• Disable User
  • Posts
  • 🎰 MGM's unplanned jackpot: Hackers cash in!

🎰 MGM's unplanned jackpot: Hackers cash in!

free lessons on verification included

Author

Disable User
September 18, 2023

Hi and welcome to another Security weekly. Where we laugh, we cry and share the latest and greatest in security and tech news.

In this week's edition:
🎰 MGM's unplanned jackpot: Hackers cash in!
📰 Bits & Bytes
❓ Disable User explains: Super/Global/Enterprise admin
đŸ”„ meme of the week

Reading time: 02:49

🎰 MGM's unplanned jackpot: Hackers cash in!

There’s a famous line in the Scorsese movie ‘Casino’:

“When you love someone, you’ve gotta trust them. There’s no other way. You’ve got to give them the key to everything that’s yours. Otherwise, what's the point?”

And boy, did MGM give away the key’s to everything.

But before I dive in, why am I writing about this?

  • Even for us Europeans the MGM Casino is iconic

  • Lot’s of cybersecurity lessons in this story

  • Great excuse to use GIF’s and quotes from Ocean’s Eleven & Casino. Jackpot!

Word on the cyber street is that the BlackCat’s affiliate Scattered Spider has pulled a fast one on MGM.

Scattered Spider is a ransomware group that specializes in social engineering attacks. Often employing tactics like impersonating help desk personnel and deploying phishing attacks.

And that’s exactly what they did:

  • Went over to LinkedIn to find a MGM employee’s details

  • Called the helpdesk, claiming to be the employee in need of a password reset

  • Helpdesk engineer provided the reset

  • They broke in.

And they didn't just break in; they encrypted over a hundred of MGM’s ESXi hypervisors, making a high-rolling company hit the digital canvas.

MGM Resorts did what any besieged giant would do: They clammed up.
Not a peep.

You'd think that facing a potential loss of millions and bad PR, they'd be negotiating.
Instead, the cyber gang claims MGM disconnected their Okta Sync servers, a key piece of their IT infrastructure, after figuring out they'd been had.

This of course had massive impact in the casino and the hotel, with ATM’s and digital entrance systems to hotel rooms going offline.

And now?

BlackCat's not sitting still. They've made it clear: pay up, or we'll double down on our attacks.
And they’re not bluffing. After all, they've got the keys to the kingdom, including MGM's Azure cloud environment.

Will MGM negotiate, or are they hoping for a Hail Mary? All bets are off.

Takeaway? Verification is key.

MGM is a huge company (50 000+ employees), so it’s impossible to know every employee. We can’t blame the helpdesk employee per se, but the lack of verification was unmatched.

With that in mind, some tips everyone can use:

  • Update (or create) verification policies - even when you’re only 50 people. I’ll write an example below.

  • Never trust, always verify - with AI on the rise, there have been countless impersonations demonstrated. Always verify, even if you think you know who you’re interacting with.

  • Use multiple verification factors - just like with MFA, use multiple factors

Examples

User calls for a password reset.

Your options:

  • Let them verify their identity with 3 security questions. Make sure these answers cannot be guessed, or found online.

  • Make them send an email to confirm. Verified emails only ofcourse.

  • Perform the change, but send it to their manager/privileged contact. Don’t for fall urgency.

Bits & Bytes

Super/Global/Enterprise admin

The highest level of administrative access in a computer system, allowing full control over all aspects of the system, including sensitive and secure areas.

"Just because you can play God, doesn't mean you should.”
Avoid using/assigning these privileges at all costs, only when there really isn’t any other option.

Meme of the week

Funny? Yes. True? Also, yes :(