米高梅网络攻击强调分层防御的必要性

The odds are stacked in favor of increasingly bold and sophisticated cybercriminals, as 美高梅国际酒店集团 International and Caesars Entertainment learned this week, meaning organizations need multiple layers of defense and heightened vigilance against social engineering tactics.

美高梅国际酒店集团, which owns and operates multiple hotels/casinos in Las Vegas, 包括贝拉吉奥酒店, 曼德勒湾和卢克索, 还有全国各地的其他房产, reported a “cybersecurity issue affecting some of the company’s systems” on Sunday, 9月. 10在社交媒体上发帖.

The issue prompted MGM to take some of its systems offline while it dealt with the intrusion and worked with law enforcement. 结果是, 客人不能使用数字酒店房间钥匙, 赌场赌博被关闭, 酒吧和餐馆只能接受现金, 米高梅酒店无法接受新的预订, 根据新闻和社交媒体报道.

截至9月9日星期一. 11, 米高梅表示，系统已再次“正常运行”,” but reports of business disruption—and disgruntled guests—continued.  The hospitality chain has not confirmed any additional details but filed an 8-K with the U.S. 美国证券交易委员会(SEC)于2009年9月. 提醒监管机构注意这一事件. Shortly after news of MGM’s event broke, reports emerged of 勒索软件事件 袭击了赌场运营商凯撒娱乐公司. 该公司还向美国证券交易委员会提交了8-K表格, indicating that cybercriminals had stolen some customer data.

发生了什么事?

A malware research group trusted in the cybersecurity world known as VX-Underground reported earlier this week that threat actors tied to the ALPHV/BlackCat ransomware-as-a-service gang appeared to be behind the attack. 这个特殊的威胁组织, 也被称为分散蜘蛛和UNC3944, is believed to have perpetrated attacks on Reddit and Western Digital and excels at social engineering.

These tactics allowed them to trick MGM’s IT team into resetting an employee’s credentials and multi-factor authentication (MFA) keys, 安全专家说.

“All ALPHV ransomware group did to compromise 美高梅国际酒店集团 was hop on LinkedIn, 找一个员工, 然后打电话给服务台,VX-Underground在Twitter上发帖说. “A company valued at $33,900,000,000 was defeated by a 10-minute conversation.”

The threat actors themselves claimed responsibility for the MGM attack on Thursday, 9月. 14. They announced they gained access to MGM’s systems on Friday, 9月. 8, and that they were able to deploy ransomware despite MGM taking the systems offline on Monday, 9月. 11. They also alleged MGM had not been responsive and warned they still “have access to some of MGM’s infrastructure” and would carry out additional attacks if MGM refuses to deal with them.

While MGM’s several days of downtime may seem like a worst-case scenario, the hospitality giant’s predicament could have been much worse had they not detected signs of an intrusion and begun remediation quickly by taking systems offline.

“米高梅可能走在了游戏的前面,Jason Rebholz, chief information security officer (CISO) with Corvus Insurance, 告诉《美高美集团4688》. “Most companies aren’t even in the position to make that decision because they’re not detecting it. If they didn’t detect this, we’d be looking at something 10 to 20 times worse.”

MGM’s decision to take its systems offline allowed the company to recover in a more controlled environment, Rebholz说. Though a “drastic step,” it came in response to an “almost impossible situation.”

“胜算对攻击者有利. This is why cybersecurity is such a difficult game to play,雷勃霍尔兹说, 添加, “在任何安全事件中, 肯定会出问题的.”

也就是说, businesses – whether they are the size of MGM or a single storefront – can’t “throw up their hands” and assume all is lost when it comes to preventing cyber events.

“The biggest concern is that people will look at this and focus on the fact that their systems were down, 他们还是被感染了,他说.

加强防御

Rebholz urged organizations to bolster their cyber defenses as targeted attacks and more sophisticated phishing efforts appear. Organizations need to identify their most critical assets and defend them on a day-to-day basis, 他说.

“这是一场无休止的生存游戏，”Rebholz说. “You have to continue to train your staff and employees on the current threats. It all starts with the user seeing something that’s suspicious.”

保险行业, the rise in ransomware should prompt underwriters to redouble, 而不是放松, their efforts to promote good cyber hygiene for insureds.

“这将是一个影响深远的事件，”Rebholz说. “勒索软件的速度越来越快. When we start seeing the severity, we have to ask - are we requiring the right controls?”

较弱形式的MFA可以被绕过, necessitating multiple layers of security and verification, 他指出.

“纵深防御是关键. 你不能依赖于单一的控制. Assume at least one of these is going to fail,雷勃霍尔兹说. “Then you’re in a better position to prevent, mitigate or at a minimum respond to an event like this.”

The content of this Cyber Update should not be regarded as legal advice and not be relied upon as such. In relation to any particular problem which they may have, 读者应寻求具体建议. ©2023 Zywave, Inc. 版权所有.