Chris Swagler | September 18th, 2023


In a stunning revelation, MGM Resorts International Inc. recently fell victim to a crippling cyberattack, drawing attention to the ever-increasing ransomware threat. The attack has disrupted various facets of MGM’s operations and has been linked to the notorious ALPHV/BlackCat ransomware group. This article delves into the details of the attack, shedding light on the methods employed by the threat operators and the potential repercussions for MGM Resorts.

The Attack Unveiled

The cyberattack on MGM Resorts came to light on September 10, 2023, when the company was forced to shut down numerous systems due to a cybersecurity issue. The attack affected MGM’s website, casinos, and essential systems for email, restaurant reservations, hotel bookings, and even digital hotel room keys.

ALPHV/BlackCat Ransomware Group Takes Credit

Vx-underground, a respected research organization specializing in malware samples and threat intelligence, revealed that the ransomware group known as ALPHV, a subgroup of BlackCat, claimed responsibility for the attack. What is particularly astonishing is how the threat operators gained initial access to MGM Resorts’ systems – through social engineering. The threat operators reportedly found an MGM employee on LinkedIn, posed as them, and then called the company’s Help Desk. In a 10-minute conversation, the threat operators compromised a company valued at a staggering $33.9 billion. This highlights the vulnerability of even well-funded and seemingly secure organizations to social engineering attacks.

The Ongoing Fallout

As of the writing of this article, many of the systems taken offline due to the attack have yet to be fully restored, causing significant disruptions to MGM Resorts’ operations. The attack has also severely impacted MGM’s financial standing, with a more than 6% decline in the company’s shares since the incident.

MGM’s Response and Potential Consequences

MGM Resorts swiftly responded to the breach by filing an 8-K form with the US Securities and Exchange Commission (SEC), signaling the potential material impact of the attack on the company. Credit rating agency Moody’s has warned that the cyberattack could negatively affect MGM’s credit rating, underlining the financial implications of such incidents. Furthermore, the reputational damage incurred by MGM Resorts may have long-lasting effects. Unlike data breaches in the retail industry, where customers often continue shopping despite security incidents, a compromised experience at a casino resort can leave a lasting negative impression on visitors.

A Broader Perspective on Cybersecurity

The MGM Resorts cyberattack serves as a stark reminder that the threat of cybercrime knows no industry bounds. Despite investing heavily in physical and cybersecurity measures, organizations like MGM are susceptible to social engineering attacks that can bypass even the most sophisticated defenses.

The MGM Resorts cyberattack, allegedly orchestrated by the ALPHV/BlackCat ransomware group, exposes the vulnerabilities that even large corporations face in the digital age. As organizations continue to enhance their cybersecurity measures, it is crucial to prioritize employee education and robust authentication methods to counteract the increasingly creative tactics employed by cybercriminals. The aftermath of this attack serves as a sobering reminder of the importance of continuous vigilance in the face of evolving cyber threats. Social engineering attacks are among threat actors’ most common methods to harvest legitimate credentials.

SpearTip offers social engineering training as mitigation to enhance skills related to defending against these threats. The training tests the discernment of companies’ teams, educates employees regarding common phishing tactics and indicators, and identifies related security gaps in their environments. Our team creates social engineering simulations like those threat actors use and sends them throughout the organization. We provide insight and feedback to improve the cyber defenses of their teams, leading to a profound decrease in the likelihood of being victimized by social engineering scams. After the training, our team provides precise and thorough strategies to harden their environments and implement ongoing awareness training.

If your company is experiencing a breach, call our Security Operations Centers at 833.997.7327 to speak directly with an engineer.

Stay Connected With SpearTip

Inside the SOC Newsletter

View our articles that cover trending topics in cybersecurity with insights from our 24/7/365 Security Operations Center.

ShadowSpear Platform

Cybersecurity actors are working around the clock, shouldn’t your security team be too? Technology solutions and security controls fail for a number of reasons, poor deployment, improper implementation, or just no one monitoring the alerts.

ShadowSpear Demo

Experience ShadowSpear for yourself. Our lightweight, integrated solution will help you sleep easier at night and provide immediate confidence in your security posture.