The industry acknowledges the necessity for a revolutionary and transformative approach to cyber...
ConsoleWorks REACTs to MGM & Cesars Hacks
Imagine you are in Las Vegas, enjoying a vacation at one of the famous casino resorts. You have just won a big jackpot and are ready to celebrate. But when you try to check out of your room, you find out that the hotel’s computer system is down. You can’t access your reservation, your loyalty points, or your winnings. You are stuck in limbo, along with thousands of other guests who are facing the same problem.
This is not a hypothetical scenario, but a reality that many guests at MGM Resorts faced on September 10, 2023, when the company was hit by a major ransomware attack that took systems offline in locations across Las Vegas. The attack left guests locked out of their rooms and unable to transact both on site and through the MGM mobile app. Eventually the affected casino hotels had to process transactions manually. It is expected that this incident will have a material effect on its operations as it continues to deal with the fallout.
MGM Resorts was not the only casino company targeted by hackers in recent weeks. On September 14, 2023, Caesars Entertainment disclosed that it had suffered a data breach that compromised the personal information of many of its loyalty program members, including their Social Security numbers and driver’s license numbers. Caesars paid about $15 million in ransom to the attackers to prevent them from releasing the data.
These attacks have drawn scrutiny from the FBI, the Cybersecurity and Infrastructure Security Agency, the Nevada Gaming Control Board, and the Nevada Governor. They also highlight the need for more cybersecurity professionals and better security practices in the casino industry.
It also begs us to state that in this case, the weak point was the human response, they were fooled by the hacker to perform a privileged function to allow the hacker in by resetting credentials. Therefore, no technology could actually prevent this hack. I would argue however, that with a fully deployed ConsoleWorks REACT solution, the hacker would have tripped over so many monitoring points and associated alerts with automated responses enforcing business policy, I can not imagine how they could have succeeded. I know, go ahead, Challenge ConsoleWorks. Lets use our lab to let you come after the lab or asset in the lab, whether its IT, OT or IOT. Im good for a great discussion and demonstration.
In this blog, we will explore how ConsoleWorks, a cybersecurity and operations platform that provides secure remote access to IT and OT devices, could have prevented or mitigated these attacks using its features and benefits. We will also discuss how ConsoleWorks aligns with the Zero Trust approach, which is a security model that assumes no trust for any entity inside or outside the network perimeter.
How ConsoleWorks could have prevented or mitigated the MGM attack
The MGM attack was carried out by an affiliate of the notorious ransomware group ALPHV, also known as BlackCat. The hackers claimed to have infiltrated MGM’s network on September 11, 2023, after many attempts to reach out to them. They said they had access to MGM’s Okta environment, which is a cloud-based identity and access management service, as well as its Azure tenant, which is a cloud-based platform for hosting applications and services. They also said they had exfiltrated data from MGM’s domain controllers, which are servers that store user accounts and passwords.
ConsoleWorks is a cybersecurity and operations platform that provides secure remote access to IT and OT devices. It could have prevented or mitigated this attack in several ways, such as:
By integrating with third-party security tools and services, such as antivirus, firewall, backup, and recovery solutions. This would enhance the protection and resilience of the IT and OT systems, and enable faster recovery in case of a disaster.
To significantly bolster security measures, ConsoleWorks takes a proactive stance by implementing a protocol break and embracing a Zero Trust system with role-based access control (RBAC) and multi-factor authentication (MFA). This proactive approach effectively thwarts hackers who rely on social engineering tactics to bypass security protocols or gain access to credentials, thereby preventing the transmission of malware and viruses into the critical environment. The absence of end-point asset credentials poses a formidable challenge for these malicious actors. It is important to emphasize that only OKTA has access to ConsoleWorks, not the actual endpoint.
Moreover, if a hacker were to attempt a reset of their PDC credentials on the PDC itself, it would raise immediate suspicion. The truth is, they wouldn't possess PDC credentials as they are exclusive to ConsoleWorks. This inconsistency serves as a clear indicator that something is amiss and necessitates immediate attention.
Through the implementation of automated configuration monitoring on managed end points, ConsoleWorks can effortlessly maintain a comprehensive record of the system's configuration. This includes details such as who made changes, when these changes occurred, and the specific commands that were used. This advanced functionality allows for a thorough understanding of the approved configuration both before and after any human interaction takes place. By comparing the approved values with the current values at the end of a user session, ConsoleWorks ensures the utmost accuracy and security.
In the scenario involving MGM, ConsoleWorks would have promptly identified any modifications made to the reporting of monitoring tools on the system, as well as any newly installed software. As a result, it would be equipped to provide a detailed log of the session undertaken by the perpetrator involved in the hacking incident. This not only strengthens the security measures, but also enables effective password management, patch gap analysis, and event remediation in the native language of the assets. With ConsoleWorks, IT and OT systems can remain consistently updated, secure, and fully compliant with industry standards and regulations.
password management, patch gap analysis, and event remediation using the assets’ native language. This would ensure that the IT and OT systems are always updated, secure, and compliant with the best practices and regulations.
Tabs are an effective way to organize information on a website page when there is a large amount of content that needs to be separated into distinct categories. Label your tabs with one or two words that define each category of information.
When styling your tabs, highlight the selected tab by giving it a color that differs from your unselected tabs, so that it's easy for your visitors to navigate.
Tabs are an effective way to organize information on a website page when there is a large amount of content that needs to be separated into distinct categories. Label your tabs with one or two words that define each category of information.
When styling your tabs, highlight the selected tab by giving it a color that differs from your unselected tabs, so that it's easy for your visitors to navigate.
By actively monitoring, logging, and promptly reporting all activities performed on managed assets in real-time, organizations can significantly boost their ability to swiftly detect and respond to potential cyberattacks. This proactive approach not only alerts security teams promptly of any suspicious or unauthorized actions but also enables the creation of a detailed forensic record of the incident, capturing even the smallest details across diverse endpoints. Additionally, by effectively aggregating and intertwining all log files, organizations gain valuable situational awareness and ensure compliance with regulatory and cybersecurity best practices.
In the case of MGM, Consoleworks would have provided the necessary audits and logs for every command issued and response received, empowering MGM to remediate the affected systems. This comprehensive solution would even include the crypto-keys utilized to encrypt the files on the machine, resulting in savings of up to 15 million dollars!
Is anyone from MGM or Cesars reading this?
Tabs are an effective way to organize information on a website page when there is a large amount of content that needs to be separated into distinct categories. Label your tabs with one or two words that define each category of information.
When styling your tabs, highlight the selected tab by giving it a color that differs from your unselected tabs, so that it's easy for your visitors to navigate.