Macau Casinos Review Cybersecurity Systems Following Attacks on US Operators

Posted on: September 18, 2023, 09:07h. 

Last updated on: September 18, 2023, 03:37h.

Macau casinos have undergone intensive reviews of their cybersecurity systems following recent attacks on U.S. operators, namely MGM Resorts and Caesars Entertainment.

Macau casinos MGM Caesars cybersecurity
An aerial view of the Cotai Strip in Macau. Casino operators in the Chinese enclave are reviewing their cybersecurity safeguards following recent attacks on MGM Resorts and Caesars Entertainment in the U.S. (Image: Macau Magazine)

MGM’s Las Vegas and regional operations across the U.S. remain disrupted because of a cyberattack on the casino company’s IT systems that started on Sunday, September 10.

Caesars Entertainment revealed that hackers targeted its Caesars Rewards loyalty program in August. But unlike MGM, Caesars decided to pay a ransom, rumored to be $15 million, to prevent a disruption to its operations.

MGM is one of the six casino operators in China’s Macau, the only place under Chinese rule where casinos are allowed. MGM runs MGM Macau and MGM Cotai through a subsidiary, MGM China. The cyberattack on MGM’s U.S. casinos has not spread to its Macau resorts.

MGM China operates our own independent IT environment and therefore we have not been affected by this incident,” an MGM China statement explained.

But that isn’t to say casino operators in Macau aren’t on high alert following the MGM and Caesars cyberattacks, which garnered worldwide media coverage.

System Reviews

Asia Gaming Brief, an online media source covering Asia Pacific gaming news, reported over the weekend that Macau’s six casino firms have performed thorough security checks of their IT systems in the wake of the U.S. events.

MGM China, along with Sands China, Wynn China, Melco Resorts, Galaxy Entertainment, and SJM Resorts, reportedly conducted cybersecurity checks to ensure that their systems are secure. The casinos already perform such cybersecurity reviews on a regular basis, as required by the Macau Cybersecurity Law.

Passed in December 2019, the Cybersecurity Law requires industries the local government deems essential to the economy to meet certain conditions designed to “protect the information network and computer systems of critical infrastructure.”

Casinos are among the included industries, as the gaming resorts account for over 80 cents of every tax dollar the Macau government receives.

The cybersecurity law mandates that each casino establish a cybersecurity team. IT security incidences and breaches must be immediately reported to the Macau government, and security assessments must be completed by a third party annually.

Macau Attack

Macau’s Judiciary Police confirmed a cyberattack just last year on the region’s hospitality and gaming sectors. In April 2022, law enforcement confirmed that at least 17 casino hotels were targeted in a phishing attack that began in November 2021.

Phishing attacks involve a hacking group sending a series of fraudulent communications or requests to a targeted IT system. The communications are designed to appear legitimate and to come from a trusted person within the organization. The requests typically seek sensitive data like an employee’s login information.

The Macau Cybersecurity Incident Alert and Response Center, which fields cybersecurity attacks and breaches from industries that fall under the scope of the Cybersecurity Law, immediately notified casino and hotel operators regionwide. The prompt is thought to have prevented any substantial data theft in the hacking attempt. Hackers in South Korea were blamed for the unfruitful attacks.