Las Vegas cybersecurity attack, 48 ransomware groups leave over 2k victims, how to answer your GC’s questions after a breach

Las Vegas cybersecurity attack, 48 ransomware groups leave over 2k victims, how to answer your GC’s questions after a breach

By John Bruggeman , virtual Chief Information Security Officer


How did MGM and Caesars get compromised?

MGM was hit with a ransomware attack earlier in September that took their core infrastructure offline for days, leaving customers frustrated and the casino unable to generate revenue. Caesars Palace also had an attack, but they paid the ransom—rumored to be $15 million—and were back online quickly. But how did the attackers get in?

They used social engineering to get access to the super admin accounts that both companies had with Okta.?Using those super admin accounts, the attackers added another identity source to Okta that allowed them to persist in the compromised MGM environment for days. There is a great write-up here .

The key takeaway is that if you use Okta, Ping, or another identity provider (IdM), you need to monitor it for changes, just like you do your computers, desktops, and network devices. You also need to have tight controls over the super admin accounts and your domain admin accounts.

Nearly 50 ransomware groups have breached over 2,200 victims

Check Point released their mid-year report in August, and it was eye-opening.

Based on their research, there have been more than 2,200 victims of ransomware—and the trend appears to be going up, not down. Cybercriminals are using old and new techniques to attack companies and steal data they can then encrypt or use to extort victims. There is simply too much money to be made by these criminal gangs for them to stop.

Many attacks can be prevented by an in-depth defense model that makes your organization harder to attack and is, therefore, a less attractive target. Good perimeter firewalls, good endpoint detection and response, a 3-2-1 backup strategy, and end-user awareness and training are all ways you can make your company a less attractive target. We are all targets, the threat landscape has changed, so you need to change with it and adapt to this more aggressive and hostile environment. If you need guidance with your cybersecurity program , contact CBTS.

How to answer your general counsel’s questions after a cybersecurity incident

If you have a cybersecurity incident, and there is a data breach you can be sure your lawyer or general counsel will ask you a few questions.?Here are four typical questions they will ask:

1. What is our data exposure—was PII or sensitive data leaked or stolen?

2. Do you have to do a data-breach notification?

3. How did the incident happen?

4. Was a vendor responsible for the data breach?

In this article , I will help you answer those questions.


About the author

John Bruggeman is a veteran technologist, CTO, and CISO with nearly 30 years of experience building and running enterprise IT and shepherding information security programs toward maturity. He helps companies, boards, and C-level committees improve and develop their cybersecurity programs, create risk registers, and implement compliance controls using industry-standard frameworks like CIS, NIST, and ISO


要查看或添加评论,请登录

CBTS的更多文章

社区洞察

其他会员也浏览了