Episode 226
The MGM Ransomware Attack + How it Can Impact Online Fraud
Fraudology is presented by Sardine.
In this episode of Fraudology, host Karisse Hendrick delves into the world of cybersecurity, the evolving tactics of hackers, and why it's important for online fraud professionals to pay attention to data breach news & trends.
Because online fraud is often the preferred method of monetizing from cyber attacks, it's important to understand the supply chain of information that could be available to cybercriminals soon.
In light of the recent security breach at MGM (at least all US locations) & Caesar's Entertainment in Las Vegas, Karisse shares some of the research she's done to better understand what happened, and how a similar attack can be prevented. From the vulnerabilities & threats of social engineering to entering through the 3rd party system used for account & identity verification & sign-on flow, to ultimately encrypting all data in their Active Directory. -These steps are relatively simple for some groups, so it's imperative that fraud & cyber teams work together to "patch" vulnerabilities within their org.
Also discussed: Ways to use these headlines as a catalyst to communicate threats to leadership and suggest social engineering training & enhanced verification processes. Should the data being held captive be released, the types of fraud vectors different companies should expect, and how to look at the types of data exposed via data breaches to determine which fraud methods your company or financial institutions may rely on.
Several articles were referenced for this episode. Including:
https://www-dailymail-co-uk.cdn.ampproject.org/c/s/www.dailymail.co.uk/news/article-12505921/amp/MGM-Resorts-Las-Vegas-cyber-attack.html
https://techcrunch.com/2023/09/14/mgm-cyberattack-outage-scattered-spider/
https://www.reuters.com/business/casino-giant-caesars-confirms-data-breach-2023-09-14/
https://www.darkreading.com/application-security/okta-flaw-involved-mgm-resorts-breach-attackers-claim
https://arstechnica.com/security/2023/09/a-phone-call-to-helpdesk-was-likely-all-it-took-to-hack-mgm/
https://www.vox.com/technology/2023/9/15/23875113/mgm-hack-casino-vishing-cybersecurity-ransomware
https://www.trellix.com/en-us/about/newsroom/stories/research/scattered-spider-the-modus-operandi.html
Fraudology is hosted by Karisse Hendrick, a fraud fighter with decades of experience advising hundreds of the biggest ecommerce companies in the world on fraud, chargebacks, and other forms of abuse impacting a company's bottom line.
Connect with her on LinkedIn
She brings her experience, expertise, and extensive network of experts to this podcast semi weekly, on Tuesdays and Thursdays.
Mentioned in this episode:
2023-q4-postroll sardine 1