After what MGM Resorts is thus far only describing as a “cybersecurity issue,” casinos in Las Vegas and throughout the US have been reduced to manual bookkeeping and reduced services since Monday. Details about the attacker and the nature of the attack are still unclear, but a ransomware gang has claimed responsibility and the chaotic aftermath certainly looks like a deployment of malware.
The MGM properties, which are mostly concentrated on the Vegas Strip but also found in a handful of cities in other parts of the country, have remained open during the cybersecurity issue but are not the most relaxing possible experience for guests at the moment. Check-ins are being handled with printed reservations and paper copies of credit cards, leading to longer-than-usual lines. There have also been reports of issues with hotel door locks, elevators and ATMs. And many slot machines and many other electronic games remain offline indefinitely.
Cybersecurity issue causes casino floor havoc, no word yet on data theft
With MGM only issuing a very general statement about a cybersecurity issue, there is not yet a good picture of the full damage other than the resulting chaos on the casino floors. Ransomware attacks are often accompanied by data theft and subsequent extortion these days, and it is possible that the ALPHV group is behind the attack based on some boasting spotted on underground hacking forums.
MGM’s status regarding mandatory breach declarations is a bit unclear at this point. While it is not clear if the company has any federal responsibilities in terms of a breach declaration window at this point, in 2022 Nevada’s gaming commission began requiring that casinos declare attacks of this sort within three days.
Casinos may have movies made about the sophistication of their physical security, but the cybersecurity issue illustrates how relatively simple phishing scams or exploitation of known vulnerabilities can still manage to do massive damage. MGM’s last data breach, a 2019 incident that exposed the contact information of some 10 million hotel guests, was the result of a misconfigured internet-facing database.
Cybersecurity issue causes major disruption for Vegas Strip visitors
MGM rules the southernmost half of the Vegas Strip, from Mandalay Bay and the MGM Grand near the airport to the Bellagio at the cross street of Flamingo. That leaves a roughly three block area of the Strip without fully functioning casinos, with essentially no gambling options until one gets to Planet Hollywood at Harmon Avenue. And it remains unclear as to how long cleanup is going to take, with no word on MGM’s intent to pay a ransom (or if one has even been demanded at this point). A rebuild of this magnitude could potentially take weeks, but much more information is needed about the cybersecurity issue to make projections.
All that is known about the incident thus far is that someone claiming to be with ALPHV has boasted on underground forums about being able to phish an MGM help desk employee with a 10-minute phone call. ALPHV has been known to threaten leaks of stolen data dating back to 2022 and uses a clearnet site to shake down victims.
This could mean long-term problems for guests at MGM properties, including inability to use the company website or mobile app to book or change reservations. Between that and entire banks of slot machines being wiped out, MGM is undoubtedly losing a frightening amount of revenue each day the “cybersecurity issue” drags on.