Ocean's 0x11? I wonder if it's just an attack against their email servers or a bigger one, how networked are their operations? If we believe the urban legends about how casinos operate, there's probably interesting conversations a cyber-attacker could find.
I was disturbed to hear from people first hand in Vegas saying it was making the ATMs inoperable. No details on how inoperable, like if it is just certain banking features or everything. The ATMs should not be effected in the same kind of attack that would take down the website and booking systems. Those should all be separate.
Casino floor ATMs aren't just ATMs. They are also ticket redemption machines and therefore have to connect to the MGM network to redeem. I'd imagine the whole machine shutdown for security reasons if network connection is lost.
Yes, I think that MGM has actively shut everything down, rather than some massive hack that has effected all these separate systems.
Best guess is that with the F1 races coming soon with what is expected to be the largest cashflow through Vegas ever, that MGM Resorts IT found issues in an audit in preparation for that massive event, found anomalies, and pulled the rip cord to shut everything down till they could sort out what systems were actually hit.
That is materially different than a massive hack effecting all these various systems though.
MGM has acknowledged it's an attack [1] and certain vegas gossip sites have stated that Caesars was hit last hit last week but was able to keep it better under wraps.
"MGM Resorts recently identified a cybersecurity issue affecting some of the Company’s systems. Promptly after detecting the issue, we quickly began an investigation with assistance from leading external cybersecurity experts,”
"We also notified law enforcement and took prompt action to protect our systems and data, including shutting down certain systems."
The systems are down due to MGM shutting them down, not the active attack shutting things down.
While there's something to be said for ransomware targeting casinos, "because that's where the money is," that might also attract the wrong attention, and not all from the government. They might wish it was only from the government.
Casino-based attacks aren't really because the casino has a lot of money around. 1) they have large, very detailed databases with extensive customer records (photos of drivers licenses, for example) that can are desirable on black markets 2) easy attack vector -- heavily dependent on a variety of vendor software and systems that are way out of date, run by weak, underpaid and often uninformed IT staffs unaware of some basic security vulnerabilities 3) being customer-facing and highly-regulated, casino companies are typically heavily incented to simply pay the ransom rather than face regulatory scrutiny and consumer distrust (and to restore cash flow, and because the soft IT teams probably didnt make comprehensive backups...)
I can imagine the galaxy-brain planning session where our perps are coming up with their next target. They rule out robbing international drug cartels and black-market arms dealers, because while those orgs do have a lot of cash on hand, they don't want to get on the wrong side of violent organised crime gangs.
> Best guess is that with the F1 races coming soon with what is expected to be the largest cashflow through Vegas ever, that MGM Resorts IT found issues in an audit in preparation for that massive event, found anomalies, and pulled the rip cord to shut everything down till they could sort out what systems were actually hit.
I don't believe these are typical bank ATMs but specific to MGM that manage all the casino games (ex: pay-outs, loyalty, etc) as well, so would be tied into any MGM systems.
