Skip to main content

In an increasingly interconnected world, the threat of cyberattacks looms large, and recent events have underscored the pressing need for organizations to employ multiple layers of defense. The recent cyberattacks on MGM Resorts International and Caesars Entertainment serve as stark reminders that even industry giants are vulnerable to the relentless and ever-evolving tactics of cybercriminals.

MGM Resorts International and Caesars Entertainment: A Tale of Cyber Intrusion

MGM Resorts International, a hospitality behemoth with properties around the United States, including the iconic Bellagio, Mandalay Bay, and Luxor hotels in Las Vegas, found itself at the center of a cybersecurity storm. The company reported a “cybersecurity issue” on September 10, prompting them to take several of their systems offline. The fallout from this intrusion was significant: digital hotel room keys became unusable, casino gaming ground to a halt, and bars and restaurants were forced to accept cash only. New reservations for MGM hotels couldn’t be made, causing considerable inconvenience and frustration for guests.

The ordeal extended beyond the initial breach, with disruptions continuing even after MGM announced that its systems were “operational” on September 11. MGM Resorts International subsequently filed an 8-K form with the U.S. Securities and Exchange Commission (SEC) on September 13, notifying regulators about the incident.

In a parallel incident, reports emerged of a ransomware attack against another major player in the industry, Caesars Entertainment. The company also filed an 8-K with the SEC, indicating that cybercriminals had managed to steal some customer data.

A Cunning Attack by Cybercriminals

The attack on MGM Resorts International appears to be the work of the ALPHV/BlackCat ransomware-as-a-service gang, known for their social engineering prowess. These attackers reportedly manipulated MGM’s IT team by posing as legitimate personnel. Using tactics that allowed them to reset an employee’s credentials and multi-factor authentication (MFA) keys, the cybercriminals gained access to MGM’s systems.

The attackers themselves claimed responsibility for the MGM attack and asserted that they gained access to the systems even before MGM took them offline. They also warned that they still had access to some of MGM’s infrastructure and threatened further attacks if their demands were not met.

The Importance of Layered Defenses

MGM Resorts International’s proactive response to the breach—taking their systems offline swiftly—likely prevented a far more catastrophic outcome. This incident serves as a stark reminder of the uphill battle organizations face in defending against cyber threats.

Jason Rebholz, Chief Information Security Officer (CISO) with Corvus Insurance, emphasized that MGM’s experience is not an isolated case. Cybercriminals are becoming more audacious and sophisticated, making layered defenses an imperative strategy. Identifying and protecting the most critical assets should be a daily practice for organizations, and regular staff training is crucial.

In light of the rising prevalence of ransomware attacks, the insurance industry, too, must reassess its approach. While multi-factor authentication (MFA) is a critical component of security, it can be bypassed in weaker forms. Hence, businesses should implement multiple layers of security and verification, adopting a defense-in-depth strategy.


The MGM Resorts International cyberattack is a potent reminder that no organization is immune to cyber threats, and it underscores the need for constant vigilance and layered defenses. The incident serves as a clarion call for businesses, regardless of their size, to bolster their cybersecurity measures and educate their staff about emerging threats. Cybersecurity is an endless game of survival, and organizations must be prepared to adapt, evolve, and protect their assets in an ever-changing digital landscape.