After the cyberattack, the big bill for the casino and hotel operator MGM Resorts international. This iconic Las Vegas company with a turnover of $13 billion has just been shaken up by a major computer hack. It now estimates the cost of the damage at $100 million, a sum mentioned in a document sent to the Securities and Exchange Commission (SEC), the policeman of the American stock market.
MGM Resorts also specifies that it had to incur $10 million during the crisis for technology consulting, legal fees and other expenses that could be partially covered by its insurance. But, specifies the Wall Street Journal, the company would not have paid a ransom. Unlike another company in the sector, Caesars, also the victim of a computer attack a few days earlier, which paid out $15 million, according to CNBC.
Theft of customer data
As MGM Resorts later explained to its guests, the computer intrusion ultimately resulted in the theft of guests’ personal information, as well as an unspecified number of Social Security numbers and passports. On September 11, the company had to close its IT after the discovery of a serious security problem, thus blocking access to rooms locked by a digital key or preventing reservations.
Customers had also complained on social networks of no longer being able to play certain slot machines, switched to “manual mode” in several of the group’s casinos in the United States. “We reacted quickly to mitigate the risks,” assured Bill Hornbuckle, the CEO of the company, a way he claims to prevent the theft of banking information.
Scattered Spider
According to security researchers Vx-Underground, the hackers allegedly managed to break into the company’s IT using a social engineering technique, by calling the company’s IT hotline after visibly posing as one of the employees. This high-flying computer hack, with the false air of Ocean’s Eleven, was finally linked by the Reuters news agency and the Financial Times to the Scattered Spider cybercriminal group. The latter would have relied on the infrastructure of the Alphv/BlackCat ransomware franchise.
Also known as Roasted 0ktapus and UNC3944, the members of Scattered Spider are specialists in phishing attacks and Sim-Swapping, two social engineering techniques. They are “incredibly effective,” warned Charles Carmakal, Mandiant’s technology director. “Although the members of this group may be less experienced and younger than most extortion groups, they pose a serious threat to large organizations in the United States,” it added.