In a recent cyber incident that has shaken the operations of MGM Resorts, the ALPHV/BlackCat ransomware group has emerged as the main culprit.
This unanticipated breach originated from an unusual source, LinkedIn, raising questions about the vulnerabilities associated with professional networking platforms.
MGM Resorts, renowned for its 19 prominent properties across the United States, including iconic Las Vegas casino hotels like the Bellagio, Mandalay Bay, and the Cosmopolitan, found itself grappling with the aftermath of the attack that unfolded on a fateful Sunday evening.
The repercussions of this cyberattack have been substantial. Guests experienced extensive delays in check-in procedures, while various critical systems, such as electronic payments, digital key cards, slot machines, ATMs, and paid parking systems, were rendered inoperable.
VX-Underground, a respected malware research group, disclosed that ALPHV, alias BlackCat, executed this assault by employing social engineering tactics to pinpoint an MGM IT support employee via LinkedIn. Astonishingly, this breach took a mere 10 minutes to orchestrate, highlighting the alarming ease with which sophisticated cyberattacks can be executed.
Alex Hamerstone, advisory solutions director at TrustedSec, aptly noted that while MGM’s prominence attracted media attention, ransomware incidents frequently target smaller businesses without making headlines. The severity of the disruption indicated the audacious nature of the attack, challenging the notion of stealthy data theft, as everything came to a standstill.
ALPHV, a well-known entity in the black-hat realm, had previously been linked to attacks on Reddit and Western Digital, earning its notoriety. An FBI flash report, cited by CISA in April 2022, documented ALPHV’s involvement in compromising over 60 entities globally.
Although neither MGM nor the FBI has officially disclosed the breach’s nature, VX-Underground’s credibility as a source within the cybersecurity community lends weight to their claims.
The financial ramifications of this incident are likely to be substantial. MGM reported a staggering revenue of $1.2 billion from its Las Vegas Strip properties in the quarter ending June 30, 2022, stemming primarily from hotel rooms and casinos.
The daily revenue of over $13 million underscores the gravity of the situation. The extent of data accessed by the hackers remains uncertain, but it often includes encryption for ransom purposes and the threat of data exposure if demands are not met.
The ransom amount remains undisclosed, but it is important to acknowledge the sophistication and thorough research conducted by cybercriminal groups in such situations. Attackers often seek information on the victim’s cyber insurance policy to tailor their ransom demands. Furthermore, the long-term damage to MGM’s reputation in the aftermath of this cybersecurity incident remains uncertain, as industries tend to react differently to such breaches.
The impact on consumer trust and loyalty will be closely monitored as MGM navigates through the aftermath of this unsettling breach.