Overview: In September 2023, a hacking group known as “Scattered Spider” conduct

Overview: In September 2023, a hacking group known as “Scattered Spider” conducted a ransomware attack against MGM Resorts International, a multi-billion-dollar gaming company based in Las Vegas. While Scattered Spider is reportedly made up of English-speaking teenagers, the group was able to cause widespread impact, reportedly costing MGM over $100 million.
Sequence of Events:
Scattered Spider used a social engineering attack, likely by creating a typosquatting domain impersonating an MGM login page, to capture employee credentials and a One-Time-Password (OTP).
Using these captured credentials and OTP, Scattered Spider logged into the MGM network using the legitimate credentials stolen from an employee.
The threat actor then performed reconnaissance inside the network to identify where the most valuable data was stored, after which they deployed ransomware locking out the systems until a ransom was paid.
While it is unclear whether MGM paid a ransom, it is estimated that the total cost of the incident will exceed $100 million.
Impact: In the short term, MGM lost all access to its computer systems, shutting down its Las Vegas gaming operations and even locking guests out of their rooms on resort property. In the long term, the reputational damage and costs associated with rebuilding parts of the network and remediating the security issues is expected to cost over $100 million.
Response and Aftermath: MGM reportedly responded to the attack by shutting down all its servers. This likely means that the company had to completely wipe and rebuild a portion of its servers before bringing them back online to eradicate the ransomware. The other alternative would be to pay the ransom, although it is not known what action MGM took.
Links to Additional Reading: Please see below for links to additional reading that may assist you as you prepare to answer the questions below:
https://www.nbcnews.com/tech/security/mgm-las-vegas-hackers-scattered-spider-rcna105238
https://www.reuters.com/technology/moodys-says-breach-mgm-is-credit-negative-disruption-lingers-2023-09-13/
https://www.cnn.com/2023/10/05/business/mgm-100-million-hit-data-breach/index.html
https://www.csoonline.com/article/652575/hackers-behind-mgm-cyberattack-thrash-the-casinos-incident-response.html
Questions to Answer in Case Study:
How do threat actors like Scattered Spider typically gain access to large networks like MGM?
What are the pros and cons of paying a ransom versus refusing to pay?
What improvements should MGM make to prevent future incidents, and how can similar organizations strengthen their defenses so as not to be impacted like MGM was?