Scattered Spider Cyberattack Disrupts MGM Resorts: Operations Back to Normal After Costly Downtime

The Scattered Spider threat group has been identified as the culprit behind the recent cyberattack on MGM Resorts, which occurred on September 10, according to an article by Dark Reading. This attack has had widespread ramifications, causing disruptions across MGM’s extensive network of over 30 hotels and casinos worldwide, with many systems still offline days later.

Scattered Spider is known for its social engineering tactics, particularly phishing schemes, to deceive users into divulging login credentials. They are associated with the BlackCat/ALPHV ransomware and have reportedly compromised both US and UK young adults.

The group’s modus operandi involves capturing one-time passwords (OTPs) or exploiting multifactor authentication (MFA) notification fatigue to gain unauthorized access to systems. Remarkably, they prefer using legitimate remote management tools instead of custom malware for maintaining persistent access.

Prior to targeting MGM, Scattered Spider also set its sights on Caesars Entertainment, extorting tens of millions in ransom from the company. Caesars is expected to provide more details about the attack in an upcoming SEC regulatory filing.

The MGM cyberattack severely impacted the conglomerate, causing operational disruptions, including the closure of gaming activities, for over ten days. The attack used the ALPHV encryptor and a social engineering ploy, initially preventing guests from accessing their rooms with card keys.

While the exact financial losses are difficult to quantify, some sources estimate daily losses exceeding $8 million for MGM. However, the company recently announced that its hotels and casinos are now operating normally, signaling an end to the costly downtime.

MGM is still working on restoring online hotel bookings and certain MGM Rewards functionalities, underscoring the enduring challenges posed by cyberattacks in today’s digital landscape.