Last Thursday, the 14th of September, Hotel and Entertainment giant MGM Resorts experienced a widespread outage after a cyber security attack forced it to shut down its systems across multiple properties.
MGM operates several hotels and casinos across the Las Vegas strip, including Bellagio, Cosmopolitan, and Aria, with its networks shutting down on Thursday. With the shutdown came major disruptions to the guests, with them reporting that ATMs and slot machines were out of order along with digital room key cards and electronic payment systems.
Many employees and guests had to resort to old-fashioned pen and paper to try and keep the resorts functioning.
A hacker group named Scattered Spider has taken responsibility for the attack and has been known to be behind at least 100 attacks on major US corporations and is considered a significant threat to Western companies.
The breach happened because the scattered Spider group members could harvest and buy logins, passwords and other sensitive information from compromised computers sold as data sets. These specific data sets contained a mid-level IT engineer at MGM, according to a London-based cyber security company called Dynarisk.
Within the same data set were another 95 employees with their login credentials stolen and resold. With these credentials, mainly because they were within the IT sector of the company, they could regain access to the systems and had a higher chance of doing so compared to front desk worker details.
The group is also known for impersonating employees they have studied over social media, like LinkedIn, in phone calls to company help desks where they try to generate fresh passwords. In this instance, a Scattered Spider organisation member could compromise an employee's phone number, allowing them to reroute a text message containing a one-time password to the hacker instead of the employee.
The stolen credentials, including passwords, were for a password authentication site known as Okta, which is used by many companies to verify their employee's details before granting them access to internal websites. MGM shut all its networks, fearing unwanted hackers could still lurk within their systems.
For a multi-billion company, it is poor that they allowed their equipment and hardware not to have been wiped so that the potential selling of credentials on the dark web would be prevented. MGM also could have been monitoring the activity occurring with paid ransomware operators who could have stopped the early developments of the breach.
Despite this, it went through the correct procedure of shutting its systems down when it was made aware of the hack. This is because of the immense complexity of their systems and because it would buy them time to find out the source of the attack and how they could stop it.
The one way that could have been prevented was the Scattered Spiders members being able to gain access by impersonating an employee. Although this could be hard to try and prevent, safe words could be introduced into the company so that only an employee hired would know. This word could change monthly to increase the security even further, making it harder for a hacker to impersonate.
For every second that the systems were down, the company were losing money. This is because guests cannot play on the slot machines or make reservations online, which equates to massive financial losses. The trust within the company when an attack like this happens can cause damaging PR effects, with many potential customers being put off from using their services.
Silver Lining can help you and your employees learn the importance of cybersecurity management through our security management solution. Be able to get an in-depth insight into your staff's online security knowledge and be able to send training to them to learn from. We also have a phishing simulation solution to see who your business at risk could out but be able to do so without compromising your security.