45
votes
At MGM's hacked casinos in Las Vegas, evidence of the massive ransomware hack is everywhere, if you're looking for it
Link information
This data is scraped automatically and may be incorrect.
- Title
- I Gambled in MGM's Hacked Casinos
- Published
- Sep 18 2023
- Word count
- 2733 words
I wonder why MGM isn't paying. Generally you'd expect that to not pay the ransom means they feel they have viable backups or they can recover without the data that was encrypted (or possibly even decrypt the data in some cases). It is interesting just because of how the Vegas strip is designed, MGM's downtime is very beneficial towards the other hotels and casinos etc. as there's so much direct competition so close, you'd think there would be even more pressure on them to pay the ransom. Not that I encourage it because all it does is enable more ransomware crime to occur, but mostly just curious what their reasoning would be. It seems hard to believe the ransom would be so high that they would choose not to pay on that basis alone, if so the group responsible seriously missed the mark on that one.
It's possible that they believe that paying the ransom will only encourage more attacks. I think it might also be that MGM believes the government will help them out through some sort of "rubber-hose cryptanalysis".
To an extent that's more along the lines of tragedy of commons (though probably not specifically that, I'm not sure what the term would be that covers this). Individual businesses don't usually care about that unless it specifically affects them.
They'll have to pay to harden their systems after this regardless of whether they pay the ransom or not, and paying the ransom usually ends up being less costly than not paying the ransom. Dish Network likely paid a ransom earlier this year (according to BleepingComputers). If anything, perhaps they are/will be paying the ransom like DishNetwork did but are being more cautious about bringing everything back online before they find their weaknesses and correct them. Dish Network took something like over a month to come back online despite having reportedly paid the ransom, but it was never explained why it took so long.
It is worth noting that the gaming industry in Vegas is living in the late 80/90s in some sense.
It is a fight to get new tech and a lot of the tech that exists is using horribly outdated designs and methods (most CMS, POS, Inventory, and booking software).
That’s not to say that their it security wasn’t up to date, as they’re using new tech and practices, but the money at the top doesn’t believe in it or care. Probably more than any other industry making that much a year and that reliant on it.
I would not be shocked if there’s a group continuously explaining that “yes this is as fast as we bad go without paying the ransom “
I have not looked into it too much myself but I’ve also heard that the hackers compromised their Okta server and so they took that offline but that they didn’t get much else.
The outages are because everything was tied in so heavily and they’re still working around and repointing things. If true it might make sense in that most of their systems are there and operational once they work around it, but I’m skeptical of this just due to the size of the outage and how long it’s taking.
If they were really that reliant on Okta in that manner, well that’s going to be a new one for the text books in system designs and single points of failure
My company uses Okta and if you have access to that dashboard there are 1-click-login tiles to all of the disparate services we use. It's like a roadmap of our internal infrastructure. I could definitely see that being a high-value target because it's the front door to everything else.
The funny thing is, I rarely even use that dashboard since I have the services I need access to bookmarked. Authentication still goes through Okta, but if the dashboard disappeared one day I wouldn't even miss it.
Again, massive grain of salt with all of this, as i've just spoken to a few people who I only trust so much on complex issues such as this:
Well my understanding is that Okta is completely offline, so it can't be used to authenticate anything, and that's the big issue.
Nothing was crypto locked, but they had to take the Okta server completely offline to prevent more damage. So they don't want to pay the ransom since they technically have all their systems in working order, but their sole source of authentication is offline and apparently it's a huge issue.
archive link
I think the real lesson here is that more people should have watched Battlestar Galactica