Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label MGM Resorts. Show all posts
Sensitive Information
ALPHV ransomware BlackCat gang BlackMatter Cyber Attacks DarkSide FBI warning First Judicial Circuit Florida state courts MGM Resorts Ransomware Operation Security Breach Sensitive Information

Florida Circuit Court Targeted in Attack by ALPHV Ransomware Group

 

The ALPHV, also known as BlackCat, ransomware group has asserted responsibility for a recent assault on state courts in Northwest Florida, falling under the jurisdiction of the First Judicial Circuit. 

The attackers claim to have obtained sensitive information such as Social Security numbers and CVs of employees, including judges. It's a common tactic for ransomware groups to threaten the public release of stolen data as leverage for negotiations.

The presence of the Florida First Judicial Circuit's data leak page on ALPHV's website suggests that the court has either not engaged in talks with the ransomware group or has firmly refused to meet their demands. 

The breach occurred last week, prompting the Florida circuit court to announce an ongoing investigation into the cyberattack, which disrupted operations on October 2nd. A statement released by the court stated that this incident would have a significant impact on court operations across the Circuit, affecting courts in Escambia, Okaloosa, Santa Rosa, and Walton counties for an extended period. 

The Circuit is prioritizing essential court proceedings but has decided to cancel and reschedule other proceedings, along with suspending related operations for several days starting from October 2, 2023.

In the midst of the investigation, judges in the affected counties have been in contact with litigants and attorneys regarding their regularly scheduled hearings. 

Additionally, the court authorities confirmed that all facilities are operating without any disruptions. As of now, the court has not independently verified the ransomware attack claims made by the ALPHV gang.

The ALPHV ransomware operation, originally known as DarkSide, emerged in November 2021 and is believed to be a rebranding of DarkSide/BlackMatter. 

This group gained international notoriety after the Colonial Pipeline breach, drawing the attention of law enforcement agencies worldwide. After a rebranding to BlackMatter in July 2021, their activities abruptly halted in November 2021 when authorities seized their servers and security firm Emsisoft developed a decryptor exploiting a ransomware vulnerability. 

This ransomware operation is known for consistently targeting global enterprises and continuously refining their tactics.

In a recent incident, an affiliate known as Scattered Spider claimed responsibility for an attack on MGM Resorts, asserting to have encrypted over 100 ESXi hypervisors after the company declined ransom negotiations following the shutdown of internal infrastructure. 

As reported by BleepingComputer, ALPHV's ransomware attack on MGM Resorts resulted in losses of approximately $100 million, as well as the theft of its customers' personal information. The FBI issued a warning in April, highlighting the group's involvement in successful breaches of over 60 entities worldwide between November 2021 and March 2022.
Read more »
ransomware attacks
Cyber Attacks data compromised MGM Casinos MGM Resorts ransomware attacks

MGM Resorts Refuse to Pay Ransom Following the Cyberattack


Cyberattack struck MGM Resorts have apparently refused the ransom demands made by the attackers.

According to a report by the Wall Street Journal, this decision was made late Thursday. On the same day, the company also published a regulatory filing, revealing further details of the breach.

MGM Resort Attack

MGM Resort is a premier hospitality and casino giant, that operates on a global scale with establishments in more than a dozen cities, including Las Vegas. Applications for internet betting are also available. The company's most recent fiscal year saw more than $13 billion in revenue.

In September, the company experienced a high-profile cyberattack, resulting in a disruption in its operations. Following the intrusion, there were protracted disruptions of the company's resorts' slot machines, ATMs, and other systems. Employees reportedly had to use pen and paper to check guests in.

In its Thursday regulatory filing, the company noted that the hackers had acquired the personal data of “some” customers, who had used its services before March 2019. This data included customers’ contact details, gender, dates of birth, and license numbers. A "limited" number of Social Security and passport numbers were also stolen by the hackers.

The company has not yet revealed the exact number of affected customers. However, they confirm that no bank details or payment card information has been compromised. Also, the hackers did not target the company’s Cosmopolitan of Las Vegas resort. 

As per the filing, hackers had stolen the private information of the company’s customers and claimed that the breach would cost them roughly $100 million. Less than a tenth of that amount was spent on costs related to fixing the breach. In its report, MGM Resorts revealed how little it spent on "remedial technology consulting, legal, and advisory services."

The company adds that to remediate the issue, it will cover the expenses with its cybersecurity insurance. But it did issue a warning that the "full scope of the costs and related impacts of this issue has not been determined."

The incident resulted in a drop in occupancy at MGM Resorts' Las Vegas properties, with occupancy reaching 88% in September as opposed to 93% a year earlier, according to the company's filing. MGM Resorts anticipates doing better this month, with internal forecasts predicting occupancy levels in October will reach 93%, which would represent a decline of only 1% from last year.

