Skip to main content

MGM Resorts Incident Shows How Cyberattacks Impact Digital Performance and the Business

Pete Goldin
Editor and Publisher
APMdigest

On September 10, MGM Resorts experienced what it called a "cybersecurity issue" that had a major impact on the company's systems, showing how cyberattacks can bring down applications, ultimately causing problems for a company in many ways.

According to Forbes, "The attack left hotel guests locked out of their rooms for hours and unable to use their digital key cards to charge goods and services. Eventually, the hotels resorted to manual processes and transactions."


The attack was first noticed by MGM Resorts on the evening of September 10. About 24 hours later the casinos were operational but the reservation systems was still down.

The company's website was also offline for at least 2 days.


In addition, the cyberattack impacted the MGM Rewards App and gaming on the casino floors. Las Vegas TV station KTNV reported, "Multiple gaming machines, including slot machines, have also gone offline due to the cybersecurity issue."

MGM Resorts has not yet disclosed which specific systems were impacted, and some of the downtime could be a result of the company shutting down its own systems to protect them, but the end result is still a disaster for the company. This attack shows how pervasive a cyberattack can be throughout a business operation.

In the latest episode of the Cybersecurity Awesomeness Podcast on DEVOPSdigest, Rick Sturm, CEO and Founder of Enterprise Management Associates (EMA) gave a stern warning to companies of all sizes. While speaking not specifically about MGM Resorts but more about cybersecurity in general, he said, "This stuff is rooted, to some extent, in corporate greed. Where management is always an afterthought, and security is even worse than that, it's way, way down. And we can save gazillions of dollars by connecting to the ... Internet, and security be damned, nobody will try to get in. And besides, we've got a couple firewalls. That should do it, right? No, it's not right ... We are seeing this over and over and over, and yet organizations are not taking the precautions that they need to. They take the quick and easy fix — they think. And ultimately, if you are connected to the Internet, you will be hacked, whether you're large or small."

On the podcast, Shamus McGillicuddy, VP of Research, Network Infrastructure and Operations, at EMA added, "From the perspective of the network engineering team, it points to the fact that people don't have a lot of control over what's happening within their network. They don't see what's happening. It's about access control and segmentation. Like limiting lateral movement. Having a lot granular control over who can talk to what inside inside your network, and being able to understand if some kind of anomaly is popping up in terms of connections and communication. It requires a lot of manual heavy lifting from a network engineering team to be able to lock things down completely. And no one does it. As Rick was saying, part of it's greed, like no one wants to spend the money on it. Part of it is they don't have the tools to do it. And another part of it is they don't have the people to do it … It's a problem that needs to be solved."

Listen to Episode 27 of the Cybersecurity Awesomeness Podcast for more of EMA's take on the MGM Resorts cyberattack.

Click here for a direct MP3 download of Episode 27

Pete Goldin is Editor and Publisher of APMdigest

The Latest

As businesses increasingly rely on high-performance applications to deliver seamless user experiences, the demand for fast, reliable, and scalable data storage systems has never been greater. Redis — an open-source, in-memory data structure store — has emerged as a popular choice for use cases ranging from caching to real-time analytics. But with great performance comes the need for vigilant monitoring ...

Kubernetes was not initially designed with AI's vast resource variability in mind, and the rapid rise of AI has exposed Kubernetes limitations, particularly when it comes to cost and resource efficiency. Indeed, AI workloads differ from traditional applications in that they require a staggering amount and variety of compute resources, and their consumption is far less consistent than traditional workloads ... Considering the speed of AI innovation, teams cannot afford to be bogged down by these constant infrastructure concerns. A solution is needed ...

AI is the catalyst for significant investment in data teams as enterprises require higher-quality data to power their AI applications, according to the State of Analytics Engineering Report from dbt Labs ...

Misaligned architecture can lead to business consequences, with 93% of respondents reporting negative outcomes such as service disruptions, high operational costs and security challenges ...

A Gartner analyst recently suggested that GenAI tools could create 25% time savings for network operational teams. Where might these time savings come from? How are GenAI tools helping NetOps teams today, and what other tasks might they take on in the future as models continue improving? In general, these savings come from automating or streamlining manual NetOps tasks ...

IT and line-of-business teams are increasingly aligned in their efforts to close the data gap and drive greater collaboration to alleviate IT bottlenecks and offload growing demands on IT teams, according to The 2025 Automation Benchmark Report: Insights from IT Leaders on Enterprise Automation & the Future of AI-Driven Businesses from Jitterbit ...

A large majority (86%) of data management and AI decision makers cite protecting data privacy as a top concern, with 76% of respondents citing ROI on data privacy and AI initiatives across their organization, according to a new Harris Poll from Collibra ...

According to Gartner, Inc. the following six trends will shape the future of cloud over the next four years, ultimately resulting in new ways of working that are digital in nature and transformative in impact ...

2020 was the equivalent of a wedding with a top-shelf open bar. As businesses scrambled to adjust to remote work, digital transformation accelerated at breakneck speed. New software categories emerged overnight. Tech stacks ballooned with all sorts of SaaS apps solving ALL the problems — often with little oversight or long-term integration planning, and yes frequently a lot of duplicated functionality ... But now the music's faded. The lights are on. Everyone from the CIO to the CFO is checking the bill. Welcome to the Great SaaS Hangover ...

Regardless of OpenShift being a scalable and flexible software, it can be a pain to monitor since complete visibility into the underlying operations is not guaranteed ... To effectively monitor an OpenShift environment, IT administrators should focus on these five key elements and their associated metrics ...

