Generic filters
Exact matches only
Search in title
Search in content
Filter by Custom Post Type
Posts
Filter by Categories







Key Insights Revealed about MGM Resorts Attack

What Happened?

An affiliate of the BlackCat ransomware group, known as APLHV, carried out a cyberattack on MGM Resorts. The MGM attack is attributed to a group known as Scattered Spider. This group employs various social engineering tactics and extortion methods in its cyberattacks.

This attack disrupted MGM’s operations, leading the company to shut down its IT systems. The attackers claimed to have infiltrated MGM’s infrastructure, encrypted systems, and exfiltrated data. They demanded a ransom from MGM Resorts and threatened further attacks if no agreement was reached.

Scattered Spider and Hackers’ Claim

Scattered Spider is a threat group known for using social engineering techniques. These techniques include impersonating help desk personnel and conducting SIM swap attacks, to breach corporate networks. Unlike typical ransomware affiliates, the group is believed to consist of English-speaking teenagers and young adults aged 16 to 22. They have a history of targeting organizations to steal Okta identity credentials and 2FA codes. Scattered Spider is known for using Bring Your Own Vulnerable Driver attacks to gain access and laterally move within networks, ultimately deploying ransomware as part of their extortion tactics.

The hackers claimed that they infiltrated MGM’s infrastructure and exfiltrated data, and encrypted over 100 ESXi hypervisors.

Despite MGM’s efforts to disconnect servers, the hackers maintained access and even had super administrator privileges on MGM’s Okta environment and Azure tenant.

They initiated the ransomware attack when MGM did not engage in negotiations. The attackers threatened to share stolen information online and carry out additional attacks to pressure MGM into paying the ransom.

On the other hand, the hackers disputed responsibility for service outages, placing the blame on MGM’s decision to shut down servers upon discovering the breach.

In a Nutshell

As the investigation into the MGM Resorts attack continues, it is important for organizations to take steps to protect themselves from similar threats.

This includes implementing strong security measures, conducting regular security assessments, and ensuring that all employees are trained on how to identify and respond to potential security incidents.

We will continue to monitor this situation and provide updates as new information becomes available.

RECENT BLOG POSTS

PODCASTS

Cubic Lighthouse is a cybersecurity publication dedicated to demystifying security, making news actionable, providing deeper thinking about the fundamentals of security, and providing decision-makers and the community at large with the right information to make the right decisions. We will also feature more technical articles and provide personal/family security advice.

©2024 Cubic Consulting, a Smart Security Company for your Business – All Rights Reserved.