We’ve attempted to summarise the two recent (September 23) cyber-attacks that made the headlines in the context of cyber-risks, ethics, and the decision conundrum when dealing with major incidents.

Cyberattack 1: MGM Resorts

MGM Resorts International is a global hospitality and entertainment company with a portfolio of 29 hotel and resort properties, including iconic brands like Bellagio, MGM Grand and Mandalay Bay. The company operates various resorts, casinos, and entertainment destinations. The estimated annual turnover is USD 15.38 billion.

Based on information from various news sources:

  • The cyberattack was detected on MGM Resorts International in September 2023.

  • This led to significant disruptions of online and in-casino services, affecting the company’s operations and customer experience.

  • The financial impact of this attack was substantial, with a $100 million hit to the third-quarter results.

  • A further $10 million was spent on one-time expenses for risk remediation, legal fees, third-party advisory, and incident response measures.

  • The outage lasted for ten days.

The financial impact of this attack was substantial, with a $100 million hit to the third-quarter results.

protection against ransomware attacks

The perpetrators

  • The hacking group “Scattered Spider” is suspected to be behind the attack using ALPHAV Ransomware as a Service.
  • Also known as Roasted 0ktapus, UNC3944 or Storm-0875.
  • The group members are believed to be English-speaking, are aged between 17 and 24, and communicate through a Telegram channel.
  • Believed to be based in Europe and the USA.
  • Scattered Spider specialises in social engineering attacks.
  • Due to their fluency in English, they can convincingly carry out methods like smishing and SIM swapping.
  • The hackers are adept with vishing, and they often exploit third-party vulnerabilities.

A further $10 million was spent on one-time expenses for risk remediation, legal fees, third-party advisory, and incident response measures.

The methodology

  • Scattered Spider researched MGM and found employees’ information on LinkedIn. By impersonating them on a call with the outsourced IT Helpdesk, they managed to reset the MFA for the account.
  • The attackers created persistence in MGM’s network and gained control over critical systems, including Okta and the Microsoft Azure cloud environment.
  • This allowed them to exfiltrate terabytes of data from MGM’s network.
  • They deployed their ransomware (ALPHV/BlackCat), severely disrupting MGM’s operations and services.

The response

  • MGM’s decision was not to pay the ransom.
  • The Okta sync servers were terminated, leading to the termination of the threat actors’ initial access.
  • As the hackers had persistent access to Azure, all services had to be shut down and rebuilt.

Lessons learnt

  • The importance of minimising exposure of privileged accounts and improving MFA control.

  • Necessity of protecting Identity Management Services.

  • Enhanced identity verification by the helpdesks and protection against social engineering.

  • Employee training and awareness to prevent similar attacks in the future.

  • Detection of anomalous behaviour – the attackers were in the system since August 23.

Las Vegas casino ransomware attack

The images above (courtesy reviewjournal.com) provide a sense of the impact.

Cyberattack 2: Caesars Entertainment

  • With a turnover of est. 3.5 billion USD and similar business interests, Caesars Entertainment, was hit by the ransomware attack (supposedly) by the same perpetrators.

  • The initial ransom demand is considered $30 Million, negotiated down to $15 Million.

  • There were no significant outages, and the attack did not gain substantial media attention compared to MGM coverage.

  • The company has said that although attackers have confirmed data deletion, they cannot guarantee it.

The initial ransom demand is considered $30 Million, negotiated down to $15 Million.

Conclusion

  • Despite proactive measures and investment in technology, MGM and Caesars both faced cyberattacks, demonstrating the sophistication and persistence of modern cyber threats.

  • Both companies now face class-action lawsuits for not adequately protecting their customers’ data, highlighting the importance of robust cybersecurity practices.

  • Dealing with ransomware threat actors presents significant challenges and considerations, including decisions on ransom payments vs recovery costs.

  • The decision to pay a ransom in a cyberattack involves considerations such as potential damage, recovery capabilities, risk of encouraging future attacks, and ethical concerns.

  • MGM Resorts chose not to pay, potentially leading to short-term operational disruption and financial loss, but avoiding risks associated with funding criminal activities or the unreliability of attackers.

  • Caesars Entertainment paid, enabling continued operations, but this doesn’t guarantee data recovery and may invite future attacks as the attackers would have possibly left the backdoors in their IT estate.

  • Both companies face significant recovery costs and must demonstrate that these attacks will not be repeated.

Cyber incident planning

Our cyber incident exercising services are designed to help protect your organisation from cyber threats.

Find out more

Related articles & guides

  • October 16, 2024||Cyber Security News||1.8 min||

    Press Release: RightCue dives into Cyber Security Awareness Month with a focus on helping charities

  • Cyber security event Basingstoke
    August 28, 2024||Cyber Security News||2.1 min||

    Press Release: RightCue offers expert cyber security advice to Basingstoke businesses