MGM hotels and casinos are operational again.
MGM hotels and casinos are operational again.
MGM Resorts bounces back after cyberattack: a rollercoaster ride of restoration and recovery
In a remarkable turnaround, MGM Resorts announced that all of its hotels and casinos are back in action after a debilitating cyberattack that left the company’s systems paralyzed for nine grueling days. The attack, carried out by the ALPHV ransomware group, had forced the company to take its websites offline, shut down slot machines, and even resort to cash-only transactions. This massive system-wide restoration effort marks a major milestone for the company, and its customers can now breathe a sigh of relief.
While the company has managed to restore its operations, there are still some loose ends to tie up. MGM Rewards accounts are yet to be updated, with the company promising to do so at a later date. Additionally, certain promotional offers may remain temporarily unavailable, but these are minor hiccups in light of the greater victory.
The cyberattack on MGM Resorts highlights the alarming growth and sophistication of ransomware groups like ALPHV. These groups employ various tactics, including social engineering, to gain access to sensitive systems. Once inside, they typically demand a hefty sum in exchange for restoring access or withholding information. The ALPHV group claimed responsibility for the attack on MGM Resorts, showcasing their audacity and capability. However, it is worth noting that attributing responsibility to a specific group is a challenge, as hackers often vie for recognition without concrete evidence.
Interestingly, reports began circulating after the MGM attack that Caesars Entertainment, MGM’s competitor and another major player in the Las Vegas casino industry, had also fallen victim to a similar cyberattack. In contrast to MGM, Caesars reportedly opted to pay “tens of millions of dollars” to the attackers, who were threatening to leak the company’s confidential data. This incident highlighted the difficult choices companies face when dealing with cyber extortion. The group responsible for the Caesars attack, Scattered Spider, also claimed credit for the MGM attack, although without independent corroboration, it is hard to definitively establish their involvement.
Both the MGM Resorts and Caesars Entertainment attacks originated through a common entry point, the identity management vendor Okta. Both companies employed Okta’s services, and the vendor acknowledged that its technology had been exploited by the hackers. The full extent of the damage inflicted by these attacks remains unclear. Reuters reported that at least three other Okta clients have also been targeted by cybercriminals, further highlighting the broader vulnerabilities associated with third-party services.
Okta, however, has firmly denied any compromise or breach of its systems, assuring its clients that its service remains fully operational and secure. The company stands ready to assist MGM Resorts in any way possible, as part of its commitment to protecting its customers. Okta has observed social engineering attacks where threat actors impersonate employees and manipulate help desks into resetting multi-factor authentication for highly privileged accounts. To prevent such incidents, Okta has shared valuable insights and preventative measures on their blogs, encouraging its customers to review and take appropriate action.
As the dust settles on the MGM Resorts cyberattack, questions remain about potential data leaks and the status of backend systems, including employee accounts. Despite repeated attempts to obtain comments from MGM, the company has not responded, leaving these concerns unanswered for now.
In conclusion, the restoration of MGM Resorts’ operations is a testament to the company’s resilience in the face of a severe cyberattack. The incident underscores the escalating threat posed by ransomware groups, with businesses increasingly finding themselves caught in the crosshairs. The interconnected nature of the modern digital landscape, as exemplified by the Okta vendor compromise, serves as a reminder of the need for robust cybersecurity measures and vigilance in an ever-evolving threat landscape. While the road to recovery may be long and arduous, MGM Resorts has emerged stronger, ready to welcome guests back to its vibrant and secure establishments.
