The IT Nerd

If you’re trying to book a vacation at a MGM Resort, forget about it. They’ve been pwned by a ransomware attack:

The initial shutdown impacted nearly every aspect of the casino operator’s business. Reservation systems, booking systems, hotel electronic key card systems, and the casino floors were all apparently impacted by the outage.

The company’s email systems were also apparently taken down in response to the cybersecurity issue, and have not yet come back online.

The company said that as of Monday evening, their casino floors were back online. But the reservation systems that power their thousands of hotel rooms and the booking system that controls reservations for their restaurants are apparently still down, more than a day after the first reports of the incident began to circulate.

Sucks to be MGM. Chris Denbigh-White, the Chief Security Officer (CSO) for Next DLP had comment on this pwnage:

The recent cyber assault on MGM Resorts has sparked significant intrigue, albeit amid a veil of limited information. Considering the available intelligence and the trajectory of cyber threats this year, it strongly suggests ransomware is the probable perpetrator. 

Casinos, both repositories of substantial wealth and vast volumes of personal and financial data that harbor a minuscule appetite for operational downtime, render them exceptionally enticing prey for cyber-criminal syndicates on the hunt for financial gain.

Although specific details are lacking, the initial repercussions of this incident are far from unclear. MGM Resorts has instituted a sweeping shutdown of a substantial segment of its infrastructure. This episode accentuates the paramount role of visibility in crafting effective containment strategies. It compels businesses, irrespective of industry, to contemplate the depth to which they should be prepared to suspend or curtail their operations when confronted by such threats. MGM’s response, somewhat akin to a “nuclear” option, is poised to affect its near-term revenue-generating capabilities indisputably.

As MGM Resorts looks toward the eventual restoration of its services, the imperative of a meticulously delineated and rigorously tested system restoration process takes center stage. This process must ensure that when operations recommence, unwavering confidence prevails regarding the fortitude of system defenses. Following such an ordeal, a certain degree of paranoia will undoubtedly pervade as the systems are reactivated.

The MGM incident underscores a universal truth—namely, that the calculus of cyber risk knows no industry bounds. The profound implications of this breach reverberate well beyond the casino walls, resonating as a stark reminder to senior leadership teams across sectors that the pursuit of resilience, protection of data, and the preservation of digital trust are mandates of our digital age.

I would not at all be shocked if we see more attacks on those in the vacation/resort/casino business as those are targets who might be more likely to pay up as attacks like this are move devastating from a revenue perspective.

UPDATE: Ken Westin, Field CISO, Panther Labs add this:

While the details of the attack have not been provided, the response of shutting down the network, particularly bringing down games which are the lifeblood of a casino, tells me that we are dealing with a potential ransomware incident. The shutdown of such critical systems was probably done to stop the spread of malware through their environment. Ransomware groups commonly target not just one company, but entire industries once they identify a common vulnerability or misconfiguration.  This should be cause for alarm in the gaming industry, as these networks are tightly controlled with multiple layers of security, if a vulnerability was identified it could mean additional casinos will be hit that may share a vulnerable application or similar misconfiguration.

Steve Hahn, Executive VP, BullWall follows with this:

   “MGM isn’t publicly stating the nature of the attack, but looking at the endless stream of negative social media posts from their customers being locked out of their room, or entering rooms with other guests in them, ATMs and slot machines down, this really can’t be anything other than a Ransomware Attack. Ransomware Attacks are designed not just to encrypt data, but to propagate itself to other endpoints, servers, fileshares and even VMs and Domain Controllers. Once this happens wide scale outages begin across the victims IT and services. 

   “Ransomware is also nearly impossible to prevent from a focused and dedicated threat actor. Casinos have some of the largest attack surfaces out there. Every IoT device presents the threat actors with another attack vector. I spoke to a casino that was hit recently that had the attack initiate on a temperature sensor in a large aquarium on their property.

   “These types of properties should view these as a “when” not “if” event and look to how to contain an outbreak within milliseconds vs solely focusing on prevention. With a prevention only focus the threat actor only needs to get it right one time. Containment tools and a disaster response plan have to be seen as “table stakes” for casinos in the modern threat world.”

Finally Emily Phelps, Director, Cyware had this to say:

   “Cybersecurity is increasingly complex, in part, due to the interconnected way in which business now operates. It is more difficult to isolate an issue, leading to widespread impact. Even well-resourced enterprises deal with disparate tools, siloed teams and data, and delayed response. Cybersecurity must become more collaborative to get ahead of threats that interrupt business continuity.”

This entry was posted on September 12, 2023 at 12:18 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.