A Multi-dimensional Threat Landscape Requires a Multi-dimensional Response
The recent cyberattacks on major American brands like MGM Hotels & Casinos have shed light on the growing sophistication and audacity of financially motivated threat actors. This is an alarming trend not just for the targeted companies but for the entire U.S. business landscape. The nature of these attacks has evolved from isolated incidents to well-coordinated, syndicated operations, sometimes involving insider threats, making them harder to prevent and more damaging when they occur.
The Financial Stakes and Makeshift Solutions
MGM Resorts International had to halt operations at over a dozen of its properties after a debilitating cyberattack left its computer systems compromised. This shutdown wasn't isolated to its Las Vegas properties but also impacted locations as far-reaching as Atlantic City and Ohio. With $3.9 billion in revenue for the quarter ending June 30, and a stock price that fell 3.8% since the attack, the financial ramifications are significant.
The nature of the cyberattack on MGM is also noteworthy because it was reported by Reuters that it “may:” involved a highly organised group known as Scattered Spider or UNC3944. This group has previously targeted telecommunication and business process outsourcing firms and is known for its financial motivations.
Evolving Tactics: The New Threat Landscape
The report from Bloomberg raises the unsettling possibility that Scattered Spider may have teamed up with another hacking group, ALPHV, in what could be a coordinated assault on both MGM and Caesars Entertainment. As pointed out by Crowdstrike in a January blog post, this group has been known to employ social engineering techniques to trick users into divulging their login details and one-time-password (OTP) codes, effectively circumventing multi-factor authentication.
What is particularly alarming about the modus operandi of groups like Scattered Spider is the evolving complexity of their attack strategies. Notably, these aren't just external threats; they could also involve internal actors. This adds a new dimension of risk, putting into question the integrity and security of a corporation's internal systems. If these syndicates are successfully penetrating corporate networks either through physical operatives or virtual insiders, it signifies a disconcerting advancement in cyber warfare tactics.
It is "one of the most prevalent and aggressive threat actors impacting organizations in the United States today," Charles Carmakal, chief technology officer at Alphabet Inc's (GOOGL.O) Mandiant Intelligence said in a post on LinkedIn on Wednesday, following reports about the MGM breach.
Extended Paralysis: The Real-world Business Impact
Such sophistication can no longer be countered by traditional cybersecurity measures alone. Brands will have to adopt multi-faceted approaches that include advanced data analytics, machine learning algorithms, and perhaps even counter-intelligence operations to identify and neutralise threats before they can inflict damage.
"They leverage tradecraft that is challenging for many organizations with mature security programs to defend against,"
Carmakal said.
The FBI said on Wednesday it was investigating the incident, but did not elaborate. The rating agency Moody's warned the breach could negatively impact MGM's credit rating.
Another aspect of these attacks that should not be overlooked is the extended period of paralysis it can impose on companies. In the case of MGM, some of its operations like gambling continued in a "manual mode," according to a statement. This is a stopgap solution at best. Companies in sectors like healthcare, energy, or transportation do not have the luxury of a manual mode, making the potential implications of a successful cyberattack far more catastrophic.
MGM said gambling was continuing in “manual mode”.
MGM said on The Las Vegas television channel
Moreover, it's concerning that no one has taken credit for the attack on any known dark web forums (from time of writing). While this could be a strategy to divert attention, it may also signify that the group is still active within the compromised systems, a scenario that could have even graver implications for data integrity and confidentiality.
Historical Context: Lessons Not Learned
Despite having been targeted before, MGM and other companies seem to be struggling with implementing effective cybersecurity measures. In 2019, MGM has been hacked before — some 10mn customers had their personal information exposed in 2019. Iranian hackers targeted rival Sheldon Adelson’s Las Vegas Sands Corp. in 2014 following comments the pro-Israel Adelson had made about the Islamic Republic’s nuclear program.
The recurrence indicates a possible systemic issue that goes beyond the failure of cybersecurity software and could involve inadequate employee training, or perhaps more critically, a complacent organisational culture towards cybersecurity.
This is not MGM’s first brush with cybercrime. "MGM has been hacked before—some 10 million customers had their personal information exposed in 2019." Repeated attacks on the same enterprise indicate not just a failure of technology but possibly also a flawed organisational culture that is not treating cybersecurity with the gravity it deserves.
To sum up, MGM's recent cyber debacle, possibly at the hands of Scattered Spider and its affiliates, is not an isolated incident but an omen. It underscores the urgent need for corporations to revamp their cybersecurity strategies and internal protocols. The days when a strong external firewall was considered sufficient are clearly over. It’s time to accept that modern cybercriminals are not just breaking through defences but potentially operating from within. As these syndicated and financially-motivated threat actors continue to evolve, so must the defences against them. Failure to adapt will not only make individual companies vulnerable but may also endanger the broader economic infrastructure.
