MGM Vegas properties locked up by ransomware

[spectra3279]

Hhhhmmmmm. I wonder if they get to keep the money that was sposed to go to taxes from people winnings if that data is gone?


And what about the money on people's casino cards?

 

[Crazyhippy]

"According to Caesars Entertainment 's latest financial reports the company's current revenue (TTM) is $11.41 B. In 2022 the company made a revenue of $10.82 B an increase over the years 2021 revenue that were of $9.47 B.The revenue is the total amount of income that a company generates by the sale of goods or services. Unlike with the earnings no expenses are subtracted."

11.4 Billion / 365 = $31.2 million per day!!!

Obviously that is gross, and thru the magic of crooked accounting, they show a net loss

 

[gqchris]

Statement released by the hacker group. For the techies in here, interesting that they got access thru their Identity Provider, Okta. And global admin to Azure. Hence the shutdown of everything.

Ransomware group steps up, issues statement over MGM Resorts compromise

We take a look at a ransomware group’s claims that they were the ones responsible for the MGM Resorts attack.

www.malwarebytes.com

 

[LargeOrangeFont]

Statement released by the hacker group. For the techies in here, interesting that they got access thru their Identity Provider, Okta. And global admin to Azure. Hence the shutdown of everything.

Ransomware group steps up, issues statement over MGM Resorts compromise

We take a look at a ransomware group’s claims that they were the ones responsible for the MGM Resorts attack.

www.malwarebytes.com

Okta just got kicked in the nuts… again.

Cue the cloud recoil

 

[rivermobster]

Statement released by the hacker group. For the techies in here, interesting that they got access thru their Identity Provider, Okta. And global admin to Azure. Hence the shutdown of everything.

Ransomware group steps up, issues statement over MGM Resorts compromise

We take a look at a ransomware group’s claims that they were the ones responsible for the MGM Resorts attack.

www.malwarebytes.com

I read an article the other day that Azure has given up all kinna info in some attack.

Related?

Jezuz these fucks are relentless.

 

[Singleton]

Statement released by the hacker group. For the techies in here, interesting that they got access thru their Identity Provider, Okta. And global admin to Azure. Hence the shutdown of everything.

Ransomware group steps up, issues statement over MGM Resorts compromise

We take a look at a ransomware group’s claims that they were the ones responsible for the MGM Resorts attack.

www.malwarebytes.com

It did not shut down everything, but got a large % of systems required to run the front of the house

 

[Dan Lorenze]

I’m at Park MGM this week. Guess I’ll be using my Amex card. lol

 

[rmarion]

Statement released by the hacker group. For the techies in here, interesting that they got access thru their Identity Provider, Okta. And global admin to Azure.

shit my Corp. uses Okta..
450 national branches, all connected...

joined in 2020... 10 digits PW.. changed every 3 months...
12 months ago... went to 14 digits Password @ 3 months changes... cannot use the same pw from last 20...

we have three separate logins...

I can see another revision coming up..

 

[LargeOrangeFont]

Got some inside info on this one tonight.. wholly shit. They are gonna be down for awhile.

 

[JFMFG]

Got some inside info on this one tonight.. wholly shit. They are gonna be down for awhile.

Damn that’s a bummer.

 

[EmpirE231]

Got some inside info on this one tonight.. wholly shit. They are gonna be down for awhile.

MGM or Otka?

 

[LargeOrangeFont]

MGM or Otka?

MGM. Months to recover. Major functionality is still down snd will be for awhile.

People are still using personal email to communicate as of a day or two ago

 

[PaPaG]

Director of MGM host services called me and they are up and running 100%. Amazing making BILLIONS of dollars and get hacked so easily both Caesars and MGM.

Here is a good article on what happened.
LAS VEGAS (AP) — MGM Resorts brought to an end a 10-day computer shutdown prompted by efforts to shield from a cyberattack data including hotel reservations and credit card processing, the casino giant said Wednesday, as analysts and academics measured the effects of the event.

