MGM Cyberattack Threat Intelligence
Kevin Fream
America's Cyberist Helping Financial & Professional Services Avoid Loss, Improve Business, and Eliminate Doubt
How Would You Fare?
MGM Casino has been hit and hit hard. Hackers were able to bring the entertainment giant to its knees.
And how did this massive event start? With a seemingly innocent ten-minute phone call.
I’m sure you’re probably watching this tragedy unfold and wondering about your organization’s cybersecurity. You don’t have to spend a sleepless night wondering if your organization is next.
We can replicate this exact scenario with a third-party security analysis for you. It mimics the same techniques the MGM hackers used to expose weaknesses in your network.
Request your Cyber Risk Analysis today!
Goliath Has Fallen
MGM Properties got hit and they got hit hard. Yes, I’m talking about the company that owns 31 unique gambling and hotel properties. Their casino and hospitality operations were brought to their knees causing them to shutter MGM Grand and other Las Vegas properties. Gambling was shut down and patrons were left unable to enter their hotel rooms.
Who’s responsible? A group identified as “Scattered Spider” or UNC3944, an affiliate of a ransomware-as-a-service “BlackCat.”
Once they compromise a company and steal its data, Scattered Spider attacks virtual machines through virtual serial and administrative consoles and purposely inject vulnerable signed drivers to escalate privileges or move laterally within a network. They use BlackCat ransomware to strike a final blow.
领英推荐
The BlackCat ransomware, developed by UNC3507, or ALPHV, has been widely used by threat actors in many cybersecurity incidents in the last year. Did you know that nearly 12% of all cybersecurity attacks in 2022 involved the BlackCat ransomware, including the attacks on semiconductor manufacturer, Seiko, and the international auditing and accounting company, Mazars Group?
Scattered Spider is known for its reliance on social engineering to establish a point of entry into an organization, which means they psychologically manipulate their victims to get what they want. Then they use advanced techniques to capture critical business and personal information. As if they weren’t deadly enough, being based in the United States, Scattered Spider has an advantage over foreign adversaries. This helps them in doing scams that involve things like calling a victim and convincing them to click links, accept MFA requests, or run executables, for example.
Once into a system, Scattered Spider steals data from the organization, including business documents, personal information such as social security numbers, and client and customer data for use in double extortion. Ransomware is deployed—in this case BlackCat, developed by ALPHV—which allows Scattered Spider to extort the business for ransom. Not willing to pay a ransom? Scattered Spider then goes to work through their affiliate network to post the stolen information for the second extortion attempt.
Here is the kicker, this cybersecurity event all started with a phone call to the MGM helpdesk where hackers convinced support personnel to allow access.
While the MGM situation is still transpiring and many elements are still unknown, this attack highlights several areas of focus for all businesses and employees:
But this doesn’t just stop with businesses and employees. Anyone who visited MGM properties is at additional risk, including those who have stayed at one of the hospitality properties or signed up for lines of credit. What should you do if this is you? Well, at the moment it's still unclear what data was stolen, but it’s always a good idea to monitor bank accounts, credit/debit cards, and social security information.
For more thought leadership, follow?Kevin Fream.