Skip to main content
Rehmann
Rehmann
Solutions
Industries
Resources
About Us

Cyberattack Shuts Down MGM Resort Operations: A Deep Dive

September 20, 2023

Contributors: Nick Verhelle

In a shocking turn of events, MGM Resorts has found itself at the center of a major cyberattack, leaving its operations crippled.  The company recently disclosed that it fell victim to a hack, prompting a thorough investigation from internal and external cybersecurity personnel, and the FBI. While some details remain unverified, reports suggest that the attack was carried out by a ransomware group employing social engineering tactics, displaying the importance of cybersecurity in the modern business landscape. 

Impact of the Cyberattack on MGM 

The impact from this cyberattack has been nothing short of disastrous for MGM Resorts and Casinos. The attack has caused disruptions to vital systems including corporate email and hotel booking services at multiple MGM properties, malfunctioning slot machines, and out-of-service ATM machines. The financial implications are staggering, with millions lost due to stoppages in key operations, every passing minute only worsens the damage. The system outages have been estimated by gaming industry analysts at the Jefferies Group to cost the company 4-8 million dollars a day in lost business. 

In addition to the financial and operational harm done by the attack, MGM’s public image and reputation has been tarnished. In the era of social media and wall-to-wall news coverage, a number of customers will no longer feel secure giving their financial or personal information to MGM.  

The Attack Vector: Social Engineering 

While the precise attack path remains unclear, it is reported that the attackers gained access to the organization’s network by gathering information from employee’s LinkedIn account. The attackers then initiated contact with the company’s IT help desk using the information from LinkedIn. Although the details are not confirmed, it appears the attackers leveraged information taken from social media to convincingly impersonate the employee, deceiving the help desk employee into taking insecure actions. Whether by posing as a trusted colleague, soliciting user credentials, or coaxing the employee into downloading malicious files, the attackers exploited public information and the employee’s lack of security awareness to breach MGM Resorts’ environment. 

Key Takeaways 

This cyberattack serves as a stark reminder of several fundamental cybersecurity principles:

  1. The Human Element: Our Tendency to Trust Makes us all Vulnerable
  • Organizations must acknowledge that employees often constitute the weakest link in their cybersecurity posture. To mitigate the risk of successful social engineering attacks, continuous security education and training are imperative. Administrative procedures should include identity verification measures especially for sensitive activities like Help Desk support. While multifactor authentication adds an extra layer of protection, users will still legitimately need assistance resetting their multifactor authentication in addition to their passwords. Help desk personnel must consistently verify the identities of those they interact with information that cannot be easily gathered from the Internet. 
  1. Assume a Breach has Occurred
  • Robust technical security controls and best practices should be implemented under the assumption that an attacker may have gained initial access to the environment. While social engineering may open the door, additional attack techniques are often needed to inflict substantial damage. This underscores the need for organizations to shift their focus from relying solely on perimeter controls to establishing strong internal technical controls and best practices. 

Monitoring your environment at multiple levels for unexpected activity is critical. Almost all companies should have a security toolset that automatically monitors identity platforms (like Active Directory, Entra ID, Okta, etc.), endpoints (both workstations and servers), and network/firewall traffic for unusual activity. If the preliminary reports are true, a SIEM, XDR, or other properly configured tool with the capability to monitor MGM’s Identity platforms could potentially alert personnel to logins from an unusual location shortly after changes to the user’s password and/or MFA.  

Be Proactive, Not Reactive 

While the security tools in place at the company are not known. The early reports from the cyberattack on MGM serve as a glaring example of the far-reaching consequences of inadequate cybersecurity measures. The incident serves as a warning signal to organizations across all industries to prioritize cybersecurity education, adopt durable technical and monitoring controls, and remain vigilant against evolving threats.  

As we move further into the digital age, the importance of safeguarding sensitive data and critical systems cannot be overstated. For MGM, the road to recovery will be long and arduous, but for the rest of us, this incident can be a valuable lesson. Taking measured steps to prevent cyberattacks now can save our organizations millions in lost revenue, damage to critical our operations, and significant impact to our public image.