“We are pleased that all of our hotels and casinos are operating normally,” the Las Vegas-based company posted on X, the platform formerly known as Twitter. It reported last week that the attack was detected Sept. 10.

Rival casino owner Caesars Entertainment also disclosed last week to federal regulators that it was hit by a cyberattack Sept. 7. It said that its casino and online operations were not disrupted but it could not guarantee that personal information about tens of millions of customers, including driver’s licenses and Social Security numbers of loyalty rewards members, had not been compromised.

Caesars, based in Reno, is widely reported to have paid $15 million of a $30 million ransom sought by a group called Scattered Spider for a promise to secure the data.

Details about the extent of the MGM breach were not immediately disclosed, including the kind of information that may have been compromised and how much it cost the company.

Gregory Moody, professor and director of the cybersecurity program at the University of Nevada, Las Vegas, pointed to quoted estimates that the computer shutdown cost the company up to $8 million per day, which could put the cumulative effect at $80 million. But Moody also noted that MGM Resorts reports annual revenues above $14 billion, which would mean it averages at least $270 million in revenues per week.

The company reported Wednesday that systems handling resort services, dining, entertainment, pools and spas were operational and its website and app were taking dining and spa reservations while the company worked to restore hotel booking and loyalty reward functions.

“MGM Resorts properties in Las Vegas and throughout the country are back to normal operations,” spokesman Brian Ahern told The Associated Press. MGM also has properties in Maryland, Massachusetts, Michigan, Mississippi, New Jersey, New York and Ohio.

FBI spokeswoman Sandra Breault in Las Vegas declined to comment and referred to a previous statement by the agency saying an investigation was ongoing.

Experts said the attacks exposed critical cybersecurity weaknesses at MGM and Caesars and shattered an image of casino invulnerability.

“At this point, all casinos should be moving to the highest defensive posture possible and taking active measures to verify the integrity of their systems and environment, and reviewing — if not activating — their incident response processes,” said Christopher Budd, a director of threat research at cybersecurity firm Sophos X-Ops. “There’s been attacks against multiple casinos, and it’s possible we’ll see more.”

Caesars Entertainment is the largest casino owner in the world, with more than 65 million rewards members and properties in 18 states and Canada under the Caesars, Harrah’s, Horseshoe and Eldorado brands. It also has mobile and online operations and sports betting.

MGM Resorts is the largest private employer in Nevada, operating tens of thousands of hotel rooms in Las Vegas at its flagship MGM Grand and properties including Bellagio, Aria, New York-New York and Mandalay Bay. It also operates resorts in China and Macau. It employees 75,000 people in the U.S. and abroad.

Caesars stock traded Wednesday at $50.17 per share, up 36 cents for the day. MGM shares were at $38.77, down 43 cents. Both companies are expected to disclose effects of the attacks in quarterly reports next month to the Securities and Exchange Commission.

The attack on MGM also has been attributed to Scattered Spider, a group of English-speakers also sometimes known as Øktapus operating under a Russia-based operation called ALPHV or BlackCat.

“But there are a lot of conflicting reports,” said David Richardson, an executive at cybersecurity firm Lookout. “You have Scattered Spider claiming that they’ve done both in various forums, and ALPHV, saying that Scattered Spider wasn’t involved with the other. But there’s a lot of technical evidence that shows that there’s a relationship between the two.”

Lisa Plaggemier, executive director at the nonprofit National Cybersecurity Alliance, called MGM’s decision to shut down vulnerable systems to prevent intrusion a positive step but said it highlighted “significant” security gaps and an urgent need for substantial investment in employee training and cybersecurity. The risk, she said, is ”downtime and financial losses.”

“Caesars Entertainment’s decision to pay the ransom highlighted a lack of confidence and investment in their cyber defenses,” Plaggemier said.

Moody, at UNLV, said via email that the attacks showed that even for well-prepared or technically advanced companies, “it is not a matter of if you get attacked, but when you get attacked.”

