In a shocking turn of events, the $14 billion American gaming giant, MGM Resorts International, found itself in the crosshairs of a notorious hacking group known as Scattered Spider. This high-profile breach sent shockwaves through the tech world, leaving experts and investigators scrambling for answers.
For three consecutive days, MGM’s critical systems were held hostage, causing widespread disruptions and setting off alarm bells within the company. The resort conglomerate, renowned for its global presence with over 30 hotel and gaming venues, initiated an investigation after publicly acknowledging a “cybersecurity issue.”
— MGM Resorts (@MGMResortsIntl) September 11, 2023
The incident’s cause and full repercussions remain shrouded in mystery, but social media was abuzz with reports of malfunctioning slot machines and systems at MGM properties in Las Vegas.
The Scattered Spider hacking group, identified by security experts last year, specializes in social engineering tactics. These techniques coerce individuals into surrendering login credentials and one-time-password codes, effectively bypassing multi-factor authentication measures. Crowdstrike, a respected cybersecurity firm, shed light on this threat in a January blog post, dubbing Scattered Spider as “one of the most prevalent and aggressive threat actors impacting organizations in the United States today.”
Charles Carmakal, Chief Technology Officer at Alphabet Inc.’s Mandiant Intelligence, further underscored the group’s menace. He emphasized that although Scattered Spider may consist of less experienced and younger members compared to other well-established cybercriminal groups and state-sponsored actors, they pose a significant threat to major U.S. organizations.
Scattered Spider, also known as UNC3944, previously targeted telecommunications and business process outsourcing companies. More recently, they set their sights on critical infrastructure entities, making them a formidable adversary. According to Carmakal, their tactics present challenges even for organizations boasting mature security programs.
The Federal Bureau of Investigation (FBI) has initiated its own investigation into the incident, signifying its gravity. Moody’s, the renowned credit rating agency, has raised concerns about the breach’s potential negative impact on MGM’s credit rating.
This type of attack is reminiscent of ransomware incidents, where malicious actors encrypt victims’ computer systems and demand ransoms in digital currency. The motive behind these cybercrimes is often financial gain.
Casinos have become prime targets for financially-motivated cyberattacks. The disruption caused by compromising casino operations makes extortionists more likely to receive their demanded ransoms. Allan Liska, an intelligence analyst at Recorded Future, emphasized the heightened risk for casinos worldwide, warning of potential copycat attacks.
Moody’s analysts, in a report, highlighted the incident’s significance, drawing attention to the heavy reliance on technology within MGM’s business operations. When critical systems are offline or inoperable, operational disruptions follow suit.
As investigations unfold, the cybersecurity community watches with bated breath, and MGM Resorts International faces a critical moment in safeguarding its digital fortress against future threats.
Messages seeking further comment from MGM and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) have yet to be returned. As of now, MGM Resorts’ website remains “currently unavailable,” leaving lingering questions about the full extent of the breach.
In a statement posted on the social media platform X, MGM assured the public that their investigation is ongoing, pledging to diligently uncover the nature and scope of the matter. The cybersecurity world waits anxiously for further developments.