• Advertise
  • Subscribe
  • Forums
  • Buyer's Guide
  • Contact Us
  • Connect on LinkedIn
    1. Cybersecurity

    Why common-sense security is essential regardless of budget

    Oct. 25, 2023
    The recent MGM cyberattack provides critical insights into just how basic mitigation strategies can strengthen infrastructure
    Courtesy of BigStock.com -- Copyright: AlizadaStudios
    Gaming industry analyst David Katz even estimated the loss to MGM at approximately $8.4 million in revenue daily due to this attack.
    Gaming industry analyst David Katz even estimated the loss to MGM at approximately $8.4 million in revenue daily due to this attack.

    The MGM Resorts International cyberattack is a stark reminder that no organization, irrespective of its size or financial capacity, is immune to cyber threats. While MGM is a multi-billion-dollar enterprise, its security challenges emphasize the importance of focusing on fundamental cybersecurity practices.

    Understanding the MGM Attack

    The security breach on MGM Resorts International wasn't the result of some high-tech, sophisticated malware; it was orchestrated through a social engineering attack. Cybercriminals, belonging to a group identified by cybersecurity experts as Scattered Spider, managed to infiltrate MGM’s environment. Exploiting the recurrent mistake of password reuse, these attackers leveraged credentials from past breaches, coupled with details from a LinkedIn profile, to trick the helpdesk into resetting multi-factor authentication (MFA).

    But what does this mean? It shows that even basic tactics can lead to extensive damage if basic cybersecurity measures are overlooked.

    Once inside, these threat actors demonstrated their skill by manipulating a feature meant for swift integration during company mergers, turning it into a backdoor. Not only did they gain control over MGM’s Identity Management system, but also its Microsoft Azure cloud setup. As a result, not only were the applications on the IAM platform at risk, but their entire cloud structure became vulnerable.

    When their presence was finally detected, the damage had been substantial. MGM’s infrastructure was significantly compromised, with the attackers having exfiltrated an unknown volume of data and retaining access to the cloud platform.
    Courtesy of BigStock.com -- Copyright: AlizadaStudios
    Gaming industry analyst David Katz even estimated the loss to MGM at approximately $8.4 million in revenue daily due to this attack.
    Gaming industry analyst David Katz even estimated the loss to MGM at approximately $8.4 million in revenue daily due to this attack.

    The Gravity of the Impact

    The fallout was catastrophic. MGM’s operations were severely hampered, with hotel keys malfunctioning, dinner reservations halted, payment systems down, and guests unable to check in or out. Imagine the inconvenience to the guests and the reputation damage to MGM. Gaming industry analyst David Katz even estimated the loss to MGM at approximately $8.4 million in revenue daily due to this attack. However, if we consider cyber remediation, disaster recovery, credit monitoring for employees and customers, and all the other costs, this attack has easily cost MGM over $100 Million USD.

    What Can We Learn?

    The MGM attack serves as a case study, demonstrating that:

  • IAM Platforms are Prime Targets: Protecting Identity and Access Management (IAM) platforms are crucial given their vital role in managing user identities and controlling access to resources within an organization. If compromised, IAM platforms can provide attackers with the keys to the kingdom, potentially granting them widespread access. Threat actors see IAM platforms as gateways to further penetrate and cause more damage. We must put up protective measures around IAM platforms to include anomaly detection, training employees to always follow proper procedures when resetting credentials, scrub social media for information that may aid hackers, ensure that passwords are checked against known compromised password lists, enforcing least privilege, regular auditing of access, and logging and monitoring.
  • MFA Is Critical: Unfortunately, the attackers were able to defeat the MFA solution by tricking the system admins using Vishing and Social Engineering. Having MFA alone is not enough, organizations must ensure that they enable context analysis around their MFA. Meaning that the MFA solution will look for anomalies in user behavior to include accessing resources that the user does not normally access, access the network from an unknown device, and monitoring other behaviors that mimic hackers.
  • Protect Tier 0 Assets: "Tier 0" assets refer to assets that have direct or indirect administrative control over the enterprise's identity and authentication systems. A compromise of these assets can lead to full enterprise control by an attacker. They are crucial to the network's integrity and compromising them can paralyze significant parts of an organization. Examples of Tier 0 include domain controllers, Privileged Account Management, and Active Directory. These assets need to be monitored closely, enforce least privilege, and have greater protections than other assets.
    • IdP Best Practices: IdP is short for Identity Provider, which is any entity that stores and manages digital identities. Ensuring secure MFA controls, helpdesk verification, and monitoring of trust changes are paramount. Helpdesk staff need regular testing and training to ensure they are following best practices. Organizations must test their staff by hiring social engineering testers as a part of their audit processes.
    Courtesy of BigStock.com -- Copyright: DragosCondrea
    The security breach on MGM Resorts International wasn't the result of some high-tech, sophisticated malware; it was orchestrated through a social engineering attack.
    The security breach on MGM Resorts International wasn't the result of some high-tech, sophisticated malware; it was orchestrated through a social engineering attack.

    A Call to Action

    Regardless of a company's budget or size, the fundamentals of cybersecurity remain paramount. MGM's experience emphasizes the need to:

    • Minimize exposure of critical accounts.
    • Strengthen MFA controls.
    • Safeguard critical infrastructure and assets.
    • Continuously monitor, assess, and adapt to emerging threats.

    Concluding Thoughts

    In an era defined by digital evolution, it's more vital than ever for organizations to fortify their defenses. The MGM attack underlines that even with vast resources, overlooking basic cybersecurity practices can have debilitating consequences. Emphasizing fundamental cybersecurity measures isn't just a recommendation; it's an imperative.

    Will Knehr, Senior Manager of Information Assurance and Data Privacy at i-PRO Americas
    Will Knehr, Senior Manager of Information Assurance and Data Privacy at i-PRO Americas
    About the author: Will Knehr is the Senior Manager of Information Assurance and Data Privacy at i-PRO Americas, Inc. where he works to secure their products and networks. He has been working to secure networks since 2004 when he started his career in Cryptologic Warfare conducting cyber defense missions for the NSA, CMF, DoN, DoD, and DISA – helping to defend, accredit, certify, and provide digital forensics and incident response on the Nation’s most sensitive and secure networks. He also worked for Northrop Grumman supporting special projects for the NSA and DISA building virtualized environments for malware analysis, data brokering, and managing their cybersecurity program.

    He has a master’s degree in Cybersecurity and another master’s degree in business. He holds many industry-leading certifications including CISSP, PMP, CEH, CNDA, CASP, CMMC RP, and many more.

    About the Author

    Will Knehr | Senior Manager of Information Assurance and Data Privacy at i-PRO Americas, Inc

    Will Knehr is the Senior Manager of Information Assurance and Data Privacy at i-PRO Americas, Inc. where he works to secure their products and networks. He has been working to secure networks since 2004 when he started his career in Cryptologic Warfare conducting cyber defense missions for the NSA, CMF, DoN, DoD, and DISA – helping to defend, accredit, certify, and provide digital forensics and incident response on the Nation’s most sensitive and secure networks. He also worked for Northrop Grumman supporting special projects for the NSA and DISA building virtualized environments for malware analysis, data brokering, and managing their cybersecurity program.

    He has a master’s degree in Cybersecurity and another master’s degree in business. He holds many industry-leading certifications including CISSP, PMP, CEH, CNDA, CASP, CMMC RP, and many more.

    Image Courtesy of Thinkstock
    Advanced Video Management Software (VMS) is the backbone of a video surveillance and security system.
    Image Courtesy of BigStock.com
    bigstock Face Of Bionic Man 68354236 58af5cde9952d