“Any target can be breached, as defense cannot win 100% of the time,” he said. “It is not that MGM did ‘bad’ or was negligent. If an advanced persistent threat, defined by its heightened skills, resources and time, targets you, they will find a way to access what they should not.”

 

[gqchris]

Director of MGM host services called me and they are up and running 100%. Amazing making BILLIONS of dollars and get hacked so easily both Caesars and MGM.

Here is a good article on what happened.
LAS VEGAS (AP) — MGM Resorts brought to an end a 10-day computer shutdown prompted by efforts to shield from a cyberattack data including hotel reservations and credit card processing, the casino giant said Wednesday, as analysts and academics measured the effects of the event.

“We are pleased that all of our hotels and casinos are operating normally,” the Las Vegas-based company posted on X, the platform formerly known as Twitter. It reported last week that the attack was detected Sept. 10.

Rival casino owner Caesars Entertainment also disclosed last week to federal regulators that it was hit by a cyberattack Sept. 7. It said that its casino and online operations were not disrupted but it could not guarantee that personal information about tens of millions of customers, including driver’s licenses and Social Security numbers of loyalty rewards members, had not been compromised.

Caesars, based in Reno, is widely reported to have paid $15 million of a $30 million ransom sought by a group called Scattered Spider for a promise to secure the data.

Details about the extent of the MGM breach were not immediately disclosed, including the kind of information that may have been compromised and how much it cost the company.

Gregory Moody, professor and director of the cybersecurity program at the University of Nevada, Las Vegas, pointed to quoted estimates that the computer shutdown cost the company up to $8 million per day, which could put the cumulative effect at $80 million. But Moody also noted that MGM Resorts reports annual revenues above $14 billion, which would mean it averages at least $270 million in revenues per week.

The company reported Wednesday that systems handling resort services, dining, entertainment, pools and spas were operational and its website and app were taking dining and spa reservations while the company worked to restore hotel booking and loyalty reward functions.

“MGM Resorts properties in Las Vegas and throughout the country are back to normal operations,” spokesman Brian Ahern told The Associated Press. MGM also has properties in Maryland, Massachusetts, Michigan, Mississippi, New Jersey, New York and Ohio.

FBI spokeswoman Sandra Breault in Las Vegas declined to comment and referred to a previous statement by the agency saying an investigation was ongoing.

Experts said the attacks exposed critical cybersecurity weaknesses at MGM and Caesars and shattered an image of casino invulnerability.

“At this point, all casinos should be moving to the highest defensive posture possible and taking active measures to verify the integrity of their systems and environment, and reviewing — if not activating — their incident response processes,” said Christopher Budd, a director of threat research at cybersecurity firm Sophos X-Ops. “There’s been attacks against multiple casinos, and it’s possible we’ll see more.”

Caesars Entertainment is the largest casino owner in the world, with more than 65 million rewards members and properties in 18 states and Canada under the Caesars, Harrah’s, Horseshoe and Eldorado brands. It also has mobile and online operations and sports betting.

MGM Resorts is the largest private employer in Nevada, operating tens of thousands of hotel rooms in Las Vegas at its flagship MGM Grand and properties including Bellagio, Aria, New York-New York and Mandalay Bay. It also operates resorts in China and Macau. It employees 75,000 people in the U.S. and abroad.

Caesars stock traded Wednesday at $50.17 per share, up 36 cents for the day. MGM shares were at $38.77, down 43 cents. Both companies are expected to disclose effects of the attacks in quarterly reports next month to the Securities and Exchange Commission.

The attack on MGM also has been attributed to Scattered Spider, a group of English-speakers also sometimes known as Øktapus operating under a Russia-based operation called ALPHV or BlackCat.

“But there are a lot of conflicting reports,” said David Richardson, an executive at cybersecurity firm Lookout. “You have Scattered Spider claiming that they’ve done both in various forums, and ALPHV, saying that Scattered Spider wasn’t involved with the other. But there’s a lot of technical evidence that shows that there’s a relationship between the two.”