MGM Resorts Incident Shows How Cyberattacks Impact Digital Performance and the Business

Pete Goldin
Editor and Publisher
APMdigest

On September 10, MGM Resorts experienced what it called a "cybersecurity issue" that had a major impact on the company's systems, showing how cyberattacks can bring down applications, ultimately causing problems for a company in many ways.

According to Forbes, "The attack left hotel guests locked out of their rooms for hours and unable to use their digital key cards to charge goods and services. Eventually, the hotels resorted to manual processes and transactions."


The attack was first noticed by MGM Resorts on the evening of September 10. About 24 hours later the casinos were operational but the reservation systems was still down.

The company's website was also offline for at least 2 days.


In addition, the cyberattack impacted the MGM Rewards App and gaming on the casino floors. Las Vegas TV station KTNV reported, "Multiple gaming machines, including slot machines, have also gone offline due to the cybersecurity issue."

MGM Resorts has not yet disclosed which specific systems were impacted, and some of the downtime could be a result of the company shutting down its own systems to protect them, but the end result is still a disaster for the company. This attack shows how pervasive a cyberattack can be throughout a business operation.

In the latest episode of the Cybersecurity Awesomeness Podcast on DEVOPSdigest, Rick Sturm, CEO and Founder of Enterprise Management Associates (EMA) gave a stern warning to companies of all sizes. While speaking not specifically about MGM Resorts but more about cybersecurity in general, he said, "This stuff is rooted, to some extent, in corporate greed. Where management is always an afterthought, and security is even worse than that, it's way, way down. And we can save gazillions of dollars by connecting to the ... Internet, and security be damned, nobody will try to get in. And besides, we've got a couple firewalls. That should do it, right? No, it's not right ... We are seeing this over and over and over, and yet organizations are not taking the precautions that they need to. They take the quick and easy fix — they think. And ultimately, if you are connected to the Internet, you will be hacked, whether you're large or small."

On the podcast, Shamus McGillicuddy, VP of Research, Network Infrastructure and Operations, at EMA added, "From the perspective of the network engineering team, it points to the fact that people don't have a lot of control over what's happening within their network. They don't see what's happening. It's about access control and segmentation. Like limiting lateral movement. Having a lot granular control over who can talk to what inside inside your network, and being able to understand if some kind of anomaly is popping up in terms of connections and communication. It requires a lot of manual heavy lifting from a network engineering team to be able to lock things down completely. And no one does it. As Rick was saying, part of it's greed, like no one wants to spend the money on it. Part of it is they don't have the tools to do it. And another part of it is they don't have the people to do it … It's a problem that needs to be solved."

Listen to Episode 27 of the Cybersecurity Awesomeness Podcast for more of EMA's take on the MGM Resorts cyberattack.

Click here for a direct MP3 download of Episode 27

Pete Goldin is Editor and Publisher of APMdigest

The Latest

As businesses increasingly rely on high-performance applications to deliver seamless user experiences, the demand for fast, reliable, and scalable data storage systems has never been greater. Redis — an open-source, in-memory data structure store — has emerged as a popular choice for use cases ranging from caching to real-time analytics. But with great performance comes the need for vigilant monitoring ...

Kubernetes was not initially designed with AI's vast resource variability in mind, and the rapid rise of AI has exposed Kubernetes limitations, particularly when it comes to cost and resource efficiency. Indeed, AI workloads differ from traditional applications in that they require a staggering amount and variety of compute resources, and their consumption is far less consistent than traditional workloads ... Considering the speed of AI innovation, teams cannot afford to be bogged down by these constant infrastructure concerns. A solution is needed ...

AI is the catalyst for significant investment in data teams as enterprises require higher-quality data to power their AI applications, according to the State of Analytics Engineering Report from dbt Labs ...

Misaligned architecture can lead to business consequences, with 93% of respondents reporting negative outcomes such as service disruptions, high operational costs and security challenges ...

A Gartner analyst recently suggested that GenAI tools could create 25% time savings for network operational teams. Where might these time savings come from? How are GenAI tools helping NetOps teams today, and what other tasks might they take on in the future as models continue improving? In general, these savings come from automating or streamlining manual NetOps tasks ...

IT and line-of-business teams are increasingly aligned in their efforts to close the data gap and drive greater collaboration to alleviate IT bottlenecks and offload growing demands on IT teams, according to The 2025 Automation Benchmark Report: Insights from IT Leaders on Enterprise Automation & the Future of AI-Driven Businesses from Jitterbit ...

A large majority (86%) of data management and AI decision makers cite protecting data privacy as a top concern, with 76% of respondents citing ROI on data privacy and AI initiatives across their organization, according to a new Harris Poll from Collibra ...

According to Gartner, Inc. the following six trends will shape the future of cloud over the next four years, ultimately resulting in new ways of working that are digital in nature and transformative in impact ...

2020 was the equivalent of a wedding with a top-shelf open bar. As businesses scrambled to adjust to remote work, digital transformation accelerated at breakneck speed. New software categories emerged overnight. Tech stacks ballooned with all sorts of SaaS apps solving ALL the problems — often with little oversight or long-term integration planning, and yes frequently a lot of duplicated functionality ... But now the music's faded. The lights are on. Everyone from the CIO to the CFO is checking the bill. Welcome to the Great SaaS Hangover ...

Regardless of OpenShift being a scalable and flexible software, it can be a pain to monitor since complete visibility into the underlying operations is not guaranteed ... To effectively monitor an OpenShift environment, IT administrators should focus on these five key elements and their associated metrics ...