Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label MGM Resort. Show all posts

Cyberattack Responses at MGM and Caesars Required Brutal Actions

 

Twin assaults on MGM Resorts and Caesars Entertainment have offered an unusual perspective at what happens when two comparable organisations, under similar attack by the same threat actor, use divergent incident response techniques. 

Both parties in this case were the victims of a cyberattack called Scattered Spider /ALPHV. Caesars was able to resume operations very soon after engaging in a fast negotiation with the cyber attackers and paying a $15 million ransom demand. 

However, MGM firmly refused to pay and only recently declared that its operations had resumed after more than 10 days of operational downtime at its hotels and casinos, costing the company tens of millions of dollars in lost income. 

Although it may be tempting to judge which strategy was superior, experts believe that any direct comparison of the Caesars and MGM responses to the incident is oversimplified. 

As an example, Rob T. Lee, chief curriculum director and faculty lead at SANS Institute, emphasises that the fundamental idea behind incident response is to strive to make the "least worst decision." And this is typically a difficult choice with both favourable and unfavourable (some would say harsh) consequences.

He explains, "many business decisions can go into that. Only once an incident is over can you see different paths that could have led to different or at least worse outcomes. There is no 'win' in these situations, only decisions that can prevent it from worsening."

Caesars or MGM: Who was right? It's complex 

One of those difficult decisions incident responders are pressed to make under pressure is whether or not to pay a ransom after a hack. It is commonly known that paying a ransom does not ensure data security or system restoration.

Even worse, it encourages more attacks by establishing a market for these cybercrimes. Business risk decisions, however, don't always boil down to black-and-white choices of right or wrong, and expediency is always a factor.

"Caesars' more rapid recovery post-ransom might give the impression they made a better decision," stated Callie Guenther, senior manager of cyber threat research at Critical Start. "From a business continuity perspective, their decision to pay might seem effective." 

The chief security scientist of Delinea and advisory CISO Joseph Carson argues that there are other issues at play. Companies that deliberate over their choices may come to the conclusion that forgoing payment makes more sense. 

According to his observations, organisations only have a four-day opportunity to reach a compromise with ransomware threat actors before views on both sides harden. After that, ransomware attackers often lose patience and enterprise security teams tend to grow entrenched in their positions. 

Another factor to consider is the cost of recovery. If recovery is unsettling but only costs a few million dollars, it may be a better option than an eight-figure extortion payment, Carson added.

MGM Resorts Breached by 'Scattered Spider' Hacking Group

 

MGM Resorts is still dealing with severe outages as a result of a hack that led it to shut down systems across its facilities. 

MGM, which owns and runs several Las Vegas Strip hotels and casinos, including the Bellagio, Aria, and Cosmopolitan, took down large parts of its internal networks on Sunday. 

This caused considerable disruption throughout the company's hotels and casinos, with customers claiming that ATMs and slot machines, as well as room digital key cards and electronic payment systems, were out of service. 

The downtime has now entered its fifth day, with MGM noting in a Thursday statement that it was attempting to "resolve our cybersecurity issue." Guests continue to report problems at MGM locations, despite the company's earlier assurance that its resorts, including restaurants, entertainment, and gaming, are "currently operational."

Recent social media reports indicate that MGM's casinos are still closed and that long lines have formed at affected sites as staff have resorted to using pen and paper. Guests have also claimed that TV service in hotel rooms is unavailable, as are MGM's phone lines. 

MGM's website, which previously urged guests to call in order to make reservations, now instructs them to use its Rewards app to make reservations. According to the website, MGM is also waiving change and cancellation costs for customers arriving until September 17. 

Earlier this week, Scattered Spider, a hacking gang, claimed that it was responsible for the MGM breach. The claim of responsibility was initially published by the malware repository collective vx-underground, which announced on Wednesday that Scattered Spider, thought to be a subgroup of the ALPHV ransomware gang, was to blame. MGM is not yet included on the dark web leak site where ALPHV regularly posts files stolen from victim organisations. 

It is unclear what, if any, data was stolen from MGM's networks. Scattered Spider, also known as UNC3944, is alleged to have been responsible for a recent cyberattack on Caesars Entertainment, claimed multiple reports this week. Bloomberg reported the incident on Wednesday, citing people with direct knowledge of it. 

According to Bloomberg, the hackers began attacking the gigantic hotel and entertainment company in late August by breaking into one of its external IT contractors. Later, Wall Street Journal reported that Caesars paid roughly half of the $30 million the hackers requested to keep their stolen data from being made public.