Lisa Plaggemier, executive director at the nonprofit National Cybersecurity Alliance, called MGM’s decision to shut down vulnerable systems to prevent intrusion a positive step but said it highlighted “significant” security gaps and an urgent need for substantial investment in employee training and cybersecurity. The risk, she said, is ”downtime and financial losses.”

“Caesars Entertainment’s decision to pay the ransom highlighted a lack of confidence and investment in their cyber defenses,” Plaggemier said.

Moody, at UNLV, said via email that the attacks showed that even for well-prepared or technically advanced companies, “it is not a matter of if you get attacked, but when you get attacked.”

“Any target can be breached, as defense cannot win 100% of the time,” he said. “It is not that MGM did ‘bad’ or was negligent. If an advanced persistent threat, defined by its heightened skills, resources and time, targets you, they will find a way to access what they should not.”

This is far from over if they dont pay the hacker group. They may be trying to fluff it up, but they still got some serious issues. First is if the PII gets leaked.

Yesterday Lumen circuits in Vegas were getting DDOS'ed. (attacked). I can imagine we know where that came from!

 

[Racey]

MGM. Months to recover. Major functionality is still down snd will be for awhile.

People are still using personal email to communicate as of a day or two ago

Imagine the data wiping and backup restoring, all while combing through to make sure one of the backups doesn't contain the initial prybar that opened the door for them....

Thousands of personal computers and servers.

Absolute. Nightmare.

Happened to a good buddy of mine's business about 2 years ago. He was so frantic to get back up and running that he paid me to close my shop for a week so that i would come clean it all up and get him back up and running. He had maybe 10-15 workstations and 2 or 3 servers. It took 5 long days to wipe everything and implement backup and redundancy, with air gapped backups. etc. He takes it very seriously now.

Over the course of the last two years he estimated it cost him close to $400k in man hours for all of the lost CAD drawings that he had to have his guys remake from hand patterns or re-digitize from draftings.

 

[jet496]

Happened to a friend who does the books at a good sized steel company. They paid. Quite the racket!

This is the new world we live in. It's only going to get worse as we put every single thing online.

 

[Singleton]

Imagine the data wiping and backup restoring, all while combing through to make sure one of the backups doesn't contain the initial prybar that opened the door for them....

Thousands of personal computers and servers.

Absolute. Nightmare.

Happened to a good buddy of mine's business about 2 years ago. He was so frantic to get back up and running that he paid me to close my shop for a week so that i would come clean it all up and get him back up and running. He had maybe 10-15 workstations and 2 or 3 servers. It took 5 long days to wipe everything and implement backup and redundancy, with air gapped backups. etc. He takes it very seriously now.

Over the course of the last two years he estimated it cost him close to $400k in man hours for all of the lost CAD drawings that he had to have his guys remake from hand patterns or re-digitize from draftings.

IMO - They will end up rebuilding entire systems and pulling backup data from July to restore customer data in front of the house systems.

 

[Shlbyntro]

I read that Caesars paid $30 million. They're saying the hacker group "Scattered Spider" are a bunch of 18-20 year olds in Russia or somewhere like that.

They're not hackers. they're "cyber security consultants"

 

[shintoooo]

They're not hackers. they're "cyber security consultants"

 

[Racey]

They're not hackers. they're "cyber security consultants"

 

[Englewood]

Is this state sponsored or individuals living in a mansion on the coast of Africa?

 

[JJK94]

As of a couple minutes ago, Reward App is still not available and neither is online bookings. A couple hours ago I booked direct and they could not send an email
Seems like a corporate communication issue, Deal with it daily

 

[Sandlord]

I’ve made it a point to check all my credit card purchases on the Apps almost daily.
So far I’ve found out that my wife spends a lot of money on sewing and craft supplies.

 

[traquer]

Is this state sponsored or individuals living in a mansion on the coast of Africa?

