What happened with MGM Casinos?
You may have heard that MGM Resorts International was hacked—boy, were they hacked.? In our digital world, a hacker can control access to hotel rooms, cash tickets for the slot machines, and everything in between.? Nearly all functions of several casinos on the Las Vegas Strip were halted as employees tried to revert to analog solutions.? While their Vegas casinos have slowly come back online, the MGM reward program is still down. It is very possible that the hackers were able to get away with MGM members PII like addresses and social security numbers.
?
So, what incredible hacking brought down a Global Enterprise like MGM?? It is “Vishing,” which is just phishing with a voice call.? Let’s review the anatomy of the attack with pictures of my dogs:
领英推荐
And that is it.? All it took was some research and a well-placed phone call to help desk workers to bypass millions of dollars of security and shut down half the strip.
Is this avoidable?? Absolutely.? Social Engineering attacks work because people don’t focus enough on training their staff and reviewing their own policies along with their operations and infrastructure.? On Amazon Web Services (AWS) , you can protect against these attacks, too.? When using third parties, you should ask for their procedures, such as MFA for IAM escalation, or their AWS Artifact to make sure they have checked their build and procedure.? Using Artifact you can make sure they have additional controls on their IAM controls to makes sure a single person cannot be fooled into given escalated access to an outside party. You can also use GuardDuty to watch for malicious activity and act when there is a possible breach. It would be able to notice an odd outside user with escalated access starting to try to access resources it wouldn't normally and set off an alert.
In the end, even with MSP, MSSP, or a huge investment in security devices, it makes sense for companies to routinely check themselves and third parties monitoring their environment.? Bringing in an expert to review procedure, infrastructure, and operational flow has huge value and is even essential for some more regulated industries.? If you are looking to find an expert to help with this process, please reach out to Oxford Global Resources .
Founder Multiple Companies, Principal, The Link Related Companies. Activist. Deloitte Alum, Domainer. Opinions-posts or reposts are not investment advice
1 年The root of the problem, as to the entities attacked, hashtag #MGM, is leadership at the highest level. Boardrooms, Directors, Committees, Management, Accounting & Consulting Firms. Inadequate Polices, Procedures, and Lack of Managing the True Risk of hashtag #CyberAttacks hashtag #EnterpriseTech All stakeholders (Companies, Employees, Patrons/Customers/Loyalty Programs/Clients, Shareholders..Etc...) have been hurt, extensively damaged, and compromised. It will be interesting to see more details and what is uncovered in the pending discovery, investigations and litigation. This will be another learning experience with no expected complete resolution to these very material negative impacts to all stakeholders. The win should be improved hashtag #CyberSecurity hashtag #LoyaltyProgram hashtag #LoyaltyPrograms hashtag #LasVegas hashtag #MGM hashtag #Caesars hashtag #Vegas hashtag #CyberSecurity hashtag #MGMHack TechCrunch WIRED Forbes ReadWrite
Stopping identity-based breaches
1 年The closer we can move towards trusting endpoints instead of people, the better off we’ll be