Defend Against Breaches: Lessons from the MGM Cyberattack

Defend Against Breaches: Lessons from the MGM Cyberattack | Property & Casualty

AE Logo

Recession or not, we have resources to help your business master this moment of high interest rates, labor shortages, sticky inflation, and slower growth. We've put together our Agility & Excellence Resource Center to bring you strategies and solutions with a finger on the pulse of what's ahead.

International hospitality conglomerate MGM Resorts recently fell victim to a significant breach, underscoring the importance of layered defenses in today’s digital landscape. As cybercriminals become more sophisticated and bolder, your organization must adopt a complex approach to protect sensitive data and assets. The MGM attack, which exposed the personal information of millions of guests, serves as an important reminder of the devastating consequences of a cyberattack. Review our analysis of the MGM breach with takeaways from the incident and proactive measures your business can adopt to enhance its defenses against future incidents.   

Consequences From the MGM Cyberattack

In response to the event, MGM decided to temporarily suspend certain systems to address the intrusion and cooperate with law enforcement. Consequently, guests were unable to use electronic hotel room keys, casino gaming operations were stopped, cash became the only accepted form of payment and new reservations were not accepted. On Monday, September 11, MGM announced their systems were once again operational. However, there were ongoing reports of business disruptions and disgruntled guests. The hospitality chain hasn’t released any additional details but did file an 8-K with the U.S. Securities and Exchange Commission (SEC) on September 13, alerting regulators of the incident. Shortly after news broke of MGM’s situation, additional reports emerged of a ransomware attack affecting casino operator Caesars Entertainment. The company also filed an 8-K with the SEC, disclosing that cybercriminals had stolen some customer data.

Mechanics of the MGM Cyberattack

The renowned malware research group, VX-Underground, disclosed the MGM attack was likely executed by threat actors associated with the ALPHV/BlackCat ransomware-as-a-service(RaaS) gang. This threat group, also known as Scattered Spider and UNC3944, specializes in social engineering and has been linked to previous attacks on well-known platforms like Reddit and Western Digital.

Security experts believe these tactics enabled them to deceive MGM’s IT team into resetting employee credentials and multifactor authentication (MFA) keys.

In an X (formerly Twitter) post, VX-Underground stated, “All ALPHV ransomware group did to compromise MGM Resorts was hop on LinkedIn, find an employee, then call the help desk. A company valued at $33,9 billion was defeated by a 10-minute conversation.”

The MGM threat actors publicly admitted their responsibility for the attack on Thursday, September 14. They revealed they had successfully infiltrated MGM’s systems on Friday, September 8 and managed to deploy ransomware despite MGM’s decision to take the systems offline. The threat actors also claimed MGM had been unresponsive and issued a warning they still had access to some of MGM’s infrastructure. They threatened to carry out additional attacks unless MGM complied with their demands.

While MGM’s extended period of downtime was a serious situation, the potential implications for the hospitality giant could have been more severe if they hadn’t promptly detected signs of an intrusion and temporarily taken their systems offline.

“MGM was probably ahead of the game,” stated Jason Rebholz, the chief information security officer (CISO) at Corvus Insurance, during an interview with Front Page News. “Most companies aren’t even in the position to make that decision because they’re not detecting it. If they didn’t detect this, we’d be looking at something 10 to 20 times worse.”

Rebholz emphasized that MGM’s decision to take its systems offline was a proactive measure that allowed the company to recover in a controlled environment. While a drastic step, it was necessary to address an almost impossible situation.

“The odds are stacked in the attackers’ favor. This is why cybersecurity is such a difficult game to play,” Rebholz explained. “In any security incident, there’s going to be something that goes wrong.”

However, regardless of the size of the business, whether the size of MGM or a single storefront, they can’t give up and assume all is lost when it comes to preventing cyber events.

“The biggest concern is that people will look at this and focus on the fact that their systems were down, and they still got infected,” he added.

Redoubling Cybersecurity Defenses

As targeted attacks and more sophisticated phishing efforts appear, Rebholz urged organizations to bolster their cyber defenses. It’s essential for organizations to continually identify their most valuable assets and consistently ensure their protection. Rebholz stated, “It’s an endless game of survival. You have to continue to train your staff and employees on the current threats. It all starts with the user seeing something that’s suspicious.”

In the insurance industry, the increasing prevalence of ransomware incidents serves as a motivation for underwriters to intensify their efforts to encourage good cyber hygiene among policyholders. Rebholz expressed, “This is going to be an impactful event. Ransomware is increasing in velocity. When we start seeing the severity, we have to ask - are we requiring the right controls?”

He pointed out that even weaker versions of MFA can be easily bypassed, underscoring the importance of implementing multiple layers of security and verification. Rebholz stressed, “Defense-in-depth is key here. You can’t rely on a single control. Assume at least one of these is going to fail. Then you’re in a better position to prevent, mitigate or at a minimum respond to an event like this.”

We’re Here to Help with Cybersecurity

The recent cyberattack targeting MGM serves as a critical wake-up call, emphasizing the need for organizations to implement robust and layered defenses against cyber threats. In the ever-changing digital landscape, where malicious actors continuously find innovative methods to breach security systems, organizations must adopt a comprehensive approach to protect sensitive data and ensure uninterrupted operations. To learn more about the MGM breach or obtain additional advice on cybersecurity protection, connect with a member of our team.

Defend Against Breaches: Lessons from the MGM Cyberattack | Property & Casualty recent MGM cyberattack compromised the personal data of millions of guests. Learn how cybercriminals breached MGM’s network and layered cyber defense tips.2023-10-16T17:00:00-05:00A recent MGM cyberattack compromised the personal data of millions of guests. Learn how cybercriminals breached MGM’s network and layered cyber defense tips. Risk MitigationCyber & Information SecurityProperty & Casualty InsuranceYes