Cybersecurity expert Jonathan Kerr (pictured) provided insight into the MGM hack, which left several slot machines unusable at Las Vegas casinos.
A ransomware cyberattack wreaked havoc at MGM Resorts International this week, shutting down several of the casino giant’s electronic systems. The Russian group ALPHV, which also recently received $30 million from Caesars Entertainment, was supposedly held responsible for the attack.
Unlike Caesars, MGM is standing its ground and rejecting the large ransom, but sources inside the company have claimed that the attack could continue for several weeks. To learn more about the current situation, Vegas slots news online Talk with Jonathan Kerr, cybersecurity expert at Lionfish Tech Advisors.
According to informed sources, the attack on MGM is a social engineering-based ransomware attack. Can you explain how this works?
Social engineering is the cybersecurity equivalent of a good old phishing trick. It’s basically convincing someone that you’re a friendly, knowledgeable assistant and then getting them to do something for you – this can be as simple as emailing them a list of credit card numbers or simply clicking on a link that downloads malware.
Do you think MGM will have to pay up in the end?
It is difficult to predict in these cases. Each organization and each casino has its own individual attitude towards risk.
The problem is the same as any other blackmailer – will they keep paying their money?
MGM will ask itself whether paying is less expensive than hiring expert consultants to try to solve the problem. Of course, they will also be well aware that criminal gangs are untrustworthy, so the problem is the same as any other racketeer – will they still pay their money?
What options does MGM have at this point?
MGM options are:
1 – Pay the ransom and hopefully the criminal gang are honest criminals and remove the ransomware.
2 – Trying to restore their computer systems with their own teams.
3 – Bring in outside experts to restore their computer systems.
4 – Call law enforcement such as the FBI. The FBI’s primary focus, of course, would be to investigate the crime and collect evidence, not necessarily the quick restoration of MGM’s services.
Do you know much about the ALPHV group that is supposedly responsible for the attack?
ALPHV operates BlackCat as a “ransomware-as-a-service” offering to other criminal gangs. They appear to have publicly claimed responsibility for this attack. The motive is not clear, but it is effective evidence of their abilities.
Reports indicate that Russia and North Korea are sponsoring some of these hacking groups to raise state funds. Is this likely the case here?
There is ample evidence to suggest that Russia provides a safe haven for criminal organizations and that North Korea has state-organized cyber espionage resources.
The “smash’n’grab” nature of this attack lends itself to a criminal gang
I believe the “smash’n’grab” nature of this attack lends itself to a criminal gang rather than state espionage, which tends to take a more covert approach in the long term – for example, hacking into banks (and gaming organizations) in developing countries in order to undermine trust In the international financial system.
The frequency of cyber attacks on American gaming companies is increasing. Can you tell us why?
In the words of Willie Sutton: “Because that’s where the money is.” US gaming companies have high liquidity and are considered targets by criminal gangs. This is nothing new, and this has been the case for as long as gaming companies and criminals have existed. What is new is that criminal gangs are moving into the cyber domain – again, because that is where the money is (or the path to it).
Is there anything these companies can do to better protect themselves?
definitely! And I’m sure the security engineers and leaders at MGM and other gaming companies are looking very carefully at their defenses. One of the most important facts to realize is that this is not a scenario in which cyber defenders are expected to repel all attacks. Experience shows that the role of the cybersecurity team is to ensure Business survival – Which means an approach like the following:
Protect -Build the best defenses one can. Anticipate attacks, build a threat model, and implement appropriate defensive controls.
reveal – Expecting an attacker with the skill and resources to have the time and luck to evade all protective controls, ensure your cybersecurity team can quickly detect and investigate unusual activity.
Respond – When an event is detected, implement a planned and rehearsed response process to isolate the attack, eliminate the impact, and restore normal business operations.
He learns – Conducting post-mortem investigations. Apply these lessons learned to implementing new protection and detection controls.
It is our nature as human beings to think that we have put up the best walls around our castle
Although this sounds simple in theory, many organizations fail to follow through after implementing security controls. It is our nature as human beings to think that we have put up the best walls around our castle, and that is enough. It is also important to note that we are not asking for heroic measures from cyber teams – in fact, heroic measures are self-defeating because they drain our scarce resources.
