A major ransomware attack on the MGM brand of casinos has led to the firm’s IT systems having to be shut down.
The ransomware-as-a-service hacking group BlackCat has taken responsibility for the attack, and it’s an attack which has caused major issues for MGM. IT systems responsible for processing electronic payments, digital key cards, parking systems and ATMs have all been impacted by this attack. While the attack is considered major, it was executed by the simplest of means. As ever, this attack on MGM contains some important lessons for organizations to learn and enforce.
How Were the MGM Casinos Hacked?
The MGM attack was made possible by the use of social engineering techniques. In particular, BlackCat identified an MGM employee by scouring related profiles on LinkedIn. With this information at their disposal, the threat actors contacted the MGM help desk and used this employee’s details as their way into the system. The exact nature of the breach, for security reasons, has not been disclosed, but it’s believed that it only took 10 minutes for BlackCat’s strategy to be successful.
BlackCat, with full access to MGM’s IT infrastructure, set about issuing demands to MGM through a secure communication channel they had put in place. However, MGM refused to pay any of the ransom fees demanded by BlackCat. Instead, on the recommendations of their security team, MGM began shutting their Okta servers – used for authorization processes – down.
However, BlackCat were able to remain active on the network due to the administrator privileges that they had gained during the attack. And, in response, BlackCat set about compromising over 100 hypervisors – applications which are used to manage virtual machines located on a PC – and encrypting the data contained on them.
BlackCat, again, brought their ransom demand to the table and also threatened to launch further attacks if this was not met.
How Could MGM Have Protected Their IT Systems?
As a thriving, world-famous organization, MGM could have done without the headlines relating to the attack by BlackCat. And, as with all social engineering attacks, this could have easily been avoided if MGM had practiced the following:
- Be skeptical: unsolicited requests for information should always be treated with caution. If personal information is being requested, then always question the person, even if they appear to be legitimate, asking for the information. More importantly, take steps to verify their identity through official channels to confirm their authenticity.
- Educate your team: it’s important that you familiarize your team with the most common social engineering tactics such as phishing emails and baiting. Awareness of these techniques will allow your staff to recognize these manipulative techniques before they can execute their malicious payloads.
- Protect personal information: it’s crucial that you always protect sensitive data such as passwords, financial details, and personal identification. Avoid sharing such information with strangers or unverified individuals, such as on social media sites – as social engineers often harvest these channels to discover vulnerabilities.
For more ways to secure and optimize your business technology, contact your local IT professionals.
