[Security News] MGM Resorts Faces IT Shutdown From ALPHV Ransomware Attack

mgm resorts ransomware

September 2023


1. MGM Resorts faces class action after IT shutdown from ALPHV ransomware attack

MGM Resorts International, a multi-billion-dollar hotel and casino chain, experienced a major IT shutdown for ten days after suffering a ransomware attack on September 8. The attack took down the chain’s website and impacted the operations of multiple hotels and casinos, disabling electronic door locks, Wi-Fi, ATMs, card payment terminals, and slot machines.

The ALPHV (BlackCat) ransomware gang claimed that one of its affiliates had infiltrated MGM’s internal network and encrypted more than 100 ESXi hypervisors. The personally identifiable information (PII) of customers was also compromised. The attackers gained persistence in the network despite the disconnection of affected systems, threatening further attacks if ransom demands were not met. 

It was later discovered that the attackers obtained initial entry to the network by impersonating an IT admin and gaining login credentials over a phone call. This led to a class-action lawsuit against the company on September 22 for the failure to maintain adequate security measures to protect customer data.

This attack is seen by many cybersecurity professionals as one of the most severe attacks in history against a hospitality company. Given that casinos have some of the most well-protected systems in the world, the attack raised concerns about the safety of personal data. 

To strengthen data protection, enterprises must adopt database encryption to ensure that personal data are safely encrypted in storage. To learn more about Penta Security’s database encryption solution, see D’Amo.

Sources: Infosecurity, Courthouse News Service


2. Iranian state-sponsored hacker group password-sprays thousands of organizations

Peach Sandstorm (APT33), an Iranian state-affiliated hacker group, was found to have been conducting a months-long password-spraying campaign against thousands of organizations in the satellite, defence, and pharmaceutical sectors, Microsoft Threat Intelligence stated in a blog post.

A password spraying attack is when an attacker uses common passwords such as “password” and “123456” to access accounts in a single domain. Once initial intrusion is made, Peach Sandstorm uses a range of tools and exploits vulnerabilities to gain persistence and move laterally within a system. Two of the vulnerabilities exploited were the remote code execution (RCE) vulnerability affecting Zoho ManageEngine (CVE-2022-47966), and the RCE vulnerability in Atlassian’s Confluence (CVE-2022-26134).

The campaign began in February 2023. Microsoft said the campaign was likely initiated to gain initial access for further espionage activities in support of state interests.

To prevent password spraying attacks, organizations must not only implement strong passwords but also set up multi-factor authentication (MFA).

Sources: Microsoft Threat Intelligence, SC Media


3. International Criminal Court suffers cyberattack leading to system shutdown

The International Criminal Court (ICC) disclosed a cyberattack on September 19 after discovering that its internal network had been compromised. Employees lost access to email and corporate systems, while lawyers, defendants, and judges could not access the ICC’s systems from outside its network.

The ICC is currently investigating the case with security authorities in the Netherlands, its host country. It did not reveal what kind of cyberattack it was, or if any personal information was compromised. However, sources from local news media NOS reported that sensitive documents were exposed.

The attack against ICC is concerning as the organization possesses sensitive data on witnesses and undisclosed evidence. The ICC is currently investigating thousands of crimes from 17 countries, with 31 confirmed cases in progress.

Sources: Bleeping Computer, Dutch News, NOS


Check out Penta Security’s product lines:

Web Application Firewall: WAPPLES

Database Encryption: D’Amo

Identity and Access Management: iSIGN+ 

Car, Energy, Factory, City Solutions: Penta IoT Security