The recent cyberattack on the MGM Grand Casino network another reminder of the growing challenges in the realm of cybersecurity and the importance of acting swiftly.
MGM international disclosed that it is dealing with a cybersecurity issue that impacted some of its systems. The Fortune 500 company, with USD14 billion in annual revenue, operates hotel and gaming venues around the world, notably in Las Vegas.
With the incident, the hacker group Scattered Spider was able to social-engineer their way into the company’s systems in 10 minutes. The Hacker group then moved laterally throughout the corporation’s systems by elevating privileges to admin levels and attacking virtual machines.
Finally, they topped off the attack by releasing the BlackCat ransomware, developed by a separate cybercriminal group called ALPHV. It’s also likely that they exfiltrated sensitive and valuable data that they came across to up the ante on the ransom demand.
The group that run Caesars casinos were also targeted by the same hacker group. Velocity’s leading cyber security expert Stuart Sanders examined how the events of this cybersecurity incident have unfolded:
“To a certain extent we need to praise MGM’s leadership team for their swift action. Anyone is vulnerable to a determined attacker these days particularly when you throw in social engineering. When they noticed something wasn’t right, they took their systems offline instantly. This immediate action reinforces how vital a strong incident response strategy is. By being hyper vigilant, businesses can limit and minimize the damage an attack might cause. It also illustrates that even companies with the resources of MGM can have weak points that can be leveraged by clever attackers.”
Here’s a summary of the impact to MGM across many of its operations:
- Company email went down, leading MGM to communicate the issue via a Gmail account.
- All pages on the company’s website for casinos across the United States, including the reservation system, went down and were redirected to a basic page with a white background directing visitors to call concierge for service.
- ·The issue crept into the gaming floor, with a photo of dozens of slot machines offline at Aria on the Las Vegas Strip popping up on social media platform X. In a thread on X, multiple people reported slots down at Borgata in Atlantic City and MGM Northfield in Ohio as well.
- Computer-based operations at Bellagio were forced to be done manually as credit card machines were not functioning, making operations cash only. The same issue impacted Borgata and MGM Grand Detroit suggesting that the issues occurred at MGM casinos nationwide.
- Guests reported ATMs being down, and some guests locked out of their rooms because the app—and therefore the digital keys— were not operational.
However, staying alert and being proactive does not detract from the significance of the incident, as Stuart points out: “While the scope of the attack is still not fully understood, the intense magnitude of this attack suggests that MGM is dealing with a cybercriminal team that wasted no time once they obtain access inside a network. It’s a wake-up call for businesses to always be on their toes, constantly updating their security measures to stay one step ahead of ever-changing threats.”
It also shows how the criminal groups are adapting to changes in the security landscape as well. Stuart explains the success of mostly automated ransomware attacks has dwindled, and the more successful attacks now are human driven with access to advanced tools they utilized once inside.
There are lessons that the wider business community can draw from this incident. According to Stuart, you need to: “Layer up your security. Think firewalls, intrusion detection systems, network segmentation and regularly checking for vulnerabilities.”
Stuart also places an emphasis upon pre-planning, noting: “Have a solid game plan in place for when things go south. This means a comprehensive incident response plan that lets you act swiftly if there’s a breach. Ideally this should be gamed out at a senior management level with occasional tabletop exercises to simulate what to do in the event of an incident.”
This extends to employees: “Train your team. Make sure everyone knows about the risks of phishing and other sneaky tactics, because sometimes, human mistakes can be the weakest link. This is highlighted in the MGM attack – the attacker social engineered a help desk to give the attacker access somehow. It is possible they were not trained for this situation, or through multiple attempts figured out what information they needed to achieve their aims.”
Another important mitigation is with data back-up: “It’s fundamental to back up your essential data and ensure that a copy is immutable or offline. If you’re hit with ransomware, this could be your lifeline. And last, but not least, team up with cybersecurity experts such as Velocity. We’ll always share info on threats and best practices can make a huge difference.”
Original article here: https://velocity-technology.com/swift-action-the-key-to-damage-control-on-mgm-cyberattack/