Imagine you are in Las Vegas, enjoying a vacation at one of the famous casino resorts. You have just won a big jackpot and are ready to celebrate. But when you try to check out of your room, you find out that the hotel’s computer system is down. You can’t access your reservation, your loyalty points, or your winnings. You are stuck in limbo, along with thousands of other guests who are facing the same problem.
This is not a hypothetical scenario, but a reality that many guests at MGM Resorts faced on September 10, 2023, when the company was hit by a major ransomware attack that took systems offline in locations across Las Vegas. The attack left guests locked out of their rooms and unable to transact both on site and through the MGM mobile app. Eventually the affected casino hotels had to process transactions manually. It is expected that this incident will have a material effect on its operations as it continues to deal with the fallout.
MGM Resorts was not the only casino company targeted by hackers in recent weeks. On September 14, 2023, Caesars Entertainment disclosed that it had suffered a data breach that compromised the personal information of many of its loyalty program members, including their Social Security numbers and driver’s license numbers. Caesars paid about $15 million in ransom to the attackers to prevent them from releasing the data.
These attacks have drawn scrutiny from the FBI, the Cybersecurity and Infrastructure Security Agency, the Nevada Gaming Control Board, and the Nevada Governor. They also highlight the need for more cybersecurity professionals and better security practices in the casino industry.
It also begs us to state that in this case, the weak point was the human response, they were fooled by the hacker to perform a privileged function to allow the hacker in by resetting credentials. Therefore, no technology could actually prevent this hack. I would argue however, that with a fully deployed ConsoleWorks REACT solution, the hacker would have tripped over so many monitoring points and associated alerts with automated responses enforcing business policy, I can not imagine how they could have succeeded. I know, go ahead, Challenge ConsoleWorks. Lets use our lab to let you come after the lab or asset in the lab, whether its IT, OT or IOT. Im good for a great discussion and demonstration.
In this blog, we will explore how ConsoleWorks, a cybersecurity and operations platform that provides secure remote access to IT and OT devices, could have prevented or mitigated these attacks using its features and benefits. We will also discuss how ConsoleWorks aligns with the Zero Trust approach, which is a security model that assumes no trust for any entity inside or outside the network perimeter.
How ConsoleWorks could have prevented or mitigated the MGM attack
The MGM attack was carried out by an affiliate of the notorious ransomware group ALPHV, also known as BlackCat. The hackers claimed to have infiltrated MGM’s network on September 11, 2023, after many attempts to reach out to them. They said they had access to MGM’s Okta environment, which is a cloud-based identity and access management service, as well as its Azure tenant, which is a cloud-based platform for hosting applications and services. They also said they had exfiltrated data from MGM’s domain controllers, which are servers that store user accounts and passwords.
ConsoleWorks is a cybersecurity and operations platform that provides secure remote access to IT and OT devices. It could have prevented or mitigated this attack in several ways, such as:
By integrating with third-party security tools and services, such as antivirus, firewall, backup, and recovery solutions. This would enhance the protection and resilience of the IT and OT systems, and enable faster recovery in case of a disaster.