The recent cyberattack on MGM Resorts, which has left the conglomerate’s hotels and casinos offline for several days, is believed to be the work of a threat group called “Scattered Spider.” According to sources familiar with the matter, the group is made up of young adults from the United States and United Kingdom, and they are known for using social engineering tactics to trick users into giving up their login credentials.
The Scattered Spider ransomware group is also affiliated with the BlackCat/ALPHV ransomware, as reported by Reuters. This group has recently targeted another major casino operator, Caesars Entertainment, and reportedly received millions of dollars in ransom payments. Bloomberg reported that Caesars is expected to file a regulatory document with the Securities and Exchange Commission (SEC) in the coming days, providing more details about the attack.
Scattered Spider’s modus operandi involves a combination of credential phishing and social engineering techniques. They are adept at capturing one-time-password (OTP) codes or overwhelming targets with multifactor authentication (MFA) notification fatigue tactics, as highlighted in a CrowdStrike report from January. The group also avoids using unique malware and instead relies on a wide range of legitimate remote management tools to maintain access to compromised systems.
Meanwhile, the websites of MGM Resorts continue to remain offline, and the investigation into the cyberattack is ongoing. This incident has disrupted operations at more than 30 hotels and casinos owned by the conglomerate, which are located in different parts of the world.
The attack on MGM Resorts is a stark reminder of the cybersecurity threats faced by organizations in the hospitality industry. With the increasing digitization of customer information and the growing dependence on online services, the sector has become an attractive target for cybercriminals. Such attacks not only result in financial losses due to business disruption but also erode customer trust and affect brand reputation.
As the investigation into the MGM Resorts cyberattack continues, it is essential for the affected organization to take swift action to mitigate the damage and strengthen its cybersecurity defenses. This includes conducting a thorough analysis of the attack, identifying vulnerabilities in their systems, and implementing robust security measures to prevent future incidents.
Furthermore, this incident highlights the importance of proactive cybersecurity practices, such as employee awareness training, regular security audits, and the adoption of effective incident response plans. Organizations must also stay updated on the latest cybersecurity threats and vulnerabilities to stay one step ahead of cybercriminals.
In conclusion, the cyberattack on MGM Resorts by the Scattered Spider group has caused significant disruption to the conglomerate’s operations worldwide. The attackers, known for their use of social engineering tactics, have targeted multiple organizations in the gaming industry. As investigations into this incident continue, it serves as a reminder to organizations in the hospitality sector and beyond to prioritize cybersecurity and take necessary measures to protect their systems and customer data.