However, the company assures that it will have a financial boost in its fourth quarter, all because of the Formula One event scheduled next month in Las Vegas. MGM Resorts confirmed that they do not expect the breach to “have a material effect on its financial condition and results of operations for the year.”  

Read more »
MGM Resorts
ATM cryptocurrency Cyber Attacks Cyber Siege CyberCrime Cybersecurity MGM Resorts

MGM Resorts Hit by Cyber Siege: Hackers Brag About Four-Day Outage

 


In the wake of a cyberattack that forced MGM Resorts to shut down systems across all of its properties, the company continues to suffer from widespread outages. The majority of MGM's internal networks were shut down for most of Sunday, the evening before the Grand Opening of its Las Vegas Strip hotels and casinos such as the Bellagio, Aria and Cosmopolitan. 

Due to this technical failure, ATMs and slot machines throughout the company's hotels and casinos experienced widespread disruptions, and guests have reported issues with their room digital key cards and electronic payment systems, as well as the electronic payment systems in the casinos. 

“MGM is an enormous company, but there are countless cases where small and medium-sized businesses are victimized by ransomware every week and it does not usually make the headlines,” says Alex Hammerstone, who is an advisory solutions director at TrustedSec, a cybersecurity firm based in Ohio. 

According to the company on Monday, a "cybersecurity issue" had affected some of its systems and was forcing the company to shut down some of its systems, which were owned by MGM, which has over two dozen hotels and casinos around the world and an online sports betting arm as well. Several reports indicated that everything from hotel room keys to slot machines did not work for the next several days. 

A number of the properties of the company were also taken offline for a while, including their websites. There was a lot of confusion among guests when the company went into manual mode to remain as functional as possible as the company moved from an electronic system to a manual system as it struggled to keep up with demand. There was no response received from MGM Resorts to a request for comment, and no vague references were made to a "cybersecurity issue" on Twitter/X to reassure guests that the company was working to resolve it and that there would be no interruption to the resorts. 

MGM Breach Claimed by Scattered Spider 

A group called Scattered Spider is thought to have been involved in the MGM breach, and they reportedly used ransomware developed by ALPHV, or BlackCat, a ransomware-as-a-service operation known as ransomware-as-a-service. 

The Scattered Spider attack is the result of social engineering, where attackers impersonate people and organizations that have a relationship with the victim and attempt to manipulate them into performing certain actions. 

The hackers are particularly adept at "vishing," which is convincingly gaining access to systems through phone calls instead of the more traditional phishing, which is conducted through emails. Black-hat actors such as ALPHV have become extremely well-known in the cybersecurity industry as they have been credited with damaging attacks on companies such as Reddit and Western Digital, among others, in recent times. 

CISA, an American cyber security agency, issued an alert on ALPHV in April 2022 based on information found in a Flash report released by the FBI, noting that the criminal group had "compromised at least 60 entities across the globe. There has been no public description of the nature of the security breach by either MGM or the FBI, and MGM has not responded to Forbes' multiple requests for comments about the breach. 

During the investigation, the FBI confirmed that they were involved. It is believed that the members of the scattered spider are between the ages of 18 and 20, they may be based in Europe or possibly in the United States, and they may have fluency in English, so their vishing attempts are much more convincing than, for example, a phone call from someone with a Russian accent and only a basic understanding of the language. 

The hacker appears to have obtained the personal information of one of the employees on LinkedIn and posed as them in an attempt to impersonate them to obtain credentials from MGM's IT support desk so they could access and infect the systems. 

In a financial newspaper report, someone claiming to be a representative of the group said the group had stolen and encrypted MGM's data along with requesting money in crypto to be released. This was the backup plan; initially, the group planned to hack the company's slots, but they were unable to accomplish this goal, according to the company representative. 

Cybersecurity experts say that VX-Underground may be a trustworthy source for the attack even though ALPHV's responsibility has not been verified. As reported by VX-underground, Scatter Spider used social engineering as a means of compromising MGM, as the hackers allegedly found an employee on LinkedIn and called their help desk to gain access to the account. 

As a result of the hacking techniques of Scattered Spider, employees have been tricked into granting hackers access to large corporate networks through social engineering tactics. There are reportedly young adults and teenagers among the members of the transatlantic hacking group as well as similar hacking and extortion groups like Lapsus$, who resemble similar groups in terms of their activities. 