I don't think this is the kind of piracy the coastal Africans are known for lol

Russians, Chinese hackers (probably state sponsored indirectly? Sell some data to Africans) Balkans and others probably connected to Russians somehow. I'm not sure how the good ole boy American hacker geeks operate, probably independently and then sell their loot overseas

 

[liquid addiction]

We have had 2 customers hacked in 2023.

 

[mbrown2]

Its not getting any better....better quit clicking on that porn phish.... 2022 FBI IC3 stats:

https://a.storyblok.com/f/52352/5068x2322/c4fb78df3f/cybercrime-losses-2022.png

 

[grumpy88]

I sure hope we get rid of the dollar and go to crypto currency instead !

 

[DarkHorseRacing]

Imagine the data wiping and backup restoring, all while combing through to make sure one of the backups doesn't contain the initial prybar that opened the door for them....

Thousands of personal computers and servers.

Absolute. Nightmare.

Happened to a good buddy of mine's business about 2 years ago. He was so frantic to get back up and running that he paid me to close my shop for a week so that i would come clean it all up and get him back up and running. He had maybe 10-15 workstations and 2 or 3 servers. It took 5 long days to wipe everything and implement backup and redundancy, with air gapped backups. etc. He takes it very seriously now.

Over the course of the last two years he estimated it cost him close to $400k in man hours for all of the lost CAD drawings that he had to have his guys remake from hand patterns or re-digitize from draftings.

That’s why when we dealt with our ransomware incident we only restored clean data onto freshly wiped and reinstalled OS and application servers. We felt we couldn’t trust system/OS drive restores not knowing when the compromise took place, and we didn’t want to restore possible malware and start the clock again.

Additionally most of our server OS and applications were older than current version so we took the opportunity to install current OS versions and application versions and all patches before putting the data back.

Also we switched antivirus from what we had (that was a contributing factor to getting compromised the first time) to Crowdstrike Falcon EDR.

We also switched firewalls, switched backup solutions, added MFA, took away anyone’s admin rights and a few other recommendations. It was a tough transition but now we are used to a few more steps getting our jobs done.

 

[n2otoofast4u]

We’re relatively small at 100M a year. We got got 2 years ago and I’d have rather shuttered the place than pay the fucks. It was a full month to get squared away, but we didn’t give them Russian bastards a dollar. I don’t wish this BS on anyone. My IT guy slept on a couch in a conference room for weeks while it all went down.

 

[HTTP404]

It cracks me up. Everyone expects data systems to be 100% bullet proof but nobody wants to pay for that shit.
I'm in the SRE world so I am well acquainted with the shit storm that accompanies an incident. The poor fuckers doing the recovery are under HUGE pressure. They didn't break it but they better get that shit back in service quick.

Got an ETA??????????????

 

[mbrown2]

Crime pays...

https://www.reuters.com/technology/hong-kong-crypto-firm-hit-by-200-million-hack-2023-09-25/

 

[wzuber]

According to that article hackers stole $$3.8 billion last year alone.
Just imagine how much $$$ our gov't can steal from us once they go full cryptocurrency instead of our current currency.

 

[traquer]

It cracks me up. Everyone expects data systems to be 100% bullet proof but nobody wants to pay for that shit.
I'm in the SRE world so I am well acquainted with the shit storm that accompanies an incident. The poor fuckers doing the recovery are under HUGE pressure. They didn't break it but they better get that shit back in service quick.

Got an ETA??????????????

Might not be a bad idea to make a mercenary group of the best IT people to help restore things for companies ASAP. You'd pay 10-100x more than you'd pay your employees, but you'd be up and running a lot faster and not have to pay these hackers.

Just some thoughts. But this is one reason I got into business. "Oh shit" things need oh shit levels of pay if you want to get it done.

 

[sintax]

Might not be a bad idea to make a mercenary group of the best IT people to help restore things for companies ASAP. You'd pay 10-100x more than you'd pay your employees, but you'd be up and running a lot faster and not have to pay these hackers.

