CCA Vendor News

Cybersecurity attack on MGM may have begun with a ten-minute phone call: How it happened, Special Mutare Podcast

September 22, 2023

Cybersecurity attacks, It’s always the humans, It’s always the people.

“The catalyst for all this was a voice, call,” says Chuck French of Mutare. “It was a phone call from someone into the IT department, that allowed the bad actors to put their software in, to take control of MGM.” Recorded on the tenth day of the attack on MGM, this podcast explores how one of the best prepared organizations, experienced a widespread cyberattack that impacted the casino giant at multiple properties, disabled online reservations, use of parts of the company’s app, electronic access to rooms and even impacted machines on the casino floor.

As of September 20, Reuters was reporting that MGM had recovered operations, but as of the evening of September 21, the website was still directing guests to call an 800 number for reservations.

French outlines the level of sophistication that these attackers have: initial access brokers who sell access, another group harvests the information, quietly infiltrating the organization, moving laterally, allowing their invasive software to become part of the backup and so on. After the silent invasion has already occurred comes the actual attack. The attack begins with a ransom message. In this case, very possibly, a decision to decline that ransom payment, or possibly ignoring the stated threat, comes the visible attack. “These are large, large organizations. The have HR. They have health care plans,” French notes, speaking about the corporate-like nature of the bad actors.

“It’s always humans,” notes French on the social engineering part of the attack. Voice, the one part of any IT operation that involves human to human communication, introduces a soft target, where human judgement, and misjudgment, can be exploited. Research, creating a sense of urgency, the bad actors know how to push the buttons n people who might make a security mistake.

French outlines a plan people can perform immediately to get on a safer footing.

French outlines ideas on how to step-up security and how Mutare can help companies. Mutare offers deep resources and research materials for people who want to go deeper on this topic. The Mutare Voice Traffic Filter (VTF) is enterprise-class software built to provide multiple layers of protection against unwanted traffic. VTF creates a barrier at the network edge, ensuring that malicious and nefarious traffic does not gain access to your network.



Back to all news