MGM Resorts Recovers from Cyberattack: Lessons Learned and Future Implications

This incident, which follows a previous breach in 2019, underscores the vulnerabilities faced by significant corporations and highlights the urgent need for cybersecurity measures.

The Cyberattack Unfolds

The ordeal began on September 10, 2023, when MGM Resorts detected a cyberattack targeting its computer systems. The attack aimed to compromise sensitive data, including hotel reservations and credit card processing. MGM promptly responded by shutting down its digital systems to safeguard customer information.

The Cost of Downtime

During the 10-day shutdown, MGM Resorts estimated that it incurred daily losses of up to $8 million, totalling a potential loss of $80 million. However, it's worth noting that MGM Resorts reported annual revenues exceeding $14 billion, equivalent to over $270 million per week. These numbers underscore the staggering financial impact that a cyberattack can have on a major corporation.

Recovery and Operational Status

After a painstaking restoration process, MGM Resorts announced that all its hotels and casinos across the United States operate normally. The company quickly reassured guests that resort services, including dining, entertainment, pools and spas, are fully operational. The website and app are also functional, accepting dining and spa reservations. At the same time, work continues to restore hotel booking and loyalty reward functions.

Rival Casino's Cybersecurity Struggles

The MGM cyberattack incident sheds light on the cybersecurity challenges faced by other major casino operators. Rival casino owner Caesars Entertainment disclosed that it, too, fell victim to a cyberattack on September 7, 2023. While the attack did not disrupt its casino and online operations, Caesars could not guarantee the safety of personal information for tens of millions of customers, including driver's licenses and Social Security numbers.

Reports suggest that Caesars Entertainment may have paid a $15 million ransom out of a $30 million demand by a group known as Scattered Spider to secure customer data. This incident raises questions about the preparedness of major corporations to deal with cybersecurity threats and the ethical implications of paying for ransomware.

Industry Vulnerabilities

Cybersecurity experts have noted that the attacks on MGM Resorts and Caesars Entertainment exposed critical weaknesses in the industry's cybersecurity infrastructure. The perception of casinos as invulnerable to cyber threats has been shattered. Christopher Budd, a director of threat research at cybersecurity firm Sophos X-Ops, emphasized the need for all casinos to adopt the highest possible defensive posture and activate incident response processes.

Attribution and Conflicting Reports

The identity of the cybercriminals behind the MGM Resorts attack has been a subject of debate. The attack has been attributed to Scattered Spider, an English-speaking group operating under a Russia-based operation called ALPHV or BlackCat. However, conflicting reports have emerged, with Scattered Spider denying involvement in some forums, while ALPHV suggests otherwise.

David Richardson, an executive at cybersecurity firm Lookout, noted that despite conflicting claims, there is substantial technical evidence linking the two groups. This raises concerns about the complexity and interconnectivity of cybercriminal operations.

Urgent Need for Cybersecurity Investment

Lisa Plaggemier, executive director at the nonprofit National Cybersecurity Alliance, highlighted the necessity for substantial investment in employee training and cybersecurity measures within the industry. 

She stressed that MGM's decision to shut down vulnerable systems was a positive step but also underscored the significant security gaps that must be urgently addressed.

Final Note

The recent cyberattacks on MGM Resorts and Caesars Entertainment are a stark reminder that no industry is immune to cyber threats. As major players in the hospitality and casino sector, these incidents have raised concerns about the industry's overall cybersecurity posture. The fallout from these attacks underscores the urgent need for robust cybersecurity measures, employee training and incident response strategies to protect sensitive customer data and maintain business continuity.

As the dust settles on these cyberattacks, industry leaders are left with valuable lessons learned and a heightened awareness of the ever-evolving cybersecurity landscape. In an era where digitalization is integral to business operations, proactive cybersecurity measures have become non-negotiable for safeguarding both reputation and financial stability.