Netragard is trusted by leading brands and featured in major publications for a reason: decades of hands-on experience and advanced research drive every engagement, uncovering risks that scanners and AI miss. Each assessment delivers detailed, prioritized findings and practical, tailored guidance enabling clients to improve real-world security where it matters most. Organizations trust Netragard’s expert team to help them face emerging threats with confidence while meeting compliance requirements along the way.

Table of Contents

Preventing Damages from Hacks Like the MGM Cyberattack of September 2023

MGM-Cyberattack

In September 2023, MGM Resorts suffered a cyberattack. Two different groups have claimed responsibility for the attack, one of which stole an estimated 6 TB of data from the casino company, causing it to shut down its own systems for multiple days as it performed incident response operations. With penetration testing and other prevention methods in place, the MGM Cyberattack could have been prevented.

How the MGM Cyberattack Occurred

The story behind the MGM hack is still unclear. Two different narratives have emerged based on information from different news outlets and the alleged hackers. Some articles blame social engineering, while others claim the attackers exploited vulnerabilities in MGM’s systems.

The Social Engineering Theory

In an article by TechCrunch, one group of hackers taking claim for the attack, a group known as Scattered Spider, claim the MGM hack was made possible by social engineering. The hacking group started by researching the company on LinkedIn and identified the profile of an MGM employee. They then called the company’s IT help desk masquerading as the employee. By tricking the IT help desk personnel into assisting the hackers, they were able to gain access to MGM’s systems.

With access to a legitimate employee account, the attackers had the ability to move through MGM’s systems. This allegedly enabled them to steal the estimated 6 TB of data and could have permitted the attackers to plant ransomware or other malware on the casino company’s systems.

The Exploiting Vulnerabilities Theory

Later, another group hackers, identified as ALPHV, made a statement that they performed the attack by exploiting unpatched vulnerabilities in the Okta Agent. Okta is a security identity cloud that says on its website it links all your apps, logins and devices into a unified digital fabric. These vulnerabilities granted the attacker Super Administrator privileges in the casino’s Okta agent and Global Administrator privileges in its Okta tenant.

With this access, the cybercrime group was able to sniff passwords in Okta Agent servers and gain access to data. Once they identified the intrusion, MGM shut down all of its systems, causing slot machines and other systems to go offline in its resorts. The initial attack occurred on Friday, 9/9, the shutdown occurred on Sunday, 9/11, and the cybercrime group launched ransomware on Monday, 9/12, after failing to get in contact with MGM Resorts.

Preventing Damages from the MGM Hack

Regardless of the attack method used, the MGM hack had a significant impact on the company. A multi-day shutdown negatively affected the guest experience, the cybercrime group stole extensive data, deployed ransomware, and mocked the company’s incident response efforts. The attack is sure to have cost MGM a significant amount of revenue, in addition to fees to fix the company’s system and waive fees for guests negatively affected by the experience.

In addition to being expensive, this incident might have been preventable had MGM had a better understanding of its existing paths to compromise. Whether a successful social engineering attack or exploitation of poor patch management processes, the MGM Resorts hack indicated a lack of security best practices. The vulnerabilities exposed by this attack are the types of vulnerabilities that a penetration test would uncover.

Enhancing Security with Netragard

Netragrard has extensive experience performing security assessments for casinos and other organizations. Vulnerability scanning and social engineering assessments — fundamental components of a penetration test could have highlighted the security gaps exploited by the attack and put MGM on the path to enhanced security.

Netragard specializes in identifying security gaps that cybercriminals are most likely to exploit. To learn more about protecting your organization against hacks, contact Netragard today.

Adriel Desautels

Adriel Desautel Profile Picture
Founder & Chief Executive Officer
Divider

Adriel is a recognized leader in the information security industry with over 20 years of professional experience. In 1998, he founded Secure Network Operations, Inc., home to the renowned SNOsoft Research Team, which helped shape today’s best practices for responsible vulnerability disclosure. Adriel pioneered the zeroday Exploit Acquisition Program (EAP), later integrated into Netragard, and has served as an expert witness in US Federal court.

In 2006, Adriel founded Netragard to deliver high-quality, realistic threat penetration testing, now known as Red Teaming, and has since expanded its offerings to include mobile application security, source code reviews, web application assessments, and more. As the primary architect behind Netragard’s innovative services, Adriel continues to push the boundaries of research-based cybersecurity.

Frequently sought as a subject matter expert, Adriel has been featured by Forbes, The Economist, Bloomberg, Ars Technica, Gizmodo, The Register, and has appeared in documentaries and authoritative books such as “Unauthorized Access” and “This Is How They Tell Me the World Ends.” He is also a seasoned public speaker, presenting at leading conferences like Blackhat USA, InfoSec World, BSides, and the NAW Billion Dollar CIO Roundtable.