September 2023 News & Tips | MGM & Caesars Ransomware Attacks

View this email in your browser
Welcome back to the TCE Strategy monthly technology and cybersecurity newsletter! The mission of this publication is to cut through the clutter of cybersecurity news stories and provide you with the most important, relevant and actionable cybersecurity information.

If this newsletter adds value, fantastic! That is the goal. Please forward it on to friends/colleagues. If not, no hard feelings. Please look to the bottom for an easy to click "unsubscribe" button.
In this issue:
Month's News in Review
Upcoming Speaking Events
TCE Strategy in the News
Must Read Articles This Month
Cybersecurity Tip of the Month
Enjoy this month's newsletter? You can use this link to post on social media or send to friends! Thanks for sharing!
This Month's News in Review
MGM and Caesars took a gamble … and lost.

I’m not a big gambler, but I’ve been known to step foot inside a casino every now and then. Normally, this is a losing proposition: someone is paying for all of those expensive slot machines, and the staff, and the building, and the parking, and the electric bill. And in spite of so many expenses, there is still a profit to be made for the company. The “someone” is most of the people that choose to gamble. While I’ve only tried gambling in a casino a handful of times, I’ve lost more than I’ve won, and that is to be expected. It’s all about risk and probability. You probably but not definitely will lose when playing games in a casino, but the casino hopes that the allure of winning causes you to shrug off the likelihood of losing. If you gamble long enough, you will eventually lose. It’s a statistical certainty. The casinos have built a very strong business model around this.

When weighing risk in the real world, the same rules apply. Companies can hope that they won’t fall under cyberattack, and they can also hope that if they do have an issue, it will be a small one. The allure of larger profits makes it easy to shrug off the likelihood that a serious cyberattack will eventually take place without the right cybersecurity controls in place. Companies gamble everyday by having insufficient cybersecurity training, processes/procedures, detection mechanisms, recovery plans, and overall cybersecurity budgets in place. If you gamble long enough, you will eventually lose. It’s a statistical certainty. The cybercriminals are counting on it.

Vegas has been having a hard few weeks when it comes to cybersecurity. Caesars released a statement to the SEC on Sept 7th that they have suffered “identified suspicious activity in its information technology network resulting from a social engineering attack on an outsourced IT support vendor used by the Company,” and it has been widely reported that Caesars paid a $15 million ransom after negotiating down an initial demand of $30 million. The name of the ransomware group has varied attributions (names such as UNC3944, Roasted 0ktapus and Scattered Spider have all been reported), but there is consensus that the ransomware software used is the ALPHV (aka BlackCat), which is a type of ransomware that TCE Strategy has been up against in the past. It’s stunningly well written malware. If only we could get these coders to use their skills for the bright side of the force…

MGM has been having a harder time with their “cybersecurity incident.” The attacks appear to have begun on Sept 7th, the ransomware attack was launched on September 11th, and caused a stunning amount of damage: Reservation websites were down. Casino floors were down. On-premise hotel check-in/out systems were down. Electronic keys to get into hotel rooms weren’t working. Wow… Reports surfaced on Sept 21st that the company had recovered from the attack, and that they likely lost approximately $80 million in revenue as a result of their prolonged outage.

While details on both attacks are still coming out, there are some great writeups on the likely sequence of events that took place, such as this one. The most stunning piece of data to me is that the initial attack vector was as simple as it was elegant: the hackers went on LinkedIn, found an MGM IT person’s name, and then called into the MGM help desk pretending to be that person. They asked for a password reset, were given one, and the rest is history. Interestingly, the ALPHV ransomware group is disputing that claim, but regardless, an attack vector of this type is a very real and genuine threat. The largest takeaways for me from these events are as follows:
  1. Authentication procedures for your call-in or text-in helpdesk must be secure. This is challenging because many people need to call into help desks for a password reset, but there needs to be some sort of mechanism of ensuring that the person calling in is the person they claim to be. TCE Strategy clients have employed solutions such as requiring that the helpdesk call back the employee at a number that the help desk has on file for the user in question (this is not fool-proof as a SIM swapping attack would defeat it, but it’s still a very significant hurdle to overcome). Another idea is to setup a PIN code at the time that an employee is hired that the employee has to provide to the help desk to authenticate themselves, but this is troublesome because the user has to remember the PIN code, and if he/she doesn’t know it, some backup methodology has to be employed. There isn’t a perfect solution here, but there are strong solutions to make this type of attack much harder for a cybercriminal to take advantage of.
  2. Offline backups of critical data and system configurations are imperative to be able to recover from large-scale cybersecurity attacks. Without them, the only option may be to pay the cybercriminals the ransom they are demanding.
  3. Documentation on how a company’s IT systems work is imperative to keep up-to-date. Testing how to recover systems from backups is imperative. Without tests such as these, recovery efforts that could take hours easily spread into days or weeks.
In other cybersecurity news, Clorox is already a month into remediation from a widespread attack they announced August 15th, and it is still materially impacting operations over a month later. Details have not been released, but this feels like a large scale ransomware attack where offline backups either did not exist, or were compromised. If you can’t find your favorite cleaning product in your favorite store, this could very well be the reason why.

Until next month, stay safe!

Upcoming Speaking Events

Here is a list of the cities that I will be in over the next few months. Please reach out if you have an event in mind!

September 26th-28th, Salem, OR
October 2nd, Brainerd, MN
October 11th-14th, Sacramento, CA
October 22nd-24th, New Orleans, LA
November 1st-4th, Albany, NY
November 27th-30th, Key West, FL
December 4th-6th, Indianapolis, IN

TCE Strategy in the News

Thank you to the Minneapolis NBC affiliate KARE11 for the opportunity to speak with them about the lawsuits surrounding the U of Minnesota data breach.

Interesting Articles

Do you have kids that play Roblox or Fortnite? They need to read this article!
"While we worried that our doorbells and watches that connect to the internet might be spying on us, car brands quietly entered the data business by turning their vehicles into powerful data-gobbling machines. Machines that, because of their all those brag-worthy bells and whistles, have an unmatched power to watch, listen, and collect information about what you do and where you go in your car."
Cybersecurity Tip of the Month

Backing Up Personal Files

An important and often-neglected aspect of personal cybersecurity is the need to regularly back up your personal files. This is a tip that I've shared about in the past, but with the many things that we all have to manage and keep track of, it can easily fall to the bottom of our to-do lists. Performing this simple practice once a month can keep you safe from unexpected losses of important, and often irreplaceable, data. Should you forget your password, become a victim of ransomware, or have your computer stolen, you will be able to easily restore your files. If it's been a while since you've backed up your files, make a plan to do it this weekend! 

Here’s how:

1) Get an external hard drive or USB that is large enough to store all of your data. For most users, a 128GB thumb drive that costs around $20 is adequate. If you have more data than this, larger drives are available and are inexpensive. These can easily be found at an office supply store or on Amazon, such as 
this external hard drive (not an affiliate link).

2) Manually download any files you have stored on cloud storage sites such as OneDrive, Google Drive, Dropbox, iCloud, or Google Photos.

3) Drag all files you wish to back up onto the hard drive, including your computer’s Documents, Photos, and Downloads folders.

4) After the files are finished backing up, eject your hard drive or USB and store it in a safe place.
Forward Forward
We want your feedback!
< On a scale of 10, how helpful was this newsletter?>

Copyright © *|CURRENT_YEAR|* *|LIST:COMPANY|*, All rights reserved.

Our mailing address is:

Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list

You can reach Bryce at

Subscribe to Newsletter

Browse newsletter archives: