Ransomware Attack on MGM Resorts International: ALPHV/Blackcat/Scattered Spider Incident
Hey there, folks from San Francisco Bay! Just wanted to keep you up-to-speed on the latest cybersecurity news and discuss recent events: the ransomware attacks that happened to MGM Resorts International and Caesars Entertainment.
Remember, early in September when we all heard the news about MGM Resorts getting hit by a ransomware attack? Doesn’t that seem straight out of a spy thriller? A few days earlier, Caesars Entertainment also went through the big ordeal. What a month it was for cybersecurity!
The attack on MGM reportedly cost them a whopping $80 million in lost revenue due to operational disruptions and more than 36 hours of IT downtime. Imagine the frustration of guests when they couldn’t get into their rooms, ride the elevators and even play on the slot machines!
Quick refresher: On the 19th of September, MGM posted on social media that they were back in full swing. Good on them!
So, what do we know about these attacks? Well, cybersecurity experts got straight to work and pieced together some of the details. They believe the same ransomware groups called ALPHV/Blackcat/Scattered Spider were behind the attacks on MGM and Caesars.
Here’s the scoop. These cybercrime masterminds apparently had a “super administrator” level access to the network before MGM had locked out the network, sifting through data as they pleased. Yikes!
The attack was a multi-phased operation, starting with a casual phishing message to all the MGM administrators. Once they have tricked the target into clicking, they did a SIM swap and conned the IT helpdesk into sending them a Multi-Factor Authentication (MFA) reset code. Sneaky, isn’t it?
Then, it was all about gaining access, setting up undetected backdoors, scoping out vulnerabilities and stealing credentials. With super admin access in hand, they practically owned the system!
They hosted a cherry on top by sneakily extracting the company’s data. The group publicly announced: “We posted a link to download any and all exfiltrated materials…”.
So there you have it. These crafty criminals employed a multi-pronged approach, starting with infiltration and ending in serious financial and operational damage to both these companies.
What’s the lesson here, folks? The importance of contingency planning can’t be stressed enough. Regular simulation exercises can be super handy in preparing your team for possible cyber-attacks. More importantly, make sure your backup procedures are top-notch. If the unthinkable happens, you need to have a plan B ready to keep your business running.
It’s also important to understand the importance of network segmentation. If you’re not familiar with it, think of it as creating separate compartments in a ship – when water floods one, it won’t immediately sink the ship.
Last but not least, ensure your team is well-versed with your company’s Incident Response (IR) framework and practices. If a cyber attack breaks in, everyone should be ready to kick into action rather than running around like headless chickens.
It’s a tough world out there in the realm of cybersecurity. So, whether you’re in healthcare, hospitality or another industry, remember to stay vigilant. Keep your cybersecurity game strong and stay safe, Bay Area!
by Morgan Phisher