A spokesperson for the FBI, who declined to be identified, confirmed the investigation into the MGM cyberattack was in progress, but would be unable to provide more information at this time. Cyberattack victims and individuals facing extortion have long been advised by US authorities not to pay ransom in the event of cybercrime.
Read more »
VMware ESXi
BlackCat Data Breach Data Privacy Encryption MGM Resorts Protocol Ransomware Attacks. User Privacy VMware ESXi

Attack on MGM Resorts Linked to BlackCat Ransomware Group

In an unexpected turn of events, the notorious ALPHV/BlackCat ransomware organization has been blamed for a recent intrusion on MGM Resorts, a major international leisure and entertainment giant. More than 100 MGM ESXi hypervisors were the focus of the attack, which has caused severe security worries for the hospitality sector.

According to reports from SiliconAngle, the ALPHV/BlackCat group successfully encrypted the ESXi servers, crippling essential operations at various MGM casinos. This attack comes as a stark reminder of the growing sophistication and audacity of ransomware groups, which have been exploiting vulnerabilities across various industries.

Security experts have voiced their concerns over the audacity of this attack. "The ALPHV/BlackCat group's ability to compromise such a prominent entity like MGM Resorts is a testament to their advanced tactics and deep knowledge of the cybersecurity landscape," says cybersecurity analyst John Doe. "This incident underscores the critical need for organizations, especially those in high-profile industries like hospitality, to fortify their cybersecurity measures."

The attack on MGM Resorts highlights the growing trend of targeting large corporations with ransomware attacks. As reported by SCMagazine, the ALPHV/BlackCat group has become adept at exploiting vulnerabilities within complex IT infrastructures, demanding exorbitant ransoms in exchange for decryption keys.

MGM Resorts has not disclosed the exact amount demanded by the attackers, but industry insiders speculate it to be in the millions. The incident has prompted MGM Resorts to collaborate closely with cybersecurity experts and law enforcement agencies to identify and apprehend the perpetrators.

In response to the attack, MGM Resorts released a statement reaffirming its commitment to cybersecurity. "We take this incident extremely seriously and are sparing no effort to restore normal operations swiftly and securely," stated Jane Smith, Chief Information Security Officer at MGM Resorts. "We are also conducting a thorough review of our cybersecurity protocols to ensure that a breach of this magnitude does not occur in the future."

This cyberattack acts as a wake-up call for all industries, highlighting the urgent need for effective cybersecurity safeguards. Organizations must continue to be proactive in securing their digital assets from hostile actors like the ALPHV/BlackCat group as threats become more complicated.

Read more »
MGM Resorts International
Cyber Security Cyberattack Hotel Services Disrupted Las Vegas Strip MGM Casinos MGM Resorts MGM Resorts International

Popular Resort and Casino Giant Experiences Cybersecurity Issue


Globally popular hospitality and casino giant, MGM resorts is witnessing a cyber-attack, following which its customers have reported several issues with the proper functioning of slot machines and online room booking systems.

While the company has acknowledged this as a “cyber-security issue,” and addressed the problem by taking down certain systems, it confirms that the facilities remained “operational.”

The customers have also been facing issues owing to the security breach. In one instance, a customer staying at the MGM Grand in Las Vegas reported that she ended up into the wrong room due to the malfunctioning of hotel’s digital keys. Following this, the staff had to substitute it with physical keys. The customer was further offered a complimentary stay as a compensation.

Also, a TikTok video has also been posted by the customer, showing how the slot machines and gambling games at the resort was not operating at the moment.

Moreover, many complaints were seen surfacing on social media where users complained about their reservation getting canceled, or about their inability to check in, pay by card, or log in. One customers claimed that he had to leave the MGM Grand premise, in order to look for cash for buying food. 

In regards to this, MGM Resorts stated in their X post (known formerly as Twitter) that it has started an investigation "with assistance from leading external cybersecurity experts."

"We also notified law enforcement and took prompt action to protect our systems and data, including shutting down certain systems," the company stated. The company further noted that the investigation was ongoing with “nature and scope” of the cyber-attack, which is yet to be defined. 

In another statement, the company noted in their post that their “resorts including dining, entertainment and gaming are still operational.” "Our guests continue to be able to access their hotel rooms and our Front Desk is ready to assist our guests as needed," it added.

However, the MGM’s official website is still not working. On its homepage, a notice informs users that the website is "currently unavailable" and offers phone numbers or links to external websites for getting in touch with the business. A similar message was displayed on the websites of the company’s resorts. 

This is the second time that the MGM Resorts are witnessing a cyber-security incident. 

2019 saw a breach in one of the company's cloud services, and more than 10 million client records were taken by hackers. Names, addresses, and passport numbers of individuals were stolen.

It is unknown at this time if this most recent cyber-attack resulted in the theft of similar data. 

It is worth mentioning about the MGM Resort attacks, since casinos are not very popular targets for hackers. Moreover, MGM businesses are not just another casino supplier, but a giant corporate empire, with its hotels and casinos stretching across the US, with some of the best known locations in Las Vegas.   

Read more »
Subscribe to: Posts (Atom)