Hackers Claim It Only Took a 10-Minute Phone Call To Shut Down MGM Resorts
An anonymous reader quotes a report from Engadget: The ALPHV/BlackCat ransomware group claimed responsibility for the MGM Resorts cyber outage on Tuesday, according to a post by malware archive vx-underground. The group claims to have used common social engineering tactics, or gaining trust from employees to get inside information, to try and get a ransom out of MGM Resorts, but the company reportedly refuses to pay. The conversation that granted initial access took just 10 minutes, according to the group. "All ALPHV ransomware group did to compromise MGM Resorts was hop on LinkedIn, find an employee, then call the Help Desk," the organization wrote in a post on X. Those details came from ALPHV, but have not been independently confirmed by security researchers. The international resort chain started experiencing outages earlier this week, as customers noticed slot machines at casinos owned by MGM Resorts shut down on the Las Vegas strip. As of Wednesday morning, MGM Resorts still shows signs that it's experiencing downtime, like continued website disruptions. In a statement on Tuesday, MGM Resorts said: "Our resorts, including dining, entertainment and gaming are currently operational." However, the company said Wednesday that the cyber incident has significantly disrupted properties across the United States and represents a material risk to the company. "[T]he major credit rating agency Moody's warned that the cyberattack could negatively affect MGM's credit rating, saying the attack highlighted 'key risks' within the company," reports CNBC. "The company's corporate email, restaurant reservation and hotel booking systems remain offline as a result of the attack, as do digital room keys. MGM on Wednesday filed a 8-K report with the Securities and Exchange Commission noting that on Tuesday the company issued a press release 'regarding a cybersecurity issue involving the Company.'" MGM's share price has declined more than 6% since Monday.
Read more of this story at Slashdot.