You may have seen it in the news, but another major company has been a victim of a nasty ransomware attack that disrupted services and customers for over ten days. This time, the victim was MGM Resorts in Las Vegas.
What separates this major incident from others is that the hackers pulled the malicious attack off using one of the oldest tricks in the book: social engineering. So, what happened, and what can we learn from this?
From what is made public, the attack started with some simple Open-Source Intelligence (OSINT) against MGM and their resorts, searching for potential privileged employees on websites such as LinkedIn. Then, the attackers spoofed the employee and called the IT Help Desk at MGM to reset the user's credentials and multi-factor authentication (MFA). Once in control of the elevated account, the attackers assigned more elevated privileges to other accounts and removed MFA to obtain persistence and facilitate lateral movement.
Initially, the plan for the attackers was to attack MGM's slot machines and milk the devices, but when that failed, the attackers planted ransomware and encrypted the company's systems. After the attack was initiated, many MGM-owned hotels were brought to a standstill as the attack affected corporate email, restaurant reservation and hotel booking systems, and digital room keys.
Several weeks later, MGM provided an update on the attack's impact and advised the attackers could access personal information, including names, contact information, gender, DOB, and even social security numbers from "some customers" before March 2019.
Surprisingly, MGM chose not to pay the ransom demanded by the attackers as it did not guarantee a return of their systems and data, and the company estimated the attack cost roughly $110 million. It was later known that days before MGM's attack, casino operator Caesars was also hit with the same attack but ended up paying out a $15 million payout to the same group responsible.
What can we learn?
- The most important takeaway from this article is that everyone is vulnerable to a ransomware attack. Having a plan and controls in place is vital to protect yourself.
- It is essential to stay current on attackers' techniques, such as social engineering, phishing, and vishing.
- Education and training are vital for employees. Improving cybersecurity awareness should be at the top of the list for everyone as it helps employees and end users be more diligent and helps understand the impact of attacks like this.
- Companies can help protect themselves by investing more in cybersecurity. Implementing a security operations center, routine security assessments, and training can help harden environments and uncover security weaknesses and configurations that attackers seek to exploit.
Reach out to ProCircular to learn about how we can help your organization strengthen its security posture and avoid similar future attacks.