By REBECCA RUTHERFORD
For the Los Alamos Daily Post
What happens in Vegas stays in Vegas, unless the hotel you stayed in falls victim to a ransomware attack … because then you’ll probably be getting a data breach notification in the mail. Sept. 11 MGM Grand reported a “cybersecurity incident” impacting certain systems. Over the next week or so the casino giant faced shutdown of systems running the casino and hotels, and huge headaches for their guests as the casino was forced to go manual for almost everything. Casino winnings were noted on handwritten receipts, and guests had to wait in line for hours to check in as systems failed. According to some reports the casino is losing an estimated $8.4 million a day.
So, what is ransomware, and how did this huge attack go down? Ransomware at its most basic is “a type of malicious software designed to block access to a computer system until a sum of money is paid.” And recent trends have been towards “RaaS”, or Ransomware as a Service, which is even worse. A group known as Scattered Spider is likely responsible for the MGM attack, and it allegedly used ransomware made by ALPHV, or BlackCat, a RaaS operation. Scattered Spider is said to specialize in social engineering, an attack method where attackers manipulate victims into performing certain actions via impersonating people or organizations the victim has a relationship with. This group is said to be especially good at “vishing,” or gaining access to computer systems through a manipulative phone call rather than phishing, which is done through an email.
Courtesy/Rebecca Rutherford
So, what happened? It appears to have started with a phone call to MGM’s IT department impersonating an MGM employee. It appears the attackers were able to harvest an MGM employee’s information off LinkedIn and use that to impersonate them in a call to the help desk, and then used this information to compromise the systems.
Once they were into the MGM systems, they were not only able to shut down access to these systems, but they were also able to encrypt and exfiltrate MGM data. This means that the next step, should MGM not pay the ransom, will likely be a data breach when they dump all this information on the dark web.
Another big Vegas casino fell victim to a ransomware attack just weeks before, Caesar’s Palace. In their case, they are said to have paid half the requested ransom, $15 million, to get access back to their systems and data.
According to Okta, a security firm, its U.S. customers have been reporting a consistent pattern of attacks where hackers impersonated the victim company’s employees and convinced the information technology helpdesk into providing them access.
This is a huge cyber incident, and it remains to be seen how MGM resorts handle it. On the bright side, if you were on vacation in Vegas during this incident, and affected by the event, Larry Flynt’s Hustler Club is offering free lap dances and other perks to victims of the attack. So, there’s always that? In all seriousness though, this is a major event, and we can likely expect to see more of this style of attack in the future, especially after the huge payout from Caesar’s. Be careful with your data and who you share it with, because you can be as secure as you want, but you can never guarantee that whoever you share it with will be.
Editor’s note: Rebecca Rutherford works in information technology at Los Alamos National Laboratory.
