MGM Resorts (NYSE:MGM) International's operations across the country were disrupted last week due to a cyberattack that began with a social engineering breach of the company's IT help desk, according to a cybersecurity executive familiar with the matter. The incident is the latest in a series of high-profile security breaches that have hit Las Vegas casinos in recent months.
The hacker group ALPHV, also known as BlackCat, claimed responsibility for the MGM outage, stating it had breached the gaming giant through simple social engineering rather than deploying ransomware. The group further threatened to unleash ransomware on the company's computer systems "if a deal is not reached," according to a post on malware repository vx-underground.
While MGM has not explicitly labeled the incident as a cyberattack, it has refrained from commenting on the cause of its computer failures. The FBI confirmed earlier in the week that it was investigating the matter.
David Bradbury, Chief Security Officer at identity and access management company Okta (NASDAQ:OKTA), said his company had issued a threat advisory in August about similar attacks against some of its customers. In these attacks, hackers used low-tech social engineering tactics to gain entry and then more advanced methods that allowed them to impersonate users on the networks.
This incident follows other cybersecurity challenges faced by MGM Resorts International. On September 1, an MGM Aria hotel operations manager turned himself into the Metropolitan Police Department amid allegations he stole over $773,000 between July 2022 and July 2023 by issuing more than 200 false refunds to his debit card.
Moreover, MGM isn't the only casino operator targeted by cybercriminals recently. Caesars (NASDAQ:CZR) Entertainment reportedly paid tens of millions to hackers to prevent them from releasing stolen data, Bloomberg reported last Wednesday.
Alan Feldman, Distinguished Fellow in Responsible Gaming for UNLV's International Gaming Institute, commented on the situation saying that as criminals find new ways to enact their crimes, it's a "constant evolution of security systems, protocols and technologies."
As the gaming industry continues to face evolving threats from cybercriminals, companies like MGM Resorts International and Caesars Entertainment will need to continually update their security measures to prevent further breaches.
This article was generated with the support of AI and reviewed by an editor. For more information see our T&C.2023-09-18T11:22:35Z dg43tfdfdgfd