The Aftermath of Casino Cyberattacks: Analyzing the Impact on MGM Resorts

Cybercrime MGM Resorts Computers Back Up After 10 Days as Analysts Eye Effects of Casino Cyberattacks

Introduction

MGM Resorts, one of the largest casino and hotel operators in the world, recently brought its computer systems back online after a 10-day shutdown caused by a cyberattack. The attack, which was attributed to a group known as Scattered Spider, targeted MGM’s data including hotel reservations and credit card processing. The incident has raised concerns about the cybersecurity vulnerabilities in the casino industry and the potential financial and reputational impact of such attacks.

Details of the Attack

The attack on MGM Resorts was detected on September 10th, prompting the company to shut down its computer systems to prevent further damage and protect customer data. While the extent of the breach and the kind of information compromised were not immediately disclosed, estimates suggest that the computer shutdown could have cost the company up to $8 million per day, resulting in a potential cumulative effect of $80 million.

MGM Resorts’ rival casino owner, Caesars Entertainment, also disclosed being hit by a cyberattack a few days prior to the MGM incident. While Caesars’ casino and online operations were not disrupted, the company could not guarantee that personal information of its tens of millions of customers had not been compromised. Caesars reportedly paid a $15 million ransom to a group called Scattered Spider to secure their data.

The Impact

The cyberattacks on MGM Resorts and Caesars Entertainment have exposed critical cybersecurity weaknesses in the casino industry and shattered the image of invulnerability associated with casinos. This raises concerns about the security of customer data, including personal information and financial details, as well as the potential financial losses faced by these companies.

The attacks have prompted experts to call for increased defensive measures by all casinos and a thorough review of their cybersecurity protocols. Christopher Budd, a director of threat research at cybersecurity firm Sophos X-Ops, emphasizes the need for casinos to move to the highest defensive posture possible, verify the integrity of their systems, and activate their incident response processes. Lisa Plaggemier, executive director at the nonprofit National Cybersecurity Alliance, highlights the urgent need for investment in employee training and cybersecurity to address the significant security gaps.

The Response

MGM Resorts has reported that its systems handling resort services, dining, entertainment, pools, and spas are operational. The company’s website and app are also taking dining and spa reservations while it works to restore hotel booking and loyalty reward functions. The FBI has confirmed that an investigation is ongoing, but experts warn that there may be future attacks against other casinos.

Both MGM Resorts and Caesars Entertainment are expected to disclose the effects of the attacks in their quarterly reports to the Securities and Exchange Commission next month. Meanwhile, concerns about the vulnerabilities in the casino industry and the potential financial losses resulting from cyberattacks have led to calls for increased investment in cybersecurity, employee training, and the adoption of more robust defensive measures.

Conclusion

The recent cyberattacks on MGM Resorts and Caesars Entertainment highlight the vulnerabilities in the casino industry’s cybersecurity measures and the potential financial impact of such attacks. The attacks serve as a wake-up call for the entire industry to prioritize cybersecurity, review and strengthen their defense protocols, and invest in employee training to mitigate the risks of future attacks. The incident also raises philosophical questions about the limits of defense against advanced persistent threats and the need to constantly improve cybersecurity practices in a rapidly evolving threat landscape.