The story of the MGM Grand hack begins with a group of wrongdoers, known as Scattered Spider, who carried out a deceptive trick to infiltrate the MGM Resorts International, a large company with many hotels and resort properties including the famous MGM Grand. The group found a weak spot by noticing that some people reused their passwords across different systems. They used this to their advantage by tricking a helpdesk into resetting a security feature, making their way into the company's systems.
Once inside, they made changes to MGM's network settings, creating a backdoor for themselves which was supposed to be a feature to help merge company networks during business mergers. This backdoor not only gave them more control over MGM's network but also allowed them to get into MGM's cloud environment on Microsoft Azure, putting many of MGM’s applications and data at risk.
When MGM's security team noticed something was wrong, they tried to cut off the intruders by shutting down certain servers where Scattered Spider had deployed tools to harvest more credentials. They managed to shut down one part of the network, but by then, the damage was already done. The intruders had taken a lot of data and still had access to the cloud environment.
The situation worsened when Scattered Spider called in another malicious group known for ransomware attacks. Using a ransomware service, they locked up several servers of MGM, which in turn shut down many systems used in the hospitality industry like room keys, dinner reservations, payment systems, check-in/check-out systems, and slot machines, causing a lot of chaos. This not only cost MGM a lot of money but also threatened its reputation.
As the intruders got more control, they were able to get privileged access to accounts that managed the company’s network infrastructure. This was a significant threat because it allowed them to control many parts of MGM's network. The main problem was that they were able to expand their attack from the cloud environment to MGM’s physical operations, making things much worse. They deployed a malicious software that locked up a lot of MGM’s servers, severely affecting MGM’s operations and causing a lot of trouble for both the company and its guests 1
1. Strong Password Policies:
Encourage complex passwords comprising a mix of characters, numbers, and symbols.
Implement regular password changes and avoid password reuse across different systems.
Employ multi-factor authentication (MFA) to add an extra layer of security.
2. Educational Training:
Conduct regular training sessions to educate employees on recognizing phishing attempts and other common cyber threats.
Instill a culture of cybersecurity awareness across all levels of the organization.
3. Penetration Testing:
Employ ethical hackers to test the resilience of your systems by identifying vulnerabilities before malicious actors do.
Regular penetration testing can provide insights into potential weak spots and areas for improvement.
4. Red Teaming:
Conduct red team exercises to simulate real-world cyber attacks and evaluate the organization's incident response capabilities.
Such exercises can provide invaluable experience and prepare the organization for potential future threats.
5. Continuous Monitoring:
Implement robust monitoring systems to detect and alert on suspicious activities promptly.
Early detection can significantly mitigate the damage potential of a cyber intrusion.
6. Incident Response Plan:
Develop and regularly update a comprehensive incident response plan to ensure a swift and coordinated reaction to any cyber threat.
Engage in regular drills to ensure all stakeholders are well-versed with their roles in the event of a cyber incident.
7. Vendor Risk Management:
Ensure all third-party vendors adhere to stringent cybersecurity standards.
Regular assessments of vendors' cybersecurity policies can help in minimizing the risk associated with third-party interactions.
8. Legal and Regulatory Compliance:
Stay updated on the latest cybersecurity laws and ensure compliance with regulatory requirements to avoid legal repercussions.
9. Investment in Cybersecurity Infrastructure:
Allocate adequate resources for cybersecurity infrastructure and keep it updated to cope with evolving threats.
The tale of Scattered Spider’s assault on MGM Resorts International is not just a chronicle of digital infiltration but a call for enterprises to bolster their cybersecurity.
