MGM Resorts International, one of the world’s largest casino operators, is currently investigating a major hack that has left the company vulnerable. The breach came to light when stolen credentials belonging to MGM employees surfaced on an underground forum. Cybercriminals behind a Telegram channel called Spider Logs were found to be selling a data set containing the credentials of a mid-level IT engineer at MGM. Additionally, 95 other employees from MGM and some from rival company Caesars Entertainment had their login details stolen and resold.
The stolen credentials of IT employees are particularly concerning as they could potentially grant access to the internal networks of both companies. While it is yet to be confirmed whether the hackers gained access through the stolen credentials, this incident highlights the ongoing risks faced by large corporations like MGM when it comes to cybersecurity.
Andrew Martin, CEO at Dynarisk, a cybersecurity company based in London, emphasized that MGM and Caesars Entertainment had the necessary resources to protect their data and customers, suggesting that the breach could have been prevented if proper monitoring and swift action had been taken.
Analysis by Dynarisk suggests that the stolen usernames and passwords were likely obtained from a computer infected with a malware called Redline. This malware hides behind pirated versions of video games or other software. Redline not only steals login credentials but also captures freshly stolen cookies, which are small pieces of data used by browsers to remember users, eliminating the need to repeatedly enter login information.
A self-proclaimed member of a hacking group known as Scattered Spider claimed responsibility for the MGM breach and even stated that they attempted to tamper with the casino resort’s slot machines. Scattered Spider is believed to have carried out over 100 attacks on major US corporations and is considered a significant threat to Western companies. The group mainly consists of English-speaking hackers from the US and Europe, and their modus operandi often includes social media reconnaissance to impersonate targeted employees in phone calls to company help desks in order to obtain fresh passwords.
The compromised passwords and logins in this breach targeted a system called Okta, provided by San Francisco-based identity management company Okta. Okta’s software is widely utilized by numerous businesses to authenticate employees’ identities before granting access to internal company websites. A dark web page affiliated with a group associated with Scattered Spider claimed that MGM made the hasty decision to shut down each and every one of their Okta servers after learning we had been lurking on their Okta servers. Okta, currently valued at $13.6 billion, has not yet responded to requests for comment regarding the incident.
Other data sets analyzed by Dynarisk indicate that employees from over 500 other companies, including prominent names such as Wells Fargo, WPP, Experian, Diageo, Wayfair, Epic Games, and Adobe, have had their credentials compromised, suggesting a wider and ongoing risk faced by various organizations.
As investigations continue into this major hack, it serves as a stark reminder that even large and profitable companies must remain vigilant in their cybersecurity efforts. With the threat landscape constantly evolving, organizations need to invest in robust security measures, proactively monitor for stolen credentials, and swiftly respond to potential breaches to protect their networks, data, and customers.