Major Cyber-Attack Hits Las Vegas Entertainment Giants

As reported earlier this month, a couple of Las Vegas entertainment giants were hit by a major cyber-attack. A major cyber incident crippled casino and hotel enterprise Caesars Entertainment, and MGM was forced to shut down computers and some slot machines for days.

The attack on MGM Resorts affected basic computer systems and damaged telephone networks, hotel systems, casino systems, key systems, and elevators. Scattered Spider, an affiliation of BlackCat/ALPHV/Noberus, claimed responsibility for the attack.

Divergent Strategies: Ceasars versus MGM 

The cybercriminals managed to get the infrastructure of the multibillion-dollar business to its knees and caused damages worth tens of millions of dollars. However, William Hornbuckle, CEO of MGM Resorts International, said that he refused to give in to the fraudsters, and MGM did not pay the ransom requested by the criminals.

This is an entirely different strategy to deal with threat actors compared to Ceasars’ management, which managed to get things going fairly quick after paying a negotiated $15 million ransom.

However, while Ceasar’s was back in the game in days, MGM Resorts International took a bit longer, which undoubtedly meant they would generate more losses because of the attack. MGM is a Fortune 500 company with a $10+ billion annual revenue – there is no way crippling such a colossal company won’t negatively impact the business. The loss may not be a lot for the business itself, but it is an enormous number. 

MGM stated that it estimates a negative impact from the cyber security issue to be approximately $100 million. This excludes the roughly $10 million MGM paid to cyber security companies to clean up the mess left by the hackers.

MGM will likely incur an initial loss of about $110 million. This number excludes the possible outcome of multiple lawsuits triggered after the attack became public. The class action lawsuits will likely cause additional losses for MGM as concerned individuals believe that the casino giant did not do enough to protect their personal data. 

MGM’s Resilience: Learning from the Cyber Attack and Strengthening Its Defenses

On a positive note, the giant was well insured against cyber-attacks, and the insurance company will probably be the one to cover the damages.

MGM expects next year’s cyber security insurance to be through the roof but vouched to improve its cyber security so they don’t have to use the insurance policy again.

The hotel giant has begun addressing the issues that allowed the hackers to social-engineer their way into MGM’s systems and appears to be keen to invest in further development of infrastructure, people, and processes. Hence, the company is more prepared for such attacks in the future.