Threat actors continue to conduct cyberattacks against bigger companies and organizations. MGM has not disclosed any information regarding the issue with its systems, but experts believe that it was a result of a cyberattack.
MGM Cyberattack
In MGM Resorts International's Las Vegas property, guests experienced a few issues during their stay due to disruptions in the hotel's systems. Some of them claimed that were not able to charge orders and services to their rooms or make reservations using their digital keys.
In addition to that, the company's website was also down on Monday. Visitors and hotel guests took to Facebook to complain about their experiences, saying that the slot machines were not working and that there were issues with the rooms.
MGM did say that a cybersecurity issue was affecting their online systems, but they did not elaborate further than that. Cybersecurity experts, however, strongly believe that the disruptions were the result of a cyberattack, which MGM has yet to acknowledge.
The company says they have taken prompt action to protect their systems and data, including shutting down certain systems, adding that the investigation for the incident is ongoing and that they are "working diligently to determine the nature and scope of the matter."
Associate Professor of Information Systems and Cybersecurity at the University of Nevada, Greg Moody says that a cybersecurity issue usually means that a group or a person attack the company's network, as reported by The New York Times.
He added that the attackers might've found a weakness in MGM's cybersecurity systems, which they exploited to take down the company's systems. It's possible that the incident was a ransomware attack, where the threat actors would release stolen data unless the company paid a ransom.
Failure to do so will result in the hackers or hacker group selling the stolen data in an underground online marketplace instead. The data taken from the system could include names, phone numbers, addresses, and even credit card details.
Read Also: Scandinavian Airline Cyberattack Results in Leaked Passenger Data
Why Target Hotels?
Hotels or other hospitality businesses hold a lot of data since some of them are necessary to accommodate guests. Names and phone numbers, for example, are needed to provide better services for their customers, and credit cards are sometimes used for their stay.
This makes hotels ripe for the picking of cyber criminals. A hotel's database is a trove of personal data that can be exploited by threat actors. They can use it to conduct ransomware attacks, or simply sell them for profit.
According to Mitel, there were significant attacks in the hospitality industry last year as well, with luxury resort Allison Inn & Spa suffering a cyberattack back in July 2022. It resulted in the data of 1,500 employees and 2,500 guests being exposed on the internet.
In May 2022, the Shangri-La hotel chain also suffered a cyberattack that led to eight of its hotels across Asia resulting in stolen guest data. This could prove to be dangerous since data such as names can lead to identity theft, while other information can be used for fraudulent activities.
Related: Capita Suffers Cyberattack Allegedly by BlackBasta Ransomware
