Report: Ransomware group taking credit for MGM cybersecurity issue

LAS VEGAS (KTNV) — Thursday marked five days that MGM Resorts has been trying to clear up the mess caused by a cybersecurity issue.

It has led to headaches for company officials and guests alike.

"It was kind of chaotic," said visitor Walter Haywood. "The machines wouldn't take our ticket. Lines everywhere. Just chaos"

MGM Resorts updated their home page, which now states if anyone has hotel reservations arriving between Sept. 13 and Sept. 17, 2023, resort officials are waiving change and cancellation fees.

MGM Resorts

A stroll through the MGM Grand on Thursday showed long lines of guests waiting to check in and some slot machines that were still out of order.
It's all part of the fallout from the cybersecurity breach that the company announced Sunday.

Shane Tews, a cybersecurity expert with the American Enterprise Institute think tank, says the MGM hack appears to be quite significant.

"This is tremendous," she says. "It is a reminder to all businesses that this is something that can happen to you."

I spoke to Nate Fudala, a former Las Vegas Metropolitan Police Department senior intelligence analyst with the Southern Nevada Counter Terrorism Center. The group is comprised of several agencies that monitor activities on the Strip.

"We don't know exactly how this happened yet," Fudala said. "Social engineering is something most companies don't know how to handle it because they don't know what to look for or what alerts to pay attention to the red flags."

On Wednesday, 'VX-Underground', a group focused on research and preservation with the largest collection of malware code, posted to X that the ransomware group 'ALPHV', also known as Black Cat, is behind the MGM cyber attack.

"They posted they took over $33 billion. That's a lot of money," Fudala said. "I'm not going after the small fish. I'm going after the head of the dragon and if we take out a casino, that's a lot of money involved."

MGM Resorts officials haven't confirmed how the breach happened. However, the group states they found an employee on LinkedIn, then called the help desk, and in a 10-minute phone call, they were able to hack into the system.

Fudala said cyber attacks are getting more sophisticated.

"It's about creating a safety net. The more systems we have in place, the more of a netting that you have," Fudala said. "Obviously, MGM has that netting in place, as do a lot of the casinos I worked with. It's trying to figure out who they're doing it to, when they're doing it, and how to prevent it."

With technological advances in artificial intelligence, Fudala said our future may look more like a battle between malware and the systems that try to protect against it.

"It's going to get to a point where we have to have a two-factor identification to verify that person is who they say they are," Fudala said. "The biggest threat to any network is the user. It's you and me. It's not the system itself. It's the people using it. The biggest thing is there is no 100% way to secure a network. It's impossible."

Meantime, operations at some MGM properties have somewhat returned to normal, with the exception of longer lines at the front desk and a few machines still down. Guests like Haywood said the experience wasn't a complete nightmare.

"It depends on what they off us," Haywood said. "If we get some good offers, we'll come back."

According to Bloomberg.com, the same group was behind a recent cyber attack against Caesars Entertainment.

The Nevada Gaming Control Board states they are monitoring the situation and released the following statement:

We've also reached out to MGM for comment but haven't heard back.