In our rapidly evolving digital landscape, the significance of airtight cybersecurity is paramount. The recent incidents at MGM & Caesar’s highlight this urgency.
The Incident
MGM faced operational hiccups when slot machines and hotel room key cards went haywire. Likewise, Caesar’s experienced a breach, exposing sensitive data like driver’s license numbers and social security details of their loyalty program members. The shocking part? A phone call to the casino’s helpdesk was the entry point.
These establishments were seemingly on the radar of ransomware-as-a-service (RaaS) groups ALPHV/Blackcat and Scattered Spider. These groups adeptly used social engineering tactics to infiltrate, specifically targeting the company’s Okta platform, a popular identity and access management (IAM) provider for the cloud.
Their Tactics
The attackers claimed to have breached MGM’s systems by accessing the company’s Okta Agent, which connects to an organization’s Active Directory. After gaining access, they lurked around, collecting passwords, and subsequently launched ransomware cyberattacks on a massive scale. The ALPHV group has even threatened further action if their demands aren’t met.
Okta’s chief security officer, David Bradbury, acknowledged the cyberattack’s social engineering component. He emphasized that while the human aspect of the attack was straightforward, the subsequent stages were intricate. Bradbury also highlighted the importance of adding a visual verification step for high-access privilege users to prevent such breaches.
The MGM attack is resulting in daily losses of $8 million for the casino. This underscores that even seemingly secure organizations can still fall prey to cybersecurity breaches. The continued success of social engineering as a tactic demonstrates that humans are often the weakest link in the chain.
How to Fortify Your Defenses
This recent incident has left companies asking themselves if they are safe from similar attacks. Coretelligent emerges as a beacon of trust and reliability in this tumultuous cybersecurity climate. Episodes like this are more prevalent than ever, and we’re constantly making sure to analyze point by point where things could have been improved, even for victims who are not our clients. Learning and growing from every new event is part of what makes us a trusted organization in the cybersecurity space. That’s why we’ve outlined some of the solutions we offer to help prevent an attack like these for our clients.
Let us fortify your defenses with the following:
CoreArmor
- Real-time Monitoring: Detect unusual IT system activities, thwarting unauthorized access.
- 24×7 US-based SOC: Our cybersecurity experts are always on standby, ready to neutralize threats.
- Incident Response: Swift actions to curtail and mitigate security breaches.
- Penetration Testing & Reporting: Identify vulnerabilities proactively, ensuring they’re addressed before exploitation.
- End-user Security Awareness Training: Arm your employees with the knowledge to sidestep potential cyber threats.
CoreComply
- Managed Security Controls: A holistic approach to security controls, from access control reviews to ensuring no accounts are overprovisioned.
- TPRM Program Development: Our team delves deeper than just compliance checkboxes, ensuring a comprehensive vendor categorization based on data criticality.
- Hyperproof: A continuous compliance management tool.
- RiskRecon: A vigilant eye on external cyber hygiene and third-party risks.
- Risk Assessment: Comprehensive analysis and mitigation of potential compliance gaps.
Take Action
We’re offering a free Risk Assessment, your first step towards unparalleled security, compliance, and risk management. Join the ranks of thousands who’ve bolstered their defenses with Coretelligent.