In a significant cybersecurity breach, the $14 billion gaming behemoth, MGM Resorts International, was targeted by the hacking group Scattered Spider, Reuters news report said.
This cyber security incident resulted in several MGM systems remaining inoperative for a third consecutive day, with the company initially acknowledging a “cybersecurity issue” on Monday. As the investigation into the incident unfolds, U.S. law enforcement agencies have launched a probe into the attack.
MGM Resorts, which operates more than 30 hotel and gaming establishments worldwide, including iconic venues in Macau and Las Vegas, is grappling with the aftermath of the breach. While the exact cause and full extent of the breach remain unclear, social media posts have shown evidence of disrupted operations, including malfunctioning slot machines, at MGM properties in Las Vegas.
MGM Resorts does not reveal the name of its cyber security partner, which is responsible for blocking cyber security attack on its networks. MGM Resorts’ top management team includes Tilak Mandadi, who joined as Chief Strategy, Innovation & Technology Officer. Tilak Mandadi oversees MGM Resorts’ digital strategy, driving growth and innovation through technology-led customer-centric experiences, products and services.
The hacking group Scattered Spider was responsible for the cyber attack. Identified by cybersecurity experts last year, Scattered Spider employs social engineering tactics to deceive users into disclosing login credentials or one-time-password (OTP) codes, bypassing multi-factor authentication measures. Security firm Crowdstrike detailed these tactics in a blog post earlier this year.
Crowdstrike said Scattered Spider is a eCrime adversary who conducts targeted social-engineering campaigns primarily against firms specializing in customer relationship management and business-process outsourcing, as well as telecommunications and technology companies generally. The adversary primarily uses phishing pages to capture authentication credentials for Okta, Microsoft Office 365/Azure, VPNs, etc.
Charles Carmakal, Chief Technology Officer at Alphabet Inc’s Mandiant Intelligence, described Scattered Spider as “one of the most prevalent and aggressive threat actors impacting organizations in the United States today.” He noted that while the group’s members may be less experienced than some other threat actors, they still pose a serious threat to large organizations in the U.S.
Scattered Spider, also known as UNC3944, has previously targeted telecom and business process outsourcing (BPO) companies. However, recent reports suggest that they have expanded their scope to target critical infrastructure organizations, making them a formidable adversary.
The FBI has confirmed its investigation into the incident, but specific details have not been disclosed. Meanwhile, Moody’s, the rating agency, has cautioned that the breach could have a negative impact on MGM’s credit rating.
This breach follows a Bloomberg report that revealed another casino operator, Caesars Entertainment, recently fell victim to a cyberattack and paid a ransom to hackers who threatened to leak sensitive data.
The gaming industry is increasingly becoming a target for financially motivated cybercriminals, with casinos being particularly vulnerable due to the potential disruption to their operations. Allan Liska, an intelligence analyst at Recorded Future, highlighted that cybercriminals are more likely to target casinos because of the significant financial incentives involved.
Moody’s analysts also emphasized the risks associated with MGM’s heavy reliance on technology and the potential operational disruptions that occur when systems are compromised. At the time of reporting, MGM Resorts’ website was unavailable, with a holding message informing visitors about the ongoing investigation.
MGM Resorts International released a statement on social media, stating that their investigation into the breach is ongoing as they work diligently to determine the nature and scope of the incident. Further comments from MGM and the U.S. cybersecurity watchdog agency CISA were not immediately available.
