be in the tens of millions of dollars, to the hackers who had threatened to disclose company data. This incident was also claimed by the ransomware group Scattered Spider, although attribution in the world of hacking can be challenging to confirm definitively.
Both attacks had a common entry point through the identity management vendor Okta, a service used by both MGM and Caesars. Okta confirmed that hackers had exploited its technology as an access point. The extent of the damage caused by these cyberattacks remains uncertain, but at least three other Okta clients have also fallen victim to cyberattacks, according to David Bradbury, the company’s Chief Security Officer.
Okta emphasized that there had been no compromise or breach of its own systems, and their service remained fully operational and secure. They urged organizations to be vigilant against social engineering attacks, where threat actors impersonate employees and manipulate help desks into resetting multi-factor authentication for privileged accounts.
As of now, MGM has not commented on any potential data leaks resulting from the attack or the status of backend systems, including employee accounts. This incident underscores the ongoing challenges and risks posed by cyber threats in the digital age, even for well-established companies in the hospitality and entertainment industry.
Frequently Asked Questions (FAQs) about cyberattack recovery
What caused the cyberattack on MGM Resorts?
The cyberattack on MGM Resorts was caused by the ALPHV ransomware group. They claimed responsibility shortly after the attack occurred. Their approach involved using social engineering tactics to gain access to the company’s systems.
How did the cyberattack impact MGM Resorts?
The cyberattack disrupted the normal operations of MGM Resorts for nine days. During this time, the company’s websites went offline, slot machines stopped functioning, and some transactions could only be conducted with cash. MGM Rewards accounts were also affected, and some promotional offers remained unavailable.
Did MGM Resorts pay a ransom to the hackers?
MGM Resorts did not mention paying a ransom in the information provided. However, it’s worth noting that a competitor, Caesars Entertainment, reportedly paid “tens of millions of dollars” to hackers who had threatened to release company data in a similar attack.
What role did the identity management vendor Okta play in these cyberattacks?
Both the MGM Resorts and Caesars Entertainment cyberattacks had a common entry point through the identity management vendor Okta. The hackers were able to exploit Okta’s technology as an access vector. Okta has confirmed that at least three other clients have also been targeted in cyberattacks.
Is there any information about potential data leaks or the status of backend systems following the cyberattack?
As of the information provided, MGM Resorts had not commented on any potential data leaks resulting from the attack or the status of backend systems, including employee accounts. The full extent of the damage and implications of the cyberattack remain uncertain.