Comprehensive Security Audits

In today’s digital age, cyber threats loom large, and even industry stalwarts like MGM Resorts can find themselves under siege. The recent cyberattacks on MGM Resorts serve as a stark reminder of the vulnerabilities that exist and the importance of robust cybersecurity measures.

The Initial Attack
The cyber onslaught on MGM Resorts began subtly but had far-reaching consequences. As detailed by Gizmodo, the notorious ransomware group ALPHV, also known as BlackCat, employed a tactic that many would consider benign: a phone call. Leveraging information from LinkedIn, they identified an MGM employee and initiated a 10-minute conversation with the company’s Help Desk. This was not a routine call. The hackers used sophisticated social engineering techniques, manipulating the employee into providing critical access information.

This breach was not just a technical failure; it was a human one. It underscores the importance of training employees to recognize and resist manipulative tactics. At nGuard, we understand this all too well. Our social engineering simulations are designed to help businesses train their staff to identify and counteract these tactics, ensuring that they don’t become the weak link in the security chain.

The Aftermath and Resolution
The ramifications of the breach were immediate and severe. As reported by Fox Business, MGM Resorts faced daily losses of approximately $8.4 million. For ten agonizing days, a wide array of MGM’s systems, from hotel reservations to credit card processing, were in disarray. The total estimated financial impact reached a staggering $80 million.

But the financial losses were just the tip of the iceberg. The breach affected MGM’s reputation, customer trust, and operational integrity. Systems across its Aria, Bellagio, and MGM Grand locations were compromised, impacting corporate emails, restaurant reservations, hotel bookings, and even digital key card access. Even after the company announced a return to normalcy, several users reported issues with MGM’s mobile app, indicating lingering challenges.

Furthermore, as highlighted by Business Insider, MGM wasn’t the sole target. Rival casino Caesars Entertainment also disclosed a cyberattack, emphasizing the industry-wide risk.

In such dire situations, having a robust incident response strategy is paramount. nGuard’s incident response services ensure that businesses are equipped to handle such crises, minimizing damage and expediting recovery. Additionally, nGuard emphasizes the importance of security awareness training, empowering employees with the knowledge and skills to prevent potential threats and breaches.

To further bolster defenses, continuous monitoring is essential. nGuard’s managed event collection provides businesses with real-time surveillance, ensuring threats are identified and neutralized promptly.

Conclusion
The MGM Resorts cyberattack is a testament to the multifaceted nature of cyber threats. While technology plays a pivotal role, human factors are equally consequential. Comprehensive training, proactive monitoring, and partnering with cybersecurity experts like nGuard can help businesses fortify their defenses and navigate the challenging cyber landscape with confidence.

In recent months, the financial services industry has been rocked by a series of high-profile data breaches, exposing millions of customers’ personal information, and leading to legal actions against major institutions. This latest wave of cyberattacks highlights the evolving threat landscape and need for organizations to safeguard their data and solidify their assets. This Security Advisory highlights the ongoing fallout caused by the MOVEit breach, initially reported by nGuard in July.

Impact of the Breach
In May, the MOVEit attack campaign led by Cl0p began disclosing sensitive data from more than 600 worldwide organizations including financial firms, universities, the U.S. federal government, and public retirement systems. To date, the breaches have affected approximately 50 million customers who had their Social Security numbers, financial account information, and other sensitive data stolen by hackers. Since then, MOVEit has released several CVEs with multiple remediation updates to assist their clients in fortifying their file transfer environment. The long-term effects of this incident are still unknown but with the continuous rise of exposed customers and lawsuits, the total cost is currently estimated at nearly $10 billion USD.

Response from Affected Institutions
At the time of the hacking campaign, nearly 31% of the hosts running at-risk MOVEit servers were tied to financial organizations. Several of these institutions, including Charles Schwab, TD Ameritrade, Genworth Financial, Prudential, and TIAA, have faced lawsuits in the wake of these data breaches. The lawsuits allege negligence, unjust enrichment, and breach of implied contract on the part of these institutions.

Most of the financial institutions have responded by emphasizing their commitment to protecting their clients and conducting thorough investigations into the incidents. In response to a class action lawsuit, Prudential has offered free credit monitoring in attempts to help customers feel protected against future threats.

TIAA, which partnered with vendor Pension Benefit Information (PBI) Research Services for data transfer, is facing allegations of failing to secure personally identifiable information (PII) of teachers, staff, and students. The lawsuit aims to highlight vulnerabilities in the MOVEit software and criticized the delayed disclosure of the breach. PBI, although offering identity theft protection, also faced severe criticism for its handling of the situation.

Protecting Infrastructure and Customers
Widespread attacks like the MOVEit breach cannot be overstated. They serve as a wake-up call for all industries and individuals to take a multifaceted approach to enhance their cybersecurity footprint. nGuard has over 20 years of experience helping high-target organizations within the Finance, Healthcare, and Transportation industries and recommends the following proactive security practices to provide peace of mind:  

1. Comprehensive Security Audits: Conduct regular security audits to identify vulnerabilities in software and data transfer systems. These audits should include assessments of cloud infrastructure and third-party vendors’ security practices.
2. Penetration Testing: Assess the effectiveness of security controls by identifying vulnerabilities and detailed defense strategies with current patches and remediations.
3. Data Encryption: Ensure that sensitive data is encrypted both in transit and at rest. Strong encryption protocols should be in place to protect customer information from unauthorized access.
4. Incident Response: Develop and test robust incident response plans to ensure swift and effective actions in the event of a breach. This includes timely and transparent communication with affected parties and adherence to specific requirements and security standards. Additionally, having an Incident Response vendor on retainer ensures faster response times, tailored to the distinct operations and needs of your organization.
5. Employee Training: Continuously educate employees about cybersecurity risks and best practices through Security Awareness Training. Equip your team with clear policies and skills to recognize, report, and respond to red flags through Tabletop Exercises or social engineering engagements.
6. Log Collection and Correlation: Maintain detailed logs and conduct analysis to proactively detect suspicious activity in your environment. This invaluable tool enhances your security stance by analyzing and correlating event data and sending alerts of suspicious activity.
7. Vulnerability Management: Secure your environment by proactively managing risks and promoting continuous improvement in processes and practices with nGuard’s Vulnerability Management. Whether your focus is on remediation validation, PCI compliance, or possible exploits, rest assured that nGuard’s Vulnerability Management services are ahead of the curve.
8. Framework Alignment: Establish a systematic procedure for assessing service providers responsible for safeguarding sensitive data or managing your organization’s vital IT platforms and processes. This exercise aims to verify that these providers are effectively securing both the platforms and the data they handle. Strategic Security Assessments guide teams in designing the definitive policies and procedures around clear frameworks for cybersecurity compliance and best practice.

 
The MOVEit compromise highlights the critical need for assertive cybersecurity measures. To ensure strong posture it is essential to take proactive action to secure systems, conduct comprehensive audits, and prioritize the protection of customer data. By implementing robust cybersecurity practices, institutions can not only protect their clients but also safeguard their reputation and financial stability.