Cyber Attack! How Hackers Broke Into MGM Resorts

The online attack that disrupted MGM Resorts International resorts and casinos across the country began with a social engineering breach of the company’s information technology help desk.

| Updated on: Sep 17 2023, 17:15 IST
SBI online fraud warning! Top 5 action points to avoid cybercrime
Cyber crime
1/5 Unified Payments Interface (UPI) based apps like Google Pay, Paytm, PhonePe, among others are being used by people to make online payments, recharges, among others. With this in mind, here we list a number of online payment tips that you need to keep in mind to stay protected from frauds. (Saumya Khandelwal/HT PHOTO)
Cyber crime
2/5 Falling prey to digital frauds can cause huge financial losses. Recently the State Bank of India (SBI) has revealed certain measures to its customers which can be used to avoid online frauds. SBI has said that people need to enter UPI PIN only while making online payment. (Reuters)
Cyber crime
3/5 UPI PIN is required only for transfer of money and not for receiving. Always verify the mobile number, name and UPI ID before sending any money. (Pixabay)
Cyber crime
4/5 Never share UPI PIN with anyone. The scanner should preferably be used for fund transfer. (Bloomberg)
Cyber crime
5/5 Do not seek resolution from other than official sources. Use App's help section for any payment or technical issue and in case of any discrepancy seek resolution through Bank's Complaint Resolution portal. (Mint/HT)
Cyber crime
View all Images
The FBI said in a statement provided to Bloomberg News that it is investigating both the Caesars and MGM incidents. (Pixabay)

The online attack that disrupted MGM Resorts International resorts and casinos across the country began with a social engineering breach of the company's information technology help desk, according to a cybersecurity executive familiar with the investigation.

David Bradbury, chief security officer at the identity and access management company Okta, said his company issued a threat advisory in August about similar attacks against some of its customers, in which hackers used a low-tech social engineering tactics to gain entry and then more advanced methods that allow them to impersonate users on the networks.

Okta's advisory warned that hackers were tricking IT service desk staff into resetting multifactor authentication settings enrolled by “highly privileged users.”

At that time, Bradbury said his staff wasn't sure who was behind the attacks. But in the weeks since then, he said “all signs are pointing” to a group known as Scattered Spider, the same outfit suspected of hacking MGM and Caesars Entertainment Inc. in recent weeks. Okta has been assisting MGM, a customer, in its response to the attack, he said. Okta also counts Caesars as a client.

Brian Ahern, spokesperson for MGM resorts, declined to comment about specifics of the attack. Ahern said the company has been working with FBI and the US Cybersecurity and Infrastructure Security Agency since the breach, he said.

The FBI said in a statement provided to Bloomberg News that it is investigating both the Caesars and MGM incidents.

A former MGM employee who was familiar with the company's cybersecurity policies pointed to the help desk as vulnerable to attack. The person said that to obtain a password reset, employees would only have to disclose basic information about themselves – their name, employee identification number and date of birth – details that would be trivial to obtain for a criminal hacking gang. The employee, who requested anonymity to discuss sensitive matters, said details were too easy to obtain and were the root cause of what “caught MGM up here.”

Ahern declined to comment on the former employee's allegations.

Caesars said in a regulatory filing that it identified suspicious activity in its network “resulting from a social engineering attack on an outsourced IT support vendor used by the company.” The attack on Caesars occurred in recent weeks, and the hackers broke into the company's systems and threatened to release data, according to two people familiar with the matter. Caesars paid the attackers tens of millions of dollars, the people said. “We have taken steps to ensure that the stolen data is deleted by the unauthorized actor, although we cannot guarantee this result,” Caesars said in the filing.

Scattered Spider, also known as UNC3944, are known for its social engineering skills. Members of the group are based in the US and UK and some are as young as 19 years old, according to four cybersecurity experts familiar with the group.

They also sometimes work with a ransomware gang known as ALPHV, which is believed to be Russia-based, according to cybersecurity experts.

Read More: Lina Khan Got Stuck in the Fallout of the MGM Hack in Las Vegas

In a statement posted on the group's dark web page on Thursday, ALPHV claimed credit for the attack and called reporting that teenagers from the US and UK were involved in the breach rumors. The group also said MGM's attempts to evict them from Okta system didn't go according to its plans.

Bradbury, from Okta, said he wanted to get the word out about the hackers and their techniques so customers can bolster their cyber defenses. He described the hackers as highly skilled in identity technology, “so we can expect that they will make more and more attacks going forward.”


Follow HT Tech for the latest tech news and reviews , also keep up with us on Twitter, Facebook, Google News, and Instagram. For our latest videos, subscribe to our YouTube channel.

First Published Date: 17 Sep, 14:51 IST
keep up with tech