Jae C. Hong / AP
The Las Vegas Monorail passes by MGM Grand, April, 27, 2006, in Las Vegas.
Tuesday, Sept. 12, 2023 | 11:55 a.m.
The targets of cybersecurity attacks are typically high-profile companies that face challenges getting back online, said Yoohwan Kim, a UNLV computer scientist who studies data privacy on blockchain and network security.
Think hospitals, utility companies, even casino giants like MGM Resorts International.
MGM, with 28 properties worldwide, including many up and down the Las Vegas Strip, starting late Sunday experienced what resort officials labeled a “cyber issue.”
The nature of the issue was not detailed, but a statement from MGM said efforts to protect data included “shutting down certain systems.” The FBI is taking part in the investigation.
The shutdown prevented credit card transactions and crashed the BetMGM sports betting mobile app and company websites. It also prevented digital access to guest rooms, halted some slot machine play and provided the company plenty of bad publicity.
It was not known how many people were affected by the disruptions.
“One thing is clear: When this happens, there’s a lot of chaos in the company figuring out what it will take to fix it,” said Kim, who spearheaded the effort to develop a cybersecurity major at UNLV.
Kim said answers to many questions — Who did this? What information was compromised? Why MGM? — wouldn’t be immediately known. An attack of this nature takes time to execute and could have been years in the making, he said.
The motivation was more than likely money — pay a ransom to get back up and running, he said. MGM could have been asked to pay “several million dollars,” Kim speculated.
“It comes down to a cost analysis” when deciding whether to pay, he said. “If there’s urgency and people will die (such as could be the case with a hospital), that’s motivation to pay the ransom to resolve as fast as possible.”
This is not the first time MGM has been the target of a cyber issue.
Details about millions of people who stayed at MGM properties were published in 2020 on a hacking forum, including some driver’s license and passport information.
The information was stolen in 2019 when a cloud server was hacked.
As hackers get more savvy, it’s up to companies to adapt, scholars said.
“Their security team has to be right 100% of the time,” Arthur Salmon, a professor of computing and information technology at the College of Southern Nevada, told the New York Times. “And the threats are always growing, always adapting, always getting more complicated. The attacker just has to be right once.”
What happened at MGM likely wasn’t one person but a group, Kim said. It was well planned out and orchestrated, and it likely included deep recon work, he said.
Kim said getting into the MGM system could have happened in a variety of ways, including hackers gaining access through an unknowing employee.
Hackers are known to spend time doing research, going as far as tracking down the name of an employee’s dog that could be part of a password or digging through trash for paperwork with sensitive data, Kim said.
They gather the names of employees, their addresses and what kind of operating system they are running at home in an attempt to find a way in, he said.
“They are trying thousands of (password) combinations a day or hour,” Kim said.
MGM has not determined the full impact of the latest cyber issue on its reservation systems and casino floors, company spokesman Brian Ahern said.
The incident impacted properties in Las Vegas and in states including Maryland, Massachusetts, Michigan, Mississippi, New Jersey, New York and Ohio, he said.
The FBI said in a statement that it was “aware of the incident” but did not disclose details. It characterized the event as ongoing.
MGM has tens of thousands of hotel rooms in Las Vegas at properties including the MGM Grand, Bellagio, Cosmopolitan, Aria, New York-New York, Park MGM, Excalibur, Luxor, Mandalay Bay and Delano.
The resorts bridged the technology gap Monday by giving physical room keys to guests who were previously using digital access and accepting dining reservations over the phone.
Without knowing specifics of the attack or what kind of backup servers MGM has in place, Kim said, it’s premature to assess the damage or long-term impacts.
“Once the hackers get in, there’s a lot of damage they can do,” he said.
The Associated Press contributed to this report.
