Several systems and functions remain down as MGM says casinos, hotels 'operating normally'
LAS VEGAS (KSNV) — In a series of social media updates this week, MGM Resorts said its hotel and casinos were "operating normally," but cybersecurity experts and public comments suggest otherwise.
"We are pleased that all of our casinos, hotels, dining, entertainment, and resort services are operating normally, and are welcoming thousands of guests each day," said a statement issued Wednesday morning. "Our amazing employees are ready to help guests with any intermittent issues."
But comments from the public immediately poured in, countering MGM's claim of a return to normalcy.
In response to these comments, MGM clarified that hotel reservations could still only be made over the phone and not on the app or website. And other features, such as mobile check-in and digital room keys, remained unavailable. MGM added spa and dining reservations could be made online.
MGM Rewards also appeared down, with the app showing several error messages. Points redemption and certain promotional offers might be unavailable, the company said in a statement.
Other public comments on social media appeared to come from employees, stating they couldn't log in to their employee or Okta accounts. A ransomware company called ALPHV took credit for the cyber-attack on MGM last week, claiming it got into their systems through Okta, which is a single sign-on provider many businesses use. ALPHV's claims have not been verified.
"Customers are the primary focus because that's how they get their money," said Dr. Arthur Salmon, the academic director of cybersecurity at the College of Southern Nevada. "The employees, they can go back to pen and paper. And so it makes things a lot more difficult. But the customers, the customer-facing portals are the most important. That's what generates revenue, the employees are going to be a little while."
Salmon estimated another couple of weeks for employee systems to be returned. MGM is likely rebuilding all of its systems from the ground up, he said.
To get all of MGM Resorts back to full functionality could be at least a year, according to Salmon.
"Any individual technology asset could also see a reemergence of an attack. If the attackers left any malicious content on a thermostat, elevator control, on anything. If it's not found, it can relaunch these types of attacks," he said. "It allows the attacker to gain access back into these systems. So, in reality, this is not in the rearview mirror. This is going to be a year-plus-long cleanup."
Other cybersecurity experts like Lisa Plaggemier, Executive Director at National Cybersecurity Alliance, said the cybersecurity attacks on MGM and Caesars need to be a wake-up call for all companies.
From hospitals, casinos, and schools, Plaggemier said leadership in these organizations need to be running scenarios to prepare for these types of events immediately.
Some reports have indicated Caesars paid a hefty ransom fee in their cyber-attack, thus preventing the widespread fallout seen at MGM properties. Caesars has not confirmed those reports.
Plaggemier said it was hard to say which casino company addressed their cyber-attacks in the best manner, not wanting to "second guess the professionals at those organizations."
"By and large, I like to be on the side of good, not on the side of crime. And that means not paying. Paying means that there's just going to be more of it, the more profitable it is for the cybercriminals, the more they're going to do it," she said. "And there's also no guarantee that you'll get your data back or the encryption keys will work or that they haven't already sold your data on the dark web, because you're negotiating with criminals at the end of the day."