The online attack that disrupted MGM Resorts International resorts and casinos across the country began with a social engineering breach of the company's information technology help desk, according to a cybersecurity executive familiar with the investigation.
David Bradbury, chief security officer at the identity and access management company Okta, said his company issued a threat advisory in August about similar attacks against some of its customers, in which hackers used a low-tech social engineering tactics to gain entry and then more advanced methods that allow them to impersonate users on the networks.
Okta's advisory warned that hackers were tricking IT service desk staff into resetting multifactor authentication settings enrolled by “highly privileged users.”
At that time, Bradbury said his staff wasn't sure who was behind the attacks. But in the weeks since then, he said “all signs are pointing” to a group known as Scattered Spider, the same outfit suspected of hacking MGM and Caesars Entertainment Inc. in recent weeks. Okta has been assisting MGM, a customer, in its response to the attack, he said. Okta also counts Caesars as a client.
Brian Ahern, spokesperson for MGM resorts, declined to comment about specifics of the attack. Ahern said the company has been working with FBI and the US Cybersecurity and Infrastructure Security Agency since the breach, he said.
The FBI said in a statement provided to Bloomberg News that it is investigating both the Caesars and MGM incidents.
A former MGM employee who was familiar with the company's cybersecurity policies pointed to the help desk as vulnerable to attack. The person said that to obtain a password reset, employees would only have to disclose basic information about
Read more on tech.hindustantimes.com