Suara Malaysia
ADVERTISEMENTFly London from Kuala LumpurFly London from Kuala Lumpur
Friday, November 22, 2024
More
    ADVERTISEMENTFly London from Kuala LumpurFly London from Kuala Lumpur
    HomeTechMGM Resorts hackers broke in after tricking IT service desk

    MGM Resorts hackers broke in after tricking IT service desk

    -

    Fly AirAsia from Kuala Lumpur

    The online attack that disrupted MGM Resorts International resorts and casinos across the country began with a social engineering breach of the company’s information technology help desk, according to a cybersecurity executive familiar with the investigation.

    David Bradbury, chief security officer at the identity and access management company Okta, said his company issued a threat advisory in August about similar attacks against some of its customers, in which hackers used a low-tech social engineering tactics to gain entry and then more advanced methods that allow them to impersonate users on the networks.

    Okta’s advisory warned that hackers were tricking IT service desk staff into resetting multifactor authentication settings enrolled by “highly privileged users.”

    At that time, Bradbury said his staff wasn’t sure who was behind the attacks. But in the weeks since then, he said “all signs are pointing” to a group known as Scattered Spider, the same outfit suspected of hacking MGM and Caesars Entertainment Inc in recent weeks. Okta has been assisting MGM, a customer, in its response to the attack, he said. Okta also counts Caesars as a client.

    Brian Ahern, spokesperson for MGM resorts, declined to comment about specifics of the attack. Ahern said the company has been working with FBI and the US Cybersecurity and Infrastructure Security Agency since the breach, he said.

    The FBI said in a statement provided to Bloomberg News that it is investigating both the Caesars and MGM incidents.

    A former MGM employee who was familiar with the company’s cybersecurity policies pointed to the help desk as vulnerable to attack. The person said that to obtain a password reset, employees would only have to disclose basic information about themselves – their name, employee identification number and date of birth – details that would be trivial to obtain for a criminal hacking gang. The employee, who requested anonymity to discuss sensitive matters, said details were too easy to obtain and were the root cause of what “caught MGM up here.”

    ALSO READ:  Musk's xAI set to launch first AI model to select group

    Ahern declined to comment on the former employee’s allegations.

    Caesars said in a regulatory filing that it identified suspicious activity in its network “resulting from a social engineering attack on an outsourced IT support vendor used by the company.” The attack on Caesars occurred in recent weeks, and the hackers broke into the company’s systems and threatened to release data, according to two people familiar with the matter. Caesars paid the attackers tens of millions of dollars, the people said. “We have taken steps to ensure that the stolen data is deleted by the unauthorized actor, although we cannot guarantee this result,” Caesars said in the filing.

    Scattered Spider, also known as UNC3944, are known for their social engineering skills. Members of the group are based in the US and UK, and some are as young as 19 years old, according to four cybersecurity experts familiar with the group.

    They also sometimes work with a ransomware gang known as ALPHV, which is believed to be Russia-based, according to cybersecurity experts.

    In a statement posted on the group’s dark web page on Thursday (Sept 14), ALPHV claimed credit for the attack and called reporting that teenagers from the US and UK were involved in the breach rumors. The group also said MGM’s attempts to evict them from the Okta system didn’t go according to its plans.

    Bradbury, from Okta, said he wanted to get the word out about the hackers and their techniques, so customers can bolster their cyber defenses. He described the hackers as highly skilled in identity technology, “so we can expect that they will make more and more attacks going forward.” – Bloomberg

    ALSO READ:  ‘No homework here’: China café bans in-store parent-child tutoring amid fears over outbreaks of ‘emotional turbulence’



    Credit: The Star : Tech Feed

    Suara
    Suarahttps://www.suara.my
    Tech enthusiast turning dreams into reality, one byte at a time 🚀

    Related articles

    ADVERTISEMENTFly London from Kuala Lumpur

    Subscribe to Newsletter

    To be updated with all the latest news, offers and special announcements.

    Latest posts