MGM Resorts Cyberattack Highlights New Challenges in IT Security and the Need for Enhanced Protocols

The September 2023 cyberattack on MGM Resorts serves as a stark reminder of the vulnerabilities in modern interconnected IT environments. This attack, differing from MGM’s 2019 data breach, specifically targeted privileged accounts with the assistance of MGM’s own help desks, a tactic reflecting a worrying trend in cyber security. Attackers are now focusing on the core of identity access and management systems to gain control over an organization’s user accounts, exploiting the convenience of single-sign-on technologies and other centralized access points.

MGM estimates the incident-related costs at upwards of $100 million. The attack caused significant operational disruptions, locking guests out of rooms, crippling reservation systems, and forcing the use of paper IOUs for gamblers. This incident involved social engineering techniques, where attackers used public information, likely from LinkedIn, to impersonate MGM employees and trick help desk personnel into resetting passwords and multi-factor authentication (MFA) settings.

The group behind this attack, known as Scattered Spider, deployed the ALPHV/BlackCat ransomware, leading MGM to shut down certain systems in response. However, the complexity of third-party systems and technological environments made it difficult to fully contain the incident, resulting in operational issues for over a week and a decrease in hotel occupancy rates.

This attack pattern was also observed at Caesars Entertainment, another victim of Scattered Spider, where similar tactics were used to compromise help desk security. The rise in such attacks is partly attributed to the effectiveness of MFA in protecting accounts, which has led attackers to exploit human vulnerabilities through social engineering.

To combat these threats, organizations are advised to implement phishing-resistant MFA, reduce session timeouts, and update help desk protocols to thoroughly verify identities. While cyber attackers continuously evolve their strategies, implementing these measures can significantly bolster an organization’s defenses against such attacks.