In 2023, MGM Resorts International, a prominent casino chain, was the victim of a cyberattack that took down many of its systems 1. The attack was carried out by a group known as Scattered Spider, which is believed to have used fraudulent phone calls to employees and help desks to “phish” for login credentials 2. The group initially planned to hack the company’s slot machines but were unable to do so 1. Instead, they stole and encrypted MGM’s data and demanded payment in cryptocurrency to release it 1. Caesars Entertainment, another casino chain, was also targeted by the same group and reportedly paid a $15 million ransom to the hackers 3.
The full extent of the breaches is unknown, but Moody’s deemed the breach at MGM a “credit negative” for the company. It said it may suffer lost revenue and remediation costs 3. The attacks show how even organizations that you might expect to be especially locked down and protected from cybersecurity attacks are still vulnerable if the hacker uses the right attack vector 1.
The MGM hack has been described as chaotic and cinematic, with some reports suggesting that it may have started with a phone call 1. The hackers were able to create what is likely to be some very expensive havoc that will hurt both the resort chain and many of its guests 1.