In a shocking turn of events, MGM Properties, the hospitality and gaming giant boasting ownership of 31 distinct properties, including the renowned Las Vegas MGM Grand, recently fell victim to a devastating cyberattack. The repercussions were nothing short of catastrophic, with their Las Vegas establishments forced to shut down, gambling operations halted, and guests unable to access their hotel rooms. This unfortunate incident, orchestrated by a group known as "Scattered Spider," affiliated with the ransomware-as-a-service entity "BlackCat," serves as a stark reminder of the ever-growing threats lurking in the digital realm. In this article, we delve into the details of the MGM cyberattack, the modus operandi of Scattered Spider, and the broader implications for businesses and their stakeholders.
The Anatomy of the MGM Cyber Attack
Scattered Spider, or UNC3944, is a notorious group known for their audacious cyberattacks. Their malicious tactics involve compromising organizations, stealing valuable data, and wreaking havoc within the target's virtual infrastructure. They employ a sinister combination of techniques, including virtual serial and administrative console attacks, as well as the deliberate injection of vulnerable signed drivers to escalate privileges and traverse through networks. The final blow is delivered through the deployment of the BlackCat ransomware, a creation of UNC3507, also known as ALPHV.
The Pervasive BlackCat Ransomware
BlackCat ransomware has gained notoriety in recent times, with its involvement in nearly 12% of all cybersecurity attacks in 2022. High-profile victims, such as semiconductor manufacturer Seiko and the global auditing and accounting giant Mazars Group, fell prey to this insidious ransomware. Its widespread use underscores the urgency for organizations to fortify their cybersecurity measures.
Social Engineering as a Gateway
Scattered Spider relies heavily on social engineering to infiltrate their targets, manipulating their victims psychologically to gain illicit access. Operating within the United States provides them with a strategic advantage over foreign adversaries, enabling them to execute scams, such as persuading victims to click malicious links, accept multifactor authentication requests, or run harmful executables.
The Data Heist and Double Extortion
Once inside a targeted system, Scattered Spider exfiltrates sensitive data, including business documents, personal information such as social security numbers, and client and customer data. This stolen trove becomes the ammunition for double extortion. In the case of MGM Grand, the notorious BlackCat ransomware, developed by ALPHV, is deployed to extort a ransom from the victim organization. Should the target refuse to comply, Scattered Spider leverages its affiliate network to publicly release the stolen information, escalating the pressure.
The Vulnerable Entry Point
The MGM Grand cyberattack originated from an unexpected source: a phone call to the MGM helpdesk, where hackers cunningly manipulated employees into granting access. This scenario underscores the pressing need for a robust Security Operations (SecOps) framework, which includes comprehensive training and certifications. To learn how to safeguard against such social engineering exploits, check out our webinar on social engineering: The Human Firewall: Empowering Businesses to Defend Against Social Engineering
Key Takeaways for Businesses and Employees
While the full scope of the MGM situation is still unfolding, several critical lessons emerge from this cyberattack:
Defense In Depth: Implementing a layered cybersecurity approach is essential to prevent a minor breach from escalating into a business catastrophe.
Continuous Education: All employees must receive ongoing education on recognizing and resisting social engineering attempts via email, text messages, or phone calls.
Proactive Testing: Organizations should regularly assess their employees' ability to resist social engineering tactics and provide retraining as needed.
Supplier and Partner Accountability: Wise executives should encourage their suppliers, contractors, and business partners to assess and enhance their security measures, reducing the overall exposure to risk.
Beyond Businesses: Protecting Visitors and Stakeholders
The impact of the MGM Grand cyberattack extends beyond the corporate realm. Anyone who has visited MGM properties, stayed at their hospitality establishments, or signed up for lines of credit may be at risk. While the extent of data theft remains unclear, vigilance is paramount. Stakeholders should monitor their bank accounts, credit/debit cards, and social security information for any suspicious activity.
Conclusion
The MGM Grand cyberattack serves as a stark reminder that cybersecurity threats are ever-present and evolving. Organizations must remain vigilant, invest in robust defense strategies, and educate their employees to safeguard against social engineering exploits. Furthermore, businesses should extend their security standards to suppliers and partners, fostering a network of accountability. As the investigation into the MGM Grand incident continues, stakeholders must stay alert and take proactive measures to protect their sensitive information. In an era of digital interconnectedness, the MGM Grand breach is a potent wake-up call for us all.
Would you like a free cyber security assessment for your business? Contact us today.
