Home
Story
Casinos returning to normal, post-ransomware.
Casinos returning to normal, post-ransomware.
N2K logoSep 21, 2023

MGM Resorts tells guests that things are returning to normal.

Casinos returning to normal, post-ransomware.

Finally, MGM Resorts says that it’s returned operations to normal after the ransomware that’s troubled it for more than a week. At least, operations seem to be more-or-less normal from the customers’ perspective. 

Casinos are "operating normally."

The casino operator posted a message on its site late yesterday: “We are pleased that all of our hotels and casinos are operating normally. Our amazing employees are ready to help guests with any intermittent issues. We thank you for your patience and look forward to welcoming you soon.”

A gateway to an identity management system.

Yaron Kassner, Co-founder and CTO of Silverfort, finds the method the criminals used to obtain access significant. “What’s interesting about this attack is that while hackers had access to Active Directory (AD) hashes, they didn’t have access to the passwords," Kassner wrote in emailed comments. "Attackers used Active Directory to pivot to Okta and managed to steal plaintext passwords. Essentially, Active Directory served as a gateway point to Okta. This highlights the need for organizations to identify and address weaknesses & misconfigurations in their identity infrastructure. Many organizations connect Active Directory to Okta, but often overlook securing this connection, providing attackers with an opportunity to exploit these weaknesses.”

(Added, 3:45 PM ET, September 25th, 2023.) Again, the initial access wasn't technically exotic. “MGM and Caesars casinos went down recently due to ransomware attacks," wrote Lou Steinberg, founder of CTM Insights. "What's important to know is that the group believed to have done this very likely didn't break through firewalls and overcome complex technical defenses. They use email to trick employees into granting them access. Fake emails aren't just used for ransomware, they are often the source of fraudulent invoices and impersonation of company executives to request wire transfers for non-existent business deals. For all the money spent on cyber controls, the weak link is sometimes sitting in front of a keyboard. You need technical controls and an alert staff to be safe.”