对米高梅酒店的勒索软件攻击是如何开始的?
“I know more about casino security than any man alive, I invented it, and it cannot be beaten. 他们有相机, 他们有锁, 他们有观察员, 他们有计时器, 他们有保险库, 他们有足够的武装人员占领巴黎!” ——鲁本·蒂什科夫,《十一罗汉.
当我们想到赌场的时候, we probably think about the top-tier security measures we have seen in movies such as Ocean’s Eleven, a film whose entire plot surrounds the slim odds of getting past these impenetrable security measures.
令人难以置信的, 就像流行电影里的抢劫一样, 米高梅的勒索软件攻击基本上是成功的. 罪魁祸首采用了久经考验的社会工程策略.
The ransomware attack has had a far-reaching impact on both internal and client-facing operations. 袭击发生后, casino operations have come to a halt with electronic gambling and slot machines being impacted – which is estimated to be costing MGM nearly $8.400万年 一天的收入和现金流.
另外, 米高梅物业的实体运营, 包括贝拉吉奥酒店, 曼德勒湾和大都会, 是否受到系统中断的严重影响. 客人 据报道, 等了几个小时才拿到房间钥匙, 确认预订, 使用停车亭, 被困在电梯里, couldn’t 确认预订 and had to get hand-written receipts for casino winnings.
分散蜘蛛和阿尔法/黑猫都有 声称 for the attack and shared that they used LinkedIn to find an MGM IT help desk worker and simply picked up the phone to start the attack. 虽然我们不知道电话里说了什么, 安全专家 believe that the end result was that somebody at the MGM help desk handed over the credentials needed to access the system… within ten minutes.
这种攻击方法, 被称为vishing, 依靠电话来访问系统和, 虽然不像基于电子邮件的网络钓鱼账户那么常见, 有一个 成功率提高了三倍, 有几个关键原因, 包括人为因素, 安全软件的局限性和缺乏培训.
威胁行为者几乎在所有攻击中都以人为目标, 但这在钓鱼中尤为重要, 因为切入点是与一个真实的人的对话, who inherently wants to help the best they can – especially when they work for an IT help desk, 