Our AI writing assistant, WriteUp, can assist you in easily writing any text. Click here to experience its capabilities.

Hackers behind MGM cyberattack thrash the casino’s incident response

View Original View Raw

Summary

In an unexpected turn of events, the ransomware group ALPHV released a statement criticizing both MGM Resorts International and the cybersecurity firm VX Undergrounds for their handling of the MGM cyberattack. ALPHV claimed that MGM had multiple system vulnerabilities, did not care about customer safety, and had an incompetent response team. They also accused VX Undergrounds of misinforming and oversimplifying the techniques used in the attack. ALPHV also alleged dubious activities within MGM, such as insider trading, and noted that several of MGM's key systems remain shut down days after the attack.

Q&As

How did MGM Resorts International and VX Undergrounds mishandle the ongoing cyberattack on MGM?
MGM Resorts International and VX Undergrounds mishandled the ongoing cyberattack on MGM by rushing through their response, falsely reporting events that never happened, and spreading misinformation.

What tactics, techniques, and procedures did ALPHV use to infiltrate MGM's network?
ALPHV used vulnerabilities in MGM's Okta Agent to infiltrate the network and gain super administrator privileges to MGM's Okta and Global Administrator privileges to their Azure tenant.

What was the reaction of Bobby Cornwell, Vice President of Strategic Partner Enablement & Integration at SonicWall, to MGM's response to the attack?
Bobby Cornwell believed MGM's move to shut down was justified, saying they made the right call to lock down all the systems it did, even if it meant inconveniencing its guests as a result of their actions.

What criticisms did ALPHV make of VX Undergrounds in the message they released?
ALPHV criticized VX Undergrounds for falsely reporting events that never happened with regard to the tactics, techniques, and procedures (TTP) used, and for oversimplifying the TTPs deployed in the attack.

What do the insider trading activities of MGM suggest about their interest in customer safety?
ALPHV suggested that the insider trading activities of MGM indicate that they are not interested in customer safety, as no insider has purchased any stock in the past 12 months, while insiders have sold shares for a combined 33 million dollars.

AI Comments

👍 This article provides a great insight into the cyberattack on MGM, the response taken and the criticism of the incident response team. It is also very informative about the tactics, techniques and procedures used by the attackers.

👎 This article fails to provide any solutions to the issue of cyberattacks and does not offer any preventative measures that can be taken by MGM and other organizations.

AI Discussion

Me: It's about a recent cyberattack on MGM Resorts International. The hackers behind the attack released a statement criticizing MGM for their poor response and incompetence. They also blamed a cybersecurity firm VX Undergrounds for spreading misinformation.

Friend: Wow, that's really concerning. It makes me wonder if any other companies are vulnerable to similar attacks.

Me: Yeah, that's a good point. It really highlights the importance of having strong security measures in place to protect data and systems. Companies need to invest in cyber security to ensure their networks are secure and their customers' confidential information is safe. It's also important for organizations to have an incident response plan in place to quickly address any potential cyber threats.

Action items

Research the latest cyber hygiene strategies to help prevent cyber attacks.
Develop a comprehensive patching process and shore up defenses around credentials.
Monitor news of CSO, CISO, and other senior security executive appointments.

Technical terms

Hackers: Individuals who use computer programming skills to gain unauthorized access to computer systems or networks.
Cyberattack: An attack on a computer system or network, typically from an outside source, with the intent of causing damage or disruption.
Incident Response: The process of responding to and managing the aftermath of a security breach or cyberattack.
Ransomware: Malware that encrypts a user’s data and demands a ransom payment in exchange for the decryption key.
Okta: A cloud-based identity and access management platform.
Azure: Microsoft’s cloud computing platform.
TTPs: Tactics, techniques, and procedures used by attackers.
Exfiltrate: To remove data from a computer system or network.
Insider Trading: The illegal practice of trading on material, nonpublic information about a company.