MGM Hack: What Happened and How to Prevent Future Attacks

By Structured Director of Cloud Security Collin Miller and Structured Director of Governance, Risk & Compliance Rob Wayt —

On September 11, 2023, MGM Resorts International, the owner and operator of some of the most popular casinos and hotels in Las Vegas, announced that it had experienced a cyberattack. The attack caused significant disruption to MGM’s operations, with slot machines and ATMs going dark and hotel staff resorting to pencil and paper while guests queued for hours to check in and out of their rooms. 

While much is still unknown, it is believed to have been carried out by a group of attackers in the “five eyes” countries (AU, CA, NZ, UK, and US) aged 17-24, backed by a Ransomware-as-a-Service (RaaS) group known as ALPHV, also known as BlackCat. ALPHV is a sophisticated ransomware group that has been linked to a number of high-profile attacks in recent months. 

In order to gain access, it is believed that the attackers identified one or more highly privileged (super administrator) MGM employees and then fooled IT service desk personnel at MGM to reset the multifactor authentication used by those privileged users using a voice-based phishing or “vishing” attack.  

Once they had gained access to MGM’s network, they were able to encrypt the company’s data, exfiltrate it, and demand a ransom payment in exchange for the decryption key. MGM has not said whether or not it paid the ransom, but the company was able to restore its systems and operations within a few days of the attack.  Caesars, which suffered a similar attack, has confirmed that it paid a ransom of $15 million shortly before the MGM hack. 

The MGM hack is a reminder of the growing threat of ransomware attacks. Ransomware groups are targeting organizations of all sizes and industries, and they are becoming increasingly sophisticated in their methods. It is important for organizations to have a robust cybersecurity plan in place to protect themselves from ransomware attacks. 

As for preventing such attacks, a good place to start is with training staff to be mindful of sophisticated spear phishing, vishing (voice phishing), and other attacks that attempt to undermine two-factor authentication schemes. But organizations also need to keep eyes open for the many indicators of compromise (IoCs) that suggest something is amiss. 

How Structured Can Help Prevent Attacks Like the MGM Hack

Security Assessments – Structured can assess your organization’s current security posture and identify any vulnerabilities that could be exploited by ransomware groups. 

Risk Assessments – Structured can help you to understand the risks you face from ransomware attacks and develop strategies to mitigate those risks. 

Security Policy Development – Structured can help you develop security policies and procedures that are tailored to your specific needs and help protect against ransomware attacks.  This includes specific procedures for validating employees seeking assistance from the IT help desk.

Penetration Testing:  Structured testers can perform in-depth testing on internal, external, and application surfaces in your infrastructure.

Social Engineering:  Structured offers robust services for phishing, vishing (voice phishing) and other methods of social engineering to ensure internal services are using the appropriate protocols to verify identity.

Security architecture design: Structured can help you to design secure networks and systems that are resistant to ransomware attacks.

Security implementation: Structured can help you to implement the security solutions that you need to protect yourself from ransomware attacks. 


Structured routinely provides its clients with ongoing support and advice on cybersecurity best practices. Structured’s team of experts is always up-to-date on the latest ransomware threats and trends, so they can provide you with the best possible protection. 

If you are concerned about the risk of ransomware attacks, Structured can help you protect your organization. Contact your Structured account manager today for a free consultation. No account manager yet? No worries – email for help.

About the Authors

Collin Miller: As the Director of Cloud Security for Structured, Collin manages strategies for securing cloud-based infrastructure and applications. He has nearly 19 years’ experience in networking and IT security, focusing on cloud security posture management (CSPM), secure remote access and authentication, data loss prevention (DLP), next-generation firewall (NGFW), and security event and information management (SIEM). Collin is also an avid backpacker, having completed a thru-hike of the Pacific Crest Trail in 2015. ​​

Rob Wayt, CISSP-ISSEP, HCISPP, CISA, CISM, CRISC, CEH, QSA, CDPSE, CMMC RP, GCIP: As Director of Governance, Risk & Compliance for Structured, Rob applies his 25 years of critical experience in IT security, compliance and networking to design and implement comprehensive security programs, focusing particularly on compliance assessment and audits. With core competencies in PCI, HIPAA, ISO 27001, FIPS/FISMA, FERC/NERC CIP, FERPA, GLBA/FFEIC/NCUA and Governance, Risk and Compliance (GRC) solutions, Rob is an incredible asset both to Structured and to its customers. Rob also is an avid cyclist and outdoor enthusiast who enjoys life wherever it takes him.

Search By Category