MGM Cyber-issues have markings of a ransomware attack | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware

The company, which owns a range of casinos and resorts worldwide, revealed that a significant cybersecurity issue has impacted various facets of its operations. This includes the main website, online reservation system, and in-casino services such as ATMs, slot machines and credit card machines. 

“While it hasn’t been confirmed, this has all of the markings of a pretty significant ransomware attack,” said Erich Kron, security awareness advocate at KnowBe4 on the matter. 

MGM announced the incident on its X account, saying “MGM Resorts recently identified a cybersecurity issue affecting some of the Company’s systems.” It then went on to say it quickly began an investigation with assistance from cybersecurity experts, and took actions to protect its systems and data.

“Our investigation is ongoing, and we are working diligently to determine the nature and scope of the matter,” it said in a statement. 

The disruption is believed to have started on Sunday night, and continues to affect computer systems in MGM Resorts’ properties. The company’s website is currently down, slot machines offline, and even room keys are not functioning as expected. 

Recommended reading

“Given the pressure, it would not be surprising for MGM Resorts to pay the ransom in an effort to get systems back online quickly; however, that would just be the start of the recovery efforts. Not only will they have to take measures to ensure the bad actors do not have back doors planted on systems and devices across their network, the modern ransomware playbook typically involves the exfiltration of data, meaning that they are likely to be dealing with yet another data breach,” said Kron. 

According to Erfan Shadabi, cybersecurity expert at comforte AG, the issue stems from the digital transformation of the tourism industry, and its reliance on interconnected systems, making it an attractive target for threat actors.  

“Recognizing the pivotal role technology plays in enhancing guest experiences, optimizing operations, and facilitating global connectivity, the tourism industry must allocate resources to bolster its cybersecurity posture,” said Shadabi

This wouldn’t be the first time MGM faced a data breach. In 2019, the company had a cyber-attack on its system that leaked the personal data of over 10.6 million guests including celebrities, FBI agents and CEOs.

“We have strengthened and enhanced the security of our network to prevent this from happening again,” the company said at the time.


Click Here For The Original Source.

National Cyber Security