MGM Grand Cyber Attack Analysis

Executive Summary

MGM Resorts International recently fell victim to a meticulously coordinated cyber attack that led to severe operational impairments across the entire organization. This report aims to provide a comprehensive understanding of the attack vectors employed by the threat actors, as well as the specific techniques used to compromise MGM’s digital infrastructure.

Operational Impact

The cyber attack wreaked havoc on MGM’s operational capabilities. Vital services such as hotel reservations and credit card processing experienced prolonged outages lasting approximately ten days. The attack also compromised the digital security mechanisms for hotel room keys and gaming machines on the casino floor. Guests faced extended delays at check-in counters and were required to use physical keys. Casino winnings were manually recorded, which led to the issuance of handwritten receipts. Despite these setbacks, MGM managed to sustain limited operational continuity through the implementation of manual processes.

Threat Actor Profiles and Technical Exploitation Techniques

The cybercriminals behind the attack are suspected to be affiliated with a notorious hacking group identified as Scattered Spider. This group specializes in social engineering techniques, primarily using SMS phishing strategies to manipulate help desk personnel and effectively circumvent multi-factor authentication protocols.

For the MGM attack, Scattered Spider exploited critical vulnerabilities in the Okta Agent servers utilized by MGM. After breaching the perimeter, the actors were able to escalate their privileges, acquiring super administrator control over MGM’s Okta system, as well as Global Administrator access to MGM’s Azure tenant.

This privileged access was leveraged to launch a ransomware attack, effectively crippling more than 100 ESXI hypervisors within MGM’s operational environment. The specific ransomware deployed is believed to be an ALPHV or BlackCat variant, which is known to be a part of a Ransomware-as-a-Service (RaaS) operation. This ransomware is particularly potent, as it is capable of encrypting both data at rest and in transit, thereby complicating recovery efforts.

Conclusion

The cyber attack against MGM Resorts International underscores the ever-present vulnerabilities faced by even the most fortified of enterprises. It highlights the paramount importance of multi-layered cybersecurity strategies and proactive incident response plans. While MGM has managed to restore most of its operations, the incident serves as a compelling case study for the essentiality of advanced cybersecurity measures in today’s digital age.

How organizations can protect from cyberattacks?

Organizations can protect themselves from similar cyber attacks by implementing the following measures:

1. Prioritize Cyber Decisions: Treat cyber decisions as business decisions. Assess and analyze the company’s digital footprint, dark web exposure, leaked data, and compromised credentials in real time.
2. Educate All Employees: Conduct regular cybersecurity awareness training. Let your employees know of the main forms of cybersecurity attacks and the best ways to prevent them.
3. Encrypt Your Data and Create Backups: Make sure all your sensitive data is encrypted. Conduct regular backups for your important information.
4. Control Physical Access: Control physical access to company devices and dispose of them properly.
5. Invest in Cybersecurity Insurance: To protect business data, it’s important to secure hardware, back up and encrypt data, invest in cybersecurity insurance, promote a security-focused culture, and use robust cybersecurity software.
6. Implement Robust Cybersecurity Software: Use robust cybersecurity software to help reduce risk and keep the business operating without interruption.
7. Establish Practices and Policies: Establish practices and policies to protect your company from cyber attacks and provide guidelines for resolving issues if they arise.
8. Promote a Security-Focused Culture: Promote a security-focused culture within the organization.

For more information or a tailored consultation, please contact Info System Consultants.