MGM Resorts International is still experiencing repercussions of a recent cybersecurity breach that has left a negative impact on the company’s operations and bottom line.
The cybersecurity incident, which commenced on Sunday, had immediate and visible impacts. Slot machines at the ARIA and hotel room locks at the Bellagio, both situated on the bustling Las Vegas Strip, were disrupted. However, the full extent of the damage is yet to be determined.
MGM Resorts’ primary website also experienced downtime, with the company officially acknowledging a ‘cybersecurity incident’ affecting reservations and casino operations across Nevada and seven other states.
MGM Resorts initially kept quiet about the cyberattack, but this week, a Russian-speaking ransomware gang known as ALPHV (also called BlackCat) took responsibility for the breach. According to ALPHV, the attackers exploited a technique called ‘social engineering.’ They convinced an employee to reveal critical credentials, essentially gaining unauthorized access by posing as an employee in need of a password reset.
The attack on MGM Resorts is incurring ongoing financial losses for the company. Commencing on Sunday, the breach disrupted casino operations, impacting ARIA’s slot machines and the Bellagio’s hotel room locks on the Las Vegas Strip.
Though MGM Resorts has yet to officially confirm the breach, ALPHV openly admitted their involvement, detailing their intrusion via a simple phone call, posing as an employee, and obtaining access within a 10-minute conversation.
This scenario highlights the substantial financial consequences of cyberattacks for businesses. Refusing ransom demands can be costly, leading to revenue losses and extensive remediation efforts. MGM Resorts is actively investigating the incident, while the FBI is also involved in the case.
As disruptions persist across MGM properties, affecting reservation systems, video slot machines, and more, the financial strain continues to mount with each passing moment.
Casinos are a target for cybercrime
As the cybersecurity breach investigation unfolds, MGM Resorts faces mounting financial pressure. The fallout from such an incident, including system remediation, loss of business and downtime costs, have been substantial. Refusing to meet ransom demands also created another financial problem.
Brett Callow, a threat analyst with cybersecurity firm Emsisoft, highlighted the motivation behind cyberattacks on casinos, stating that they are attractive targets for cyber extortionists. Casinos have both the means and the motivation to pay ransoms, given the high costs associated with downtime and disruptions to their operations and this is why they are a prime target for cybercrime.
The MGM Resorts cybersecurity breach serves as a stark reminder of the growing threat of cyberattacks on major businesses. As the investigation continues and the financial costs rise, the company faces the dual challenge of securing its systems and mitigating the financial losses incurred due to the breach. Additionally, the incident highlights the importance of robust cybersecurity measures in today’s evolving digital age.
It has been reported that some of the hotel booking systems and casino slot machines continue to be inoperable, with the starting for three days and persisting in some places after the initial acknowledgment of the significant cyberattack. MGM Resorts has witnessed a more than 6 percent decline in its share price.