MGM Shut Down By a Phone Call

September 26, 2023

Introduction

Have you heard about the attack on MGM Resorts International?

On September 11, 2023 the major casino and hotel operator was hit by a serious and consequential cyberattack — and it all started with a ten minutes phone call. The attack forced the company to shut down its computer systems, disrupting operations at its properties across the United States.

What Happened to MGM?

The hacking group known as Scattered Spider has claimed responsibility for the attack; they are known for using social engineering techniques to trick employees into granting the hackers access to large corporate networks. They operate underneath a well-known ransomware gang, ALPHV, who also go by Black Cat.

In the case of MGM, Scattered Spider simply went on LinkedIn and discovered somebody who worked in the company’s IT department as a legitimate employee. As for their mastermind plan? It was as simple as calling the MGM help desk and saying they had been locked out of their account, asking for re-access.

The attack had a significant impact on MGM’s operations. ATMs, slot machines, digital room keys and other digital payment systems all went offline during the attack. The company’s corporate email, restaurant reservation and hotel booking systems also remained dark. Keep in mind, MGM owns more than 30 international hotel, resort and gaming venues.

The damage is reportedly costing them between four and eight million each day they’re offline.

Conclusion

The cyberattack on MGM is a reminder of the growing threat of ransomware attacks. (Ransomware attacks involve stealing and encryption data, and then demanding a fee in exchange for the decryption key. They often commit”double extortion” by charging in return for their promise not to publish the data online.) Ransomware attacks have become increasingly common in recent years, and they have targeted a wide range of organizations, including businesses, governments and healthcare providers all around the world..

There are a number of things that organizations can do to protect themselves from ransomware attacks, including:

  • Educating employees about social engineering attacks and how to avoid them.
  • Implementing strong security measures, such as firewalls and intrusion detection systems.
  • Regularly backing up data so that it can be restored if it is encrypted by ransomware.
  • Study your incident response plan so you know what to do when you spot something suspicious. You don’t want to be in the middle of an emergency when you realize that you forget who to call!

The cyberattack on MGM is a serious incident, but it is important to remember that ransomware attacks are preventable. By taking steps to protect themselves, organizations can reduce their risk of falling victim to all kinds of cyberattacks.

References

Most Recent Post

Guide to Improving Your Company’s Data Management

Guide to Improving Your Company’s Data Management

Data is the lifeblood of modern businesses. It fuels insights, drives decision-making, and ultimately shapes your company's success. But in today's information age, data can quickly become overwhelming.Scattered spreadsheets, siloed databases, and inconsistent...

“Knowledgeable, reliable and trustworthy”

In addition to being knowledgeable, reliable and trustworthy, he’s very friendly and accessible. Would definitely use his services again.

Nyshie Perkinson

Senior Media Specialist, Center for Biological Diversity

Related Articles

Don’t Risk It! Why You Shouldn’t Skip Vulnerability Assessments

Don’t Risk It! Why You Shouldn’t Skip Vulnerability Assessments

Cyber threats are a perpetual reality for business owners. Hackers are constantly innovating. They devise new ways to exploit vulnerabilities in computer systems and networks.For businesses of all sizes, a proactive approach to cybersecurity is essential. One of the...

7 Common Pitfalls When Adopting Zero Trust Security

7 Common Pitfalls When Adopting Zero Trust Security

Zero Trust security is rapidly transforming the cybersecurity landscape. It moves away from traditional perimeter-based security models. In this approach, every connection attempt is continuously verified before granting resource access.56% of global organizations say...

4 Ways Small Businesses Can Leverage Copilot for Microsoft 365

4 Ways Small Businesses Can Leverage Copilot for Microsoft 365

What are some of the key differentiators that can propel small businesses forward? They include efficiency, productivity, and innovation. Microsoft has expanded the availability of one of its most dynamic tools to SMBs. A tool that can be a real game-changer for...