The attack is widespread amongst the MGM properties (a total of 19 in the United States alone), as MGM owns a dozen in Las Vegas, including the Bellagio, Mandalay Bay and the Cosmopolitan. The attack commenced on Sunday evening, and has grinded the MGM properties to a halt. Forbes has reported that the attack has forced guests to “wait hours to check in and crippling electronic payments, digital key cards, slot machines, ATMs and paid parking systems.”
On Tuesday night (September 12th), VX-Underground, a malware research group with nearly 229,000 followers on X (formerly Twitter), posted that ransomware-as-a-service group ALPHV, also known as BlackCat, claimed responsibility for executing the attack by using social engineering to identify on LinkedIn an MGM employee who worked in IT support. The next step was simply to call the MGM help desk. And here’s the kicker to it all. In what no one in Las Vegas can seemingly come to accept, the attack took all of about 10 minutes to execute.
ALPHV is no stranger to the cybersecurity industry, suspected of being responsible for attacks against such companies as Reddit and Western Digital. In April 2022, CISA, America’s cyber defense agency, issued an alert based on an FBI flash report on ALPHV, noting the criminal group had “compromised at least 60 entities worldwide.”
Neither MGM nor the federal authorities has publicly characterized the nature of the breach, and while ALPHV’s responsibility for the attack has not been verified, Forbes reported that “cybersecurity experts say VX-Underground is a reliable source.”
The terrifying prospect is the question of what information the hackers have access to, and what they can do with it.
One noted insider in the cybersecurity industry told Forbes that “if hackers have encrypted your system, they’ll want a ransom to give you the key or to give access back. But they’ll also oftentimes take data and then threaten to release it if you don’t pay them.”
The source continued, “you just have to remember that these are very sophisticated, very well-organized groups. They they do a lot of research. We’ve seen that once attackers are in the system, they will sometimes look for your cyber insurance policy to see how much you’re covered for and then ask for that amount.”
As of this posting, the attack on MGM is still in progress.