Just some thoughts. But this is one reason I got into business. "Oh shit" things need oh shit levels of pay if you want to get it done.

this actually already exists, got a few buds who this. Essentially freelance hired gun type scenarios

 

[Thing One]

I'm surprised MGM's stock has not crashed, was looking for a good sale... And fuck these pirates!

 

[mbrown2]

this actually already exists, got a few buds who this. Essentially freelance hired gun type scenarios

Good hackers exist but these organized bad actor groups are young smart folks... 18-26 and some of the sharpest folks in the business.... As well at the end of the day; I can deploy all the tools and talent I want to monitor/protect systems but my biggest enemy is a current employee who clicks on a suspicious email without thinking.... My second biggest enemy is a former cyber employee who knows where the gaps are.... crazy biz.

 

[sintax]

Good hackers exist but these organized bad actor groups are young smart folks... 18-26 and some of the sharpest folks in the business.... As well at the end of the day; I can deploy all the tools and talent I want to monitor/protect systems but my biggest enemy is a current employee who clicks on a suspicious email without thinking.... My second biggest enemy is a former cyber employee who knows where the gaps are.... crazy biz.

Haha I didn’t say they were “good”, they’re very much freelance.

 

[C-2]

Might not be a bad idea to make a mercenary group of the best IT people to help restore things for companies ASAP. You'd pay 10-100x more than you'd pay your employees, but you'd be up and running a lot faster and not have to pay these hackers.

Just some thoughts. But this is one reason I got into business. "Oh shit" things need oh shit levels of pay if you want to get it done.

When I studied cybersecurity they were heavily recruiting college kids for the CyberCorps.

Feds pay for your schooling, give you a $20K year stipend to live on, $6K gear budget.

In exchange, you give them a 3-year commitment, which is rumored to be with the NSA. The rub is - you can be sent to a post anywhere in the world.

My daughter didn't go for it lol

 

[mbrown2]

When I studied cybersecurity they were heavily recruiting college kids for the CyberCorps.

Feds pay for your schooling, give you a $20K year stipend to live on, $6K gear budget.

In exchange, you give them a 3-year commitment, which is rumored to be with the NSA. The rub is - you can be sent to a post anywhere in the world.

My daughter didn't go for it lol

If a kid could spend 3 yrs in a NSA or DoD cyber group and get all that experience and high level classifications it is just priceless... Once that 3 yr is done the world is their oyster.... huge upside to all those top secret clearances going into private defense space or any fin tech space......

 

[C-2]

If a kid could spend 3 yrs in a NSA or DoD cyber group and get all that experience and high level classifications it is just priceless... Once that 3 yr is done the world is their oyster.... huge upside to all those top secret clearances going into private defense space or any fin tech space......

Yup. In my computer forensics course at CalState Fullerton there was one student going into the program -a thirty something year old electrical engineer. Not married, probably on the spectrum, he was a perfect fit. The forensics instructor worked network security for Bechtel and told him the same, Carte Blanche with any defense contractor upon his return.

And even back in 2012, that's what our instructor did all day long - fend off Chinese attacks.

 

[FlyByWire]

A couple card counters I follow on IG are saying the facial recognition systems are down and are posting/bragging about MASSSSIVE wins

 

[grumpy88]

A couple card counters I follow on IG are saying the facial recognition systems are down and are posting/bragging about MASSSSIVE wins

View attachment 1282605

The special will win big and the rest of you will pay back the loss ! The casino will not lose .

 

[hallett21]

A couple card counters I follow on IG are saying the facial recognition systems are down and are posting/bragging about MASSSSIVE wins

View attachment 1282605

If that 1/2 million is legit good for them lol.

My guess is that they’d narrow the max bet and minimum bet to mitigate losses.

A 10k max bet table with a 2500-5k minimum makes it hard to wait for a hot shoe.