A Grand Attack: How The MGM Resort Cyberattack Shook The Hospitality Industry

In the bustling world of entertainment and hospitality, few names carry as much weight as
MGM Resorts. However, the recent cyberattack on their Las Vegas properties sent shockwaves through the industry and raised concerns about the vulnerabilities businesses face in the digital age. Let’s dig into the attack and its far-reaching impact on both MGM and the greater hospitality industry.

Small Gamble, Big Win

Las Vegas: a city of lights, glitz, glamor, and above all: money. Like any other night, there’s entertainment and excitement around every corner for guests at the MGM Resorts, the powerhouse behind high roller casinos like MGM Grand, Bellagio, Aria, and Cosmopolitan on the strip. Behind the scenes, a different story was unfolding.

While its resorts, casinos and sportsbooks are technologically advanced for guests’ comfort and employee efficiency, it started working against them as soon as a Service Desk employee picked up a seemingly innocuous phone call. In blinding speed, this “vishing” phone call from a cyberattacker triggered a cascading series of disruptions that reverberated through all the different MGM properties.

By the end, MGM paid out the $15 million ransom to the hacker group that claimed responsibility, known as Scattered Spider or UNC3944, and believed to be associated with the larger ALPHV ransomware group. While it might seem like a small amount, MGM’s hesitation to respond and inability to respond to the attack is estimated to have cost them around $84 million dollars in revenue, not to mention missed profits from customer dissatisfaction and lowered business.

Beyond The Casino Floor: Digging Into The Business Impact

In days, anything connected to the resorts’ networks nationwide were affected and shut down, including MGM websites and apps, check in systems, ATMS, electronic room keys, slot machines, and even elevators. Gradually, some systems returned, including resort amenities, dining, entertainment, pools, and spas, but some systems remained affected for a far longer period of time than comfortable.

  • Beating The House – The cyberattack disrupted the seamless operations MGM Resorts was known for. Staff members found themselves reverting to manual, pen-and-paper processes to handle the influx of guests. What was once an efficient check-in and payment process had become chaos.
  • Losing The Pot – The financial toll of the cyberattack was substantial. With crucial revenue streams, such as gaming and online bookings, paralyzed during the extended downtime, MGM Resorts faced massive financial losses.
  • Big Stakes – Beyond financial implications, the incident tarnished MGM Resorts’ reputation for delivering top-tier experiences. Disappointed guests, inconvenienced by the disruptions, aired their grievances, potentially impacting customer loyalty and recovering revenue.

Key Takeaways: Don’t Gamble With Cybersecurity

The MGM Grand cyberattack serves as a stark reminder that no organization is immune
to evolving cyber threats, especially when it comes to big cash businesses. As the hospitality sector leans increasingly on technology, enhancing cybersecurity measures becomes not just a choice but a necessity.

  • Learn The Game – Regular cybersecurity training for all employees, especially those handling sensitive data, is vital in thwarting social engineering attacks like vishing, phishing or impersonating.
  • VIP Section – The implementation of robust authentication protocols, such as multi-factor authentication (MFA), plays a pivotal role in deterring unauthorized access.
  • Close To The Vest – The enforcement of strict access controls to any network is essential to limit unauthorized entry to critical systems.
  • Don’t Fold – Equipping organizations with advanced monitoring tools and a well-defined incident response plan is critical for the swift detection and mitigation of threats.

Know Your Limits

The MGM Grand cyberattack underscores the vulnerabilities that businesses face in today’s interconnected digital landscape. By drawing lessons from this incident and investing in robust cybersecurity measures, organizations can safeguard their operations and uphold their reputation in an era of increasing cyber risks.