"A company valued at $33,900,000,000 was defeated by a 10-minute conversation."
Oceans Zero
On Monday, MGM Grand casinos across the US were forced to shut down after a mass cyberattack compromised the company's computer systems, granting bad actors access to casino and hotel operations in "Maryland, Massachusetts, Michigan, Mississippi, New Jersey, New York and Ohio," a casino rep confirmed to the Associated Press on Tuesday.
Though its website is still inaccessible, the casino company has maintained that "certain systems" were shut down immediately to protect its patron's privacy, and the FBI has since opened an investigation into what strongly appears to be a ransomware attack. Regardless, MGM is the largest casino operator on Las Vegas' iconic strip; that a black hat group was able to gain such extensive access to its operations — local outlet Fox5 News reported that guest room keys apparently stopped working, while casino patrons took to social media to announce that ATMs and slots had stopped working — is pretty shocking, especially considering the security-heavy business that it's in.
This all in mind, you might imagine that the attack itself was incredibly sophisticated. But in a Tuesday post on X-formerly-Twitter, the malware registry vx-underground said that all the alleged perpetrators at a Russian-speaking ransomware group called ALPHV/BlackCat did was "hop on LinkedIn, find an employee, then call the Help Desk."
"A company valued at $33,900,000,000," the group added, "was defeated by a 10-minute conversation."
That's right, kids. If vx-underground — which claims it spoke to ALPHV to confirm its allegation — is to be believed, a bit of social engineering was all it took to bring one of the most prominent casino operations in the world to its knees.
All ALPHV ransomware group did to compromise MGM Resorts was hop on LinkedIn, find an employee, then call the Help Desk.
A company valued at $33,900,000,000 was defeated by a 10-minute conversation.
— vx-underground (@vxunderground) September 13, 2023
Fool Me Twice
The MGM hackers may also be serial offenders. As Bloomberg reported yesterday, an English-speaking group called "Scattered Spider," believed to be an affiliate of ALPHV/BlackCat, executed another successful social engineering attack on Caesars Palace just a few weeks ago, with the hackers allegedly making out with the sensitive data of Caeser's loyalty members — and, as Caesers reportedly chose to cough up a ransom, tens of millions of dollars — as a result.
The members of the Scattered Spiders group are "incredibly effective social engineers," Charles Carmakal, chief technical officer for the Google-owned cybersecurity firm Mandiant, told Bloomberg, adding that the black hat cohort is "one of the most prevalent and aggressive threat actors impacting organizations in the United States today."
As for whether MGM will pay up remains to be seen. Whatever the case, any and all casinos — in Las Vegas and beyond — might want to consider re-upping their employees' cybersecurity training.
More on cybersecurity: Hackers Took Over a Subdomain of Wired.com for Several Months and Replaced It With Sleazy Online Casino Content
Share This Article