The Impact and Lessons of the MGM Cyber-Attack
Sep 15, 2023 Dan Levy Blog | Cyber Security 1 min read
News this week has been dominated by the story of over a dozen MGM Hotels & Casinos that have had to shut down operations after a cyberattack against their computer systems. First announced on Sunday, systems at a dozen MGM properties were suddenly inoperable, paralyzed by a breach stemming from a highly targeted phishing attack.
Despite assurances from MGM Resorts International that daily operations had resumed, guests of the resort continued to report the opposite, posting photos online of offline slot machines.
As reported in USA Today, to contain the incident, MGM Resorts International began working with external cybersecurity experts to remediate and contain the breach.
Not long after the attack, VX Underground, a not-for-profit group that establishes contact with cyber-crime groups and documents patterns and activity, reported the incident to be caused by a threat group named AlphV BlackCat, infamous for many high-profile attacks – including those against Suffolk County, NY in 2022.
The FBI has been made aware of the incident, but characterized the event as ongoing, according to The Associated Press.
Businesses of all sizes that deal with sensitive data are targets of cyber criminals and must implement cybersecurity services to help mitigate risks. This well-publicized event serves as a reminder of the importance of being prepared for a potential cybersecurity incident at any time.
Your business needs a proper information security plan to handle cybersecurity threats now and in the future. Creating a plan and revisiting it annually is recommended. Example cybersecurity measures your business must implement includes:
- Installing Enterprise-Grade Firewalls
- Maintaining a Robust Backup and Disaster Recovery Solution
- Using Multi-Factor Authentication
- Securing Passwords with a Password Management System
- Restricting Access to Sensitive Data
- Creating and Maintaining Security Policies and Procedures
- Providing Cybersecurity Awareness Training to all Employees
- Seeking Professional Assistance
Ramp up your cybersecurity posture and protect sensitive data. Sourcepass can help.
Dan Levy is the Sourcepass Security Engineering Lead. Reach out to Dan at (877) 678-8080.