The iconic world-famous hotel casino chain, MGM Resorts, discovered a breach to its systems this past Sunday, crippling its operations as it affected check-in procedures, ATMs, slot machines, parking systems, digital key cards and electronic payments following a 10-minute cyber-attack.
This caused extended waiting time for guests of the establishment, a sour experience for individuals from far and near who visited the location at the time of the attack with enthusiasm to have the time of their lives. The culprits, Black cats, a band of hackers who also identify as ALPHV claimed responsibility for the attack as it was later discovered through a post on X, adding that they were able to breach the company’s security protocol through social engineering, identifying an IT staff of MGM on LinkedIn and subsequently calling the helpdesk, this simple yet tactical conversation would eventually lead to the collapse of the near 40 billion dollar company. This insight was offered by VX-Underground, a malware research/cybersecurity organization. According to the FBI, the notorious black hat criminal group has been connected to more than 60 attacks worldwide with Reddit, amongst other large companies on the list of its previous attacks.
The technique used by the culprits known as Vishing (coined from Voice and phishing) is a specialized social engineering cyber attack which employs the use of voice calls and malicious links in order to extract personal or sensitive information from a target. The attack led MGM to take their systems completely offline in order to salvage the situation, and the aftermath leading to massive financial losses to the company as every minute of downtime amounts to hundreds of thousands of dollars lost, considering the company reportedly rakes in up to $13 million in daily revenue.
As this is a typical ransomware attack, it is unknown how much in ransom the ALPHV has demanded, however this situation shows the massive lapse in security at MGM, as previous attacks on the company in February and July of 2020 when private information of millions of its guests were stolen and sold on the dark web. The recent demise of MGM serves as a lesson to other large corporations to constantly enhance their security protocols as these cybercriminals are highly intelligent with sophisticated tools and equipment with which to breach company’ security. Although MGM is working overtime to recover from the attack and restore its systems, it is clear that this would have a major impact on its reputation moving forward.