💰💣

MGM Security Incident

2023 995 days ago Resolved

Incident Overview

Situation Description

The gaming and hospitality giant MGM experienced a multi-vector attack that halted its systems for nearly five days, impacting Caesars Entertainment as well.

Event Types

Ransomware Malware / Destructive Attack

Industry Sector

Hospitality

Geographic Scope

nan

Response Actions

Revised Incident Response Plan Conducted Employee Training Hardened Attack Surface Implemented Advanced Authentication

Impact Analysis

Event Types (2 identified)

Ransomware Malware / Destructive Attack

Financial Impact

$0 USD

Records Affected

Data Types Compromised

Credentials PII (Personally Identifiable Information)

Primary Impacts

Operational Disruption Financial Loss Reputational Damage

Key Decisions Made

Scale out cybersecurity programs and search for efficiency gains to outpace malicious actors.; Bolster security posture with a scrutinous assessment in threat intelligence, detection and remediation with custom logic, zero-trust architecture, incident response plans, employee training, and red team testing.; Implement a risk-based vulnerability management (RBVM) strategy that prioritizes response and remediation paths across the entire organization.

Technical Analysis

Attack Method

Social Engineering

Threat Actor Attribution

Scattered Spider UNC3944

Vulnerability / Tool

ALPHV BlackCat

Additional Information

Table of Contents What Does This Tell Us? Common Attack Tactics, Techniques, and Procedures (TTPs) Key Learnings and Preventative Measures The Importance of a Risk-Based Vulnerability Management (RBVM) Program As many are aware, the systems of the $14 billion dollar gaming and hospitality giant MGM have been brought to a halt for nearly 5 days due to a multi-vector attack that has come to affect Caesars Entertainment as well. While the culprits of the attack are not confirmed, hacking group Scattered Spider , who is also associated with UNC3944-related groups Scatter Swine, Oktapus, and Muddled Libra , has been suspected to be the attacker. This attack is notable not only because of its scope but also due to its use of ransomware made by ALPHV or BlackCat (Ransomware-as-a-Service), suggesting that the UNC3944 threat cluster is likely here to stay and expand. Since 2022, the UNC3944 threat cluster has always deployed social engineering and SMS phishing campaigns (smishing) to obtain credentials to gain access and expand within a victims network. However, in 2023, UNC3944 began to evolve to muster advanced ransomware attacks targeting an array of private sector companies MGM just being the most infamous of late. What Does This Tell Us? The message is clear with the evolution of the UNC3944 threat cluster and the use of ALPHV or BlackCat (Ransomware-as-a-Service). Ransomware attacks are growing more lucrative and, therefore, common. Attacker tactics, techniques, and procedures (TTPs) will continue to expand in their scope and complexity. Even the most advanced and well-funded attack cluster, as in the case of UNC3944, still relies heavily on old-fashioned, persistent phone-based social engineering bto begin their attack, highlighting the importance of cybersecurity training and rigorous zero-trust networking access (ZTNA) policies to reduce lateral movement after attackers gain entry into a victims infrastructure. Common Attack Tactics, Techniques, and Procedures...

... (truncated for display)

Quick Facts

Company:: MGM
Date:: 2023
Status:: Resolved
Decision Maker:: nan
Position:: nan
Published:: nan

Source Information

Original Query

impact of "Scattered Spider" tactics on corporate incident response and employee training

View Original Source

Timeline

Information Published

nan

Incident Occurred

2023 (995 days ago)

Status: Resolved

Estimated resolution based on age

Actions

View Company Profile

Navigation

Quick Stats