Don’t Be Offended

During my two weeks on the road, I had the opportunity to read the Wall Street Journal (WSJ) from the hotel lobby. It had an excellent article about the MGM Hack, how it started, and the timeline as events unfolded. The whole thing started late on a Friday night, and according to the article, the following Thursday they were able to bring some ‘normalcy’ to their guests, followed by more weeks of Tech Teamwork in the background.

There are a few really good lessons for small business owners—you and me. There’s also some interesting background about what’s happening and who is engaged in this criminal behavior, so let’s dig in.

How did it start? A person called the Tech Support department and said they had forgotten their password and were locked out. The caller provided some personal information, which was correct, so the password was changed. Next, the REAL employee called to say they just received a notice that their password was changed—but it was too late. The hackers were in!

I’m going to pause here for a moment. The WSJ went on to say that this hacker group targeted a ‘widely overlooked weakness in technology—the tech support systems that help people get into their online accounts when they’re locked out.’ We agree! We are constantly balancing how to meet your team’s requests so they can get back to work while being vigilant to keep you secure. When someone calls and asks us to change their password, and we follow up with our primary contact person or take other steps to confirm who we’re talking to and if this is OK (maybe they are no longer with you!), please know that we are protecting you!

Who are these hackers? I think the WSJ sums it up nicely—’They’re video gamers and braggarts and con artists and criminals.’ Turns out most are from English-speaking countries such as the US and the UK. Historically, hackers seemed to be focused on showing off, but this new generation seems to be motivated by status and money; and they’re ruthless! In addition to corporate extortion, they target teenagers with sextortion schemes; masquerade as FBI agents; have stolen source code to video games; and more.

How did they get enough personal info to impersonate the employee? Some sources are other data breaches which put sensitive info out for sale on the Dark Web; Facebook accounts; True People Search (Syscon U, Oct 2023 issue); and online profiles such as LinkedIn, to name a few. We highly recommend our Dark Web monitoring software which monitors the Dark Web for anything associated with your domain name. No matter how careful YOU are with your info, other businesses and friends may have exposed information about you or been compromised and had it stolen. Then there’s social engineering, where users are tricked by fake websites (that look VERY ‘good’), or to download malicious software.

Back to our timeline: By now, MGM had shut down its systems, its email, checked in guests with pen-and-paper, walked around with cash to help stranded slot players, and provided cocktails for those in long lines. All of this started late on a Friday. Early Tuesday morning, the criminals made their request; $30 million dollars! And MGM was silent…

In the end, MGM chose to spend a LOT of money to rebuild their systems and servers (which were already down) rather than pay the extortion demand. Some of this expense they hope to recover through their cyber insurance. According to a negotiator group, the average ransom is nearly $569,000!

To wrap up: Be sure to have MFA enforced for your teams. Help us keep you safe when password changes are requested (and stop sharing them!). Be sure you have truthfully completed your Cybersecurity Insurance questionnaire and be sure your coverage is in place, AND that you follow the requirements of the policy. Continue reminding your team about Social Engineering trickery (we have articles, blogs, videos, and our Special Edition newsletter that you can share). Reconsider how much personal data you provide on social media sites. If you don’t already have this with us, consider our Dark Web monitoring tool. Stay safe! – CMW