Moody’s Investors Service classifies as “credit negative” the recent cybersecurity incident that disrupted multiple functions across MGM Resorts’ US casino and integrated resort network. Moody’s emphasizes that this incident highlights significant operational risks for the company.
Monday’s incident resulted in the temporary closure of MGM’s website, reservation systems, gambling machines, and ATM services. Due to malfunctioning digital keys, some hotel guests were barred out of their accommodations, and casino operations encountered delays in reimbursements.
Moody’s identifies significant risks associated with MGM’s reliance on technology, highlighting operational disruptions when systems are inactive or dysfunctional. In addition, the company confronts potential revenue losses during system outage, reputational harm, and investigation and remediation costs. Also of concern are litigation expenses or liabilities resulting from compromised data. As of now, MGM’s website remains inactive, nearly three days after the initial incident.
Moody’s cites a cyber risk heat map published in September, which categorized the gaming and wagering industry as having “moderate cybersecurity risk” due to the industry’s digitized nature and the large amount of personal data it maintains. Some visitor data may contain information about U.S. executives and government officials with security credentials, making it a desirable target for nation-state hackers.
Bitsight, a cybersecurity evaluations and analytics company, gave MGM a “F” for upgrading cadence, indicating a sluggish response to known vulnerabilities, according to the report. According to research, organizations with low maintenance cadence grades are substantially more susceptible to cyber attacks.
VX-Underground, a malware investigation firm, reported that ALPHV, a ransomware group notorious for its social engineering techniques, targeted MGM. VX-Underground reports that ALPHV compromised MGM by contacting an employee via LinkedIn and calling the Help Desk. VX-Underground believes MGM will not pay a ransom despite the incident.
The cybersecurity incident poses financial and reputational risks to MGM Resorts, highlighting the susceptibility of highly digitized industries such as gaming and wagering.
Original story by: IAG
Other Interesting ArticlesRussian ransomware gang accused of MGM cyberattack
Sep 14, 2023