💰💣

MGM Resorts International Security Incident

Q3 2023 915 days ago Resolved

Incident Overview

Situation Description

MGM Resorts International suffered a significant cyberattack initiated by Scattered Spider, leading to a near shutdown of operations and substantial financial losses.

Event Types

Ransomware Malware / Destructive Attack

Industry Sector

Hospitality

Geographic Scope

nan

Response Actions

Isolated Compromised Systems Took Systems or Services Offline Restored Systems from Secure Backups Conducted Threat Hunting & Eradication

Impact Analysis

Event Types (2 identified)

Ransomware Malware / Destructive Attack

Financial Impact

$8,400,000 USD

Records Affected

Data Types Compromised

PII (Personally Identifiable Information) Credentials Operational / System Data

Primary Impacts

Financial Loss Operational Disruption Reputational Damage

Key Decisions Made

Terminating Okta sync servers to regain control.; The threat actors deployed BlackCat/ALPHV ransomware, encrypting several hundred ESXi servers.; MGM's incident response team worked to contain the attack and restore operations.

Technical Analysis

Attack Method

Social Engineering

Threat Actor Attribution

Scattered Spider BlackCat/ALPHV

Additional Information

The MGM Resorts Attack: Initial Analysis September 22, 2023 Andy Thompson Share this Article Facebook Twitter Email LinkedIn The recent cyberattack on MGM Resorts International has raised serious concerns about the security of sensitive data and the vulnerabilities organizations face in todays digital landscape. In this blog post, we will dive into the details of the attack based on the information currently available, analyze its root causes and discuss key takeaways to help organizations strengthen their security posture. MGM Attack: What We Know (Thus Far) Allegedly, a criminal gang made up of U.S. and U.K.-based individuals that cybersecurity experts call Scattered Spider (aka Roasted 0ktapus, UNC3944 or Storm-0875) initiated a social engineering attack that led to the near shutdown of MGM Resorts International. MGM Resorts International is a global hospitality and entertainment company, with a portfolio of 29 hotel and resort properties, including iconic brands like Bellagio, MGM Grand and Mandalay Bay. (Did you attend Black Hat at the Mandalay Convention Center this year? Yes, this could directly affect you.) A social engineering attack allowed the threat actor to burrow into the MGM environment and establish a foothold. Due to the common mistake of password reuse, CyberArk Labs as well as many experts in the cybersecurity community are currently under the impression that the attackers had usernames and passwords from previous data breaches. With additional information collected from a high-value users LinkedIn profile, they hoped to dupe the helpdesk into resetting the users multi-factor authentication (MFA). They were successful. Based on available information, as it currently stands, threat actors also were observed creating persistence in MGMs network by configuring an entirely additional Identity Provider (IdP) in the Okta tenant using a feature called inbound federation. The function is intended to allow the fast connection of different Okta...

... (truncated for display)

Quick Facts

Company:: MGM Resorts International
Date:: Q3 2023
Status:: Resolved
Decision Maker:: nan
Position:: nan
Published:: 22/09/2023

Source Information

Original Query

MGM Resorts ransomware attack customer data breach notification content analysis

View Original Source

Timeline

Information Published

22/09/2023

Incident Occurred

Q3 2023 (915 days ago)

Status: Resolved

Estimated resolution based on age

Actions

View Company Profile

Navigation

Quick Stats