‘Cybersecurity Issue’ Forces Systems Shutdown at MGM Hotels and Casinos
The websites of the company experienced an outage, and few visitors faced issues with accessing hotel rooms and slot machines. Cybersecurity analysts suggest that the root cause of this might be a cyber assault.
Blog article posted on September 11th, 2023 and updated on September 12th, 2023 at twelve minutes past midnight Eastern Time.
On Monday, MGM Resorts International, a company that owns casinos and hotels, announced that it was experiencing a problem with its online systems. This issue has caused inconvenience for some customers, especially those located in Las Vegas. Experts in cybersecurity have suggested that the problem is likely a result of a widespread cyberattack on the company.
MGM Resorts did not give particular details about the problems, nor did they reveal the time frame of when the challenge initially arose, or when it was identified. However, they affirmed that they had notified the authority, and in their statement, the company claimed to have acted quickly to safeguard their systems and information by shutting down some of their systems.
MGM Resorts has shared an update on social media stating that they are currently conducting an ongoing investigation with great effort in order to discern the extent and details of the situation.
The company experienced some issues, but they did not communicate about them when contacted by email. On Monday evening, their website was not accessible, and individuals on a Facebook group expressed difficulties with their slot machines and accessing hotel rooms at the company's resorts.
According to KTNV 13, a television channel stationed in Las Vegas, many betting machines located in hotels ceased to function, consequently resulting in a number of guests being unable to conduct transactions, for example, paying for services through their rooms, booking reservations, and utilising their digital room keys.
MGM Resorts declared in a late Monday night announcement that its resorts are still providing the excellent experiences that MGM has become recognized for, such as its numerous dining, entertainment, and gambling choices.
The company mentioned that their guests can still get into their hotel rooms and their staff at the front desk are prepared to support them if they require any assistance. The company is grateful for the patience of their guests.
The extent of the cybersecurity problems and how many people were impacted is uncertain. MGM is a well-known enterprise with numerous hotel accommodations spread throughout Las Vegas including Mandalay Bay, Aria, the Bellagio and the MGM Grand Las Vegas.
On Monday, Greg Moody - who's an expert in information systems and cybersecurity and works as an associate professor at the University of Nevada in Las Vegas - stated that when a company faces a "cybersecurity issue", it usually implies that an outsider or a group of people have unlawfully gained access to their computer network.
MGM might have faced an attacker or multiple attackers who discovered a weak point in their security measures. Dr. Moody, who has collaborated with MGM and its tech squad on numerous projects, shared this observation. This breach led to the downfall of the company's systems.
According to him, hackers who aim to make money are usually the ones behind such attacks. They often snatch a company's data and keep it as a hostage until the company agrees to pay them for its release. Additionally, these attackers put up the stolen data for sale on a secret online platform, where potential buyers look for information that can be used for identity theft purposes, such as names, phone numbers, and addresses.
According to Dr. Moody, MGM is a prime target because of its enormous dataset due to being a big company.
On Monday, Arthur Salmon - who holds the position of cybersecurity program director and computing/information technology professor at the College of Southern Nevada - stated that cyberattacks target large enterprises frequently.
Dr. Salmon mentioned that there are certain businesses that are commonly attacked due to the urgency of restoring their systems. These industries include utility companies, which often receive complaints from customers that are made public; hospitals, because of the threat to patients' well-being; and casinos, as a data breach could greatly harm their reputation and expose customers' private information.
According to Dr. Salmon, the security team needs to be flawless in their efforts. The threats they face are constantly evolving and becoming more intricate. All it takes is one successful attack from the attacker to compromise the security measures.
According to University of Nevada in Las Vegas network security professor, Yoohwan Kim, some hackers will unlawfully obtain information from a well-established and wealthy corporation, then ask for a payment in exchange for the decryption code for their systems. The hackers will then wait until the requested payment is made.
According to Dr. Salmon, the demanded ransom can differ, however typically, it falls in the range of a few hundred thousands to a couple of million dollars for big corporations.
According to specialists, recovering from a large-scale cyber attack can last for several months or even years.
Lately, there have been various cyberattacks across the globe that have caused disruptions in the functioning of a fuel pipeline, medical facilities, grocery stores, and even put some intelligence agencies at risk of exposure. Back in 2019, MGM experienced a data breach that had an impact on approximately 10.6 million individuals.
Reporting for this blog section was done by Rebecca Carballo.
