In a stark reminder of the ever-present cybersecurity threats, MGM Resorts International, a major player in the global hospitality industry, fell victim to a crippling cyberattack on September 11, 2023. This orchestrated assault was carried out by the Scattered Spider and ALPHV ransomware gangs, culminating in the encryption of several hundred of MGM’s ESXi virtual machine infrastructure. The resulting disruption in MGM’s operations included the unavailability of its website and mobile app, the cancellation of hotel reservations and loyalty program rewards, and a detrimental impact on its stock price.
The Attack Vector
The attackers infiltrated MGM’s network by exploiting a vulnerability within the company’s Okta identity and access management (IAM) system. Okta, a cloud-based IAM platform, facilitates user identity and access management for various applications. The vulnerability exploited allowed unauthorized access to Okta administrator accounts. This breach provided the attackers with the capability to create new user accounts and reset passwords for existing accounts.
The Impact of the Attack
The MGM cyberattack had severe consequences, both operationally and financially. According to a report by CyberArk, MGM incurred an estimated daily loss of $8.4 million while its systems were compromised. Moreover, the attack tarnished MGM’s reputation and adversely affected its stock price.
Key Lessons Learned from the MGM Cyberattack
The MGM cyberattack serves as a stark reminder that no organization is immune to cyberattacks, regardless of its size or industry. The attack also highlights the following important lessons:
Targeting of Critical Infrastructure: The incident exemplifies the fact that cybercriminals are increasingly focusing on critical infrastructure organizations.
Evolving Ransomware Sophistication: The success of the ALPHV ransomware group in encrypting MGM’s data and pilfering sensitive customer information highlights the growing complexity of ransomware attacks, rendering them more challenging to defend against.
Need for Comprehensive Cybersecurity Strategy: Despite having various security measures in place, MGM Resorts International couldn’t prevent the ransomware attack. This emphasizes the necessity for organizations to establish a comprehensive cybersecurity strategy incorporating multiple layers of defense.
Preparedness for Cyberattacks: MGM Resorts International’s preparedness in responding to cyberattacks allowed them to swiftly contain the breach, conduct an effective investigation, and ultimately recover from the attack.
Security Recommendations for Organizations
In light of the MGM Resorts cyberattack, organizations can take proactive steps to safeguard themselves from cyber threats:
Implement a Zero-Trust Security Model: Adopt a zero-trust security model, assuming that no user or device can be trusted by default, requiring authentication and authorization for resource access.
Utilize Multi-Factor Authentication (MFA): Enhance security by requiring users to input a code from their mobile device in addition to their password.
Regularly Patch and Update Software: Mitigate vulnerabilities by consistently updating and patching software to reduce the risk of exploitation by cybercriminals.
Segment Networks and Systems: Contain potential damage from cyberattacks by segmenting networks and systems.
Establish a Robust Cyberattack Response Plan: Develop and maintain a comprehensive response plan, encompassing steps for attack containment, investigation, and recovery.
Prioritize Data Encryption: Protect sensitive data from unauthorized access by encrypting it both at rest and during transmission.
Maintain Regular Backups: Regularly back up data, keeping these backups offline and regularly testing their recoverability.
Promote Employee Education and Awareness: Educate employees about cybersecurity best practices, emphasizing how to identify and thwart phishing attacks and other social engineering scams.
Here are some additional recommendations for protecting against ransomware attacks:
Leverage Endpoint Security Solutions: Detect and prevent malware, including ransomware, on endpoints by employing endpoint security solutions.
Implement a Least Privilege Model: Restrict user and application permissions, limiting the damage potential of a ransomware infection.
Monitor for Suspicious Activity: Continuously monitor networks and systems for any anomalous activities indicative of a ransomware attack
Backup and Recovery Plan: Develop a comprehensive backup and recovery plan, storing backups offline to thwart encryption by ransomware.
Organizations should also consider the following recommendations to protect their critical infrastructure assets:
Segment Critical Infrastructure Networks: Isolate critical infrastructure networks to confine damage caused by a ransomware attack.
Utilize Industrial Control System (ICS) Security Solutions: Implement dedicated ICS security solutions tailored to protect these systems from cyberattacks, including ransomware.
Defense-in-Depth Strategy: Employ a defense-in-depth strategy, incorporating multiple security layers to safeguard critical infrastructure assets.
Conclusion
The MGM Resorts cyberattack serves as a stark reminder that no organization is immune to cyber threats, emphasizing the need for a comprehensive cybersecurity strategy. Organizations should educate their employees on best practices and maintain a well-defined response plan for cyberattacks. In addition, investing in threat intelligence, regular security testing, and business continuity planning are vital for staying ahead of evolving threats. Collaborating with cybersecurity vendors can provide organizations with the resources needed to protect against ransomware attacks. By following these recommendations, organizations can significantly enhance their resilience against cyberattacks and ransomware incidents.
