Macau Casino Operators Revamp Security Measures after US Industry Assaults
Macau's casino industry went through extensive reviews of their cybersecurity systems after recent attacks on U.S. operators like MGM Resorts and Caesars Entertainment.
MGM's Las Vegas and their U.S. branches were affected by a cyberattack that began on September 10 and are still experiencing disruptions. Meanwhile, Caesars Entertainment revealed that their Caesars Rewards loyalty program was targeted in August. However, they chose to pay a rumored $15 million ransom to prevent any disruptions to their operations.
With MGM being one out of the six casino operators in Macau, they don't operate under the same IT system. Their Macau resorts, MGM Macau and MGM Cotai, have not been affected by the cyberattack on MGM's U.S. properties.
MGM China, which manages these Macau resorts, stated: "MGM China operates its own independent IT environment and therefore has not been affected by this incident.”
Though Macau casinos haven't seen any significant issues, they're still on high alert following the MGM and Caesars cyberattacks, which received a lot of attention from the media.
System Reviews
Asia Gaming Brief, an online publication covering gaming news in the Asia Pacific region, reported that Macau's casino companies conducted thorough cybersecurity checks after the U.S. events. The six operators, MGM China, Sands China, Wynn China, Melco Resorts, Galaxy Entertainment, and SJM Resorts, carried out similar security audits of their IT systems. These reviews are common for the industry and are a requirement of the Macau Cybersecurity Law.
According to the law, industries the local government deems critical to the economy, like Macau's gaming sector, must meet specific conditions to protect their "information network and computer systems of critical infrastructure." Casinos are part of these identified businesses, as they contribute over 80% of the government's tax revenue.
The cybersecurity law demands that each casino create a specialized team for IT security. Incidences of security breaches must be rapidly reported to the Macau government, while annual assessments by a third party are compulsory.
Macau's Cyberattack
Macau's Judiciary Police reported a cyberattack on its hospitality and gaming sectors in April 2022. At least 17 casino hotels were targeted in a phishing attack traced back to November 2021.
Phishing attacks involve a hacking group sending fake communications or requests to a targeted IT system, making them look authentic and from a trusted person within that organization. The requests often aim to obtain sensitive information like an employee's login credentials.
The Macau Cybersecurity Incident Alert and Response Center, which takes care of addressing cyberattacks and breaches falling under the scope of the Cybersecurity Law, notified casino and hotel operators across the region immediately. This swift action is believed to have prevented any substantial data theft in the unsuccessful attempts. Hackers from South Korea were accused of the attacks.
