UPDATED 19:48 EDT / SEPTEMBER 13 2023

SECURITY

ALPHV/BlackCat ransomware group linked to attack on MGM Resorts

A range of services at MGM Resorts International Inc. remained offline today following a ransomware attack that is now being linked to the ALPHV/BlackCat hacking group.

The ransomware attack was first detected on Sunday and affected websites, online reservations, ATMs and credit card machines at MGM Resort locations across the U.S. There were also reports that slot machines and room keys were also affected.

Although MGM continues to refer to the issue officially as a “cybersecurity issue,” including in an 8-K filing with the U.S. Securities and Exchange Commission on Tuesday, claims have emerged that the ALPHV hacking group, also known as BlackCat, was behind the attack and that the attack occurred because of social engineering.

VX-Unground, a malware research group, claimed on X (formerly Twitter) that the ransomware group compromised the company by calling the MGM Resorts helpline and undertaking a 10-minute conversation.

It should be noted that ALPHV has not publicly taken credit for the attack. SiliconANGLE has checked the group’s dark web site and the MGM Resorts attack is not listed, although that could quickly change.

The disruption of services has also prompted a decline in the price of MGM Resorts shares of more than 6% since Monday. CNBC reports that credit rating agency Moody’s Corp. has warned that the cyberattack could negatively affect MGM’s credit rating, saying the attack highlighted “key risks” within the company. The U.S. Federal Bureau of Investigation is also said to be monitoring the situation.

The claim by VX-Unground that the attack occurred through social engineering has become the center of conversation around the attack. It’s certainly not the first time a company has been targeted in this way, but that a company the size of MGM Resorts could be targeted highlights the risks.

“These types of schemes are relatively easy — an actor can look up employees on LinkedIn, impersonate them to the organization’s helpdesk and go from there,” Ian McShane, vice president of strategy at security operations company Arctic Wolf Networks Inc., told SiliconANGLE. “There’s also a chance that attackers may have leveraged stolen employee personal credentials from previous incidents – information that is readily available on the dark web.”

McShane explained social engineering, if it is indeed the root of the MGM Resorts incident, can happen to any organization, no matter how sophisticated.

“Establishments like MGM invest heavily in physical security, monitoring and visibility of physical people, without inside knowledge, so you’d assume that they do for cyber, too,” McShane added. “I’m almost certain that MGM isn’t underfunded or underinvested in cyber. I suspect this is just more proof that technology is not the silver bullet. People and processes need to be continuously monitored and modified as the threat landscape changes.”

BlackCat/ALPHV was previously in the news in June when it targeted Casepoint Inc., a legal discovery technology company. The group was also in the news in April when it targeted retail point-of-sale and automatic teller machine technology company NCR Corp.

Image: Ideogram

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU