Cyberattack at MGM Resorts disrupts systems across hotels and casinos worldwide

Outage continues into fourth day, investigation ongoing

MGM Resorts, a global hotel and entertainment conglomerate, has been hit with a major cyberattack, causing widespread disruption across its vast network of hotels and casinos worldwide. Hotel booking systems, casino slot machines, guests' digital room keys, and the company's corporate email system have been compromised. Pictures shared on social media also depict non-operational slot machines and offline reservation systems.

The financial impact on MGM is already evident, with its share price dropping by over 6%.^[1] The attack's magnitude has drawn the attention of the FBI, which is currently investigating the matter. In a report submitted to the US Securities and Exchange Commission, MGM Resorts has acknowledged the cyber incident's potential “material effect” on its operations.

As the outage due to the attack reaches its fourth day, MGM Resorts posted an update on Twitter/X on Thursday:^[2]

We continue to work diligently to resolve our cybersecurity issues while addressing individual guest needs promptly. We couldn't do this without the thousands of incredible employees who are committed to guest service and support from loyal customers. Thank you for your continued patience.

Cybercriminal group behind the attack identified as “Scattered Spider”

Evidence points to a hacking group named Scattered Spider as the masterminds behind this cyber onslaught. Previously identified by analysts, Scattered Spider has been described as “one of the most prevalent threat actors impacting organizations in the US today” by Charles Carmakal, chief technology officer at Mandiant Intelligence.^[3]

This group is believed to consist mainly of young adults from the US and UK and is notorious for their use of social engineering tactics. Their modus operandi often includes impersonating individuals based on information from their social media profiles and making phone calls to extract passwords or digital access codes.^[4]

Reports also link Scattered Spider to another attack on Caesars Entertainment, an entertainment giant that reportedly paid around half of the demanded $30 million ransom to prevent the disclosure of stolen data.^[5] This attack was executed by breaching one of its external IT vendors in late August.

The nature of the MGM attack seems to be ransomware-based, where hackers prevent access to systems or devices, demanding a ransom in exchange for decryption.

The impact

With the cyberattack entering its fourth day, the disruption is palpable. Not only have ATMs and slot machines been affected, but the internal network shutdown has also led to guests reporting issues with TV services in hotel rooms and the resort's phone lines. MGM's website remains down, prompting the company to direct guests to use its Rewards app for reservations and bookings. As a mitigation effort, MGM has waived change and cancellation fees for guests arriving up to September 17.

Security experts have opined that casinos make enticing targets for such cyberattacks. Allan Liska, an intelligence analyst at Recorded Future, emphasized that “casinos around the world should be on heightened alert” and warned of potential copycat attacks given the widespread attention this incident has garnered.

This isn't MGM's first brush with cyber threats. In 2020, the company fell victim to a cyberattack where the personal information of 10 million customers was leaked on a hacking forum (although later findings mentioned 142 million users).^[6]

In conclusion, as investigations continue and with MGM's systems still grappling with the attack's aftereffects, businesses worldwide, especially those in the hospitality and entertainment sectors, are cautioned to be on high alert and beef up their cybersecurity defenses.