What the MGM Cyber-Attack Illustrates for Clubs
In September, MGM casinos across America were subject to a ransomware attack that shut down all on-site digital systems including gaming machines, TITO and cash-out machines, ATMs, hotel reservations and guest services. According to reports, the hostile group attacked MGM by pretending to be an employee of the company and accessing their systems and data. Caesar's Entertainment were subjected to an attack at the same time.
The hackers sought a $30 million ransom. Caesars reportedly negotiated a $15 million ransom and were back in operation immediately. MGM refused to pay and took three weeks to resume regular operations, including the 10-day major disruption to operations. The reported losses to MGM's insurers are $200 million.
The recent breach of the Aristocrat cashless gaming trial and trends in Australian gaming operations to incorporate more online elements signify that every club should be aware of their obligations in responding to similar cyber risks.
What should a club do if a breach occurs?
If a system breach occurs, some steps to be actioned are:
- Executive management team must be notified of the breach as soon as possible
- Engage the club’s cyber insurance response team
- The club will then inform relevant workers of the incident, which will include the Board of Directors
- From 28 November 2023, the Privacy and Personal Information Protection Act 1998 (NSW) (PPIP Act) mandates that if personal data has been compromised, the club must report the incident to the Office of the Australian Information Commissioner (OAIC) and notify affected individuals.
Following the MGM breach, many commentators have suggested that the gambling industry is targeted due to outdated infrastructure that is hosted on-premises, which is less secure than cloud platforms. Cloud storage and technology infrastructure companies have the latest firewalls and IPS ID systems to secure clients' data and networks.
Case Study
Club employees come into work and are not able to boot their server computer. When their IT provider gets access to the server, they find a window open that indicates that all the computer data has been encrypted. The note demands they pay a ransom in Bitcoin to unlock the files.
There is a backup drive plugged into the computer, which has also been encrypted. They try to connect more backup drives, but the files are automatically encrypted within seconds. The ransomware has not been removed before attempting to recover data. The only option left is to factory reset the server and start fresh with a new system. All data is lost, and the club is required to start over.
Possible steps to mitigate loss:
- Take a photo of the ransom note
- Turn off infected device(s) and disconnect other devices
- Do not connect backup to any infected device or network
- Remove ransomware and wipe all infected drives and devices
- Restore information.
Distributed Disruption of Service (DDoS) attacks are generally infected malware, emails, or links and have been the main types of security breaches, but more sophisticated attacks are now occurring. As the MGM breach illustrated, employee access is the most exploited method. As well as providing regular employee cyber security training and policies, other simple and inexpensive measures to improve security include:
- Turning on multi-factor authentication
- Regularly updating software
- Backing up data and information.
Should clubs consider ransom requests?
Cybersecurity experts and the Australian government do not recommend ever paying a ransom. Australian Cyber Security Centre has a one-pager emergency response here.
Although common thinking is that businesses should not negotiate with terrorists, and doing so could open the company to future cyber-attacks, reports show parties are split on this point. From a handful of US gambling cyber-attacks, about half have paid a ransom and experienced minimal disruption compared to those who didn’t and needed to rebuild their entire system from the ground up.
The recent cyber-attacks illustrate the impact that breaches can have on gaming operations and the need to implement practical cybersecurity solutions to protect your club.
If you have any questions about cybersecurity, please contact ClubASSIST on 1300 730 001 or via [email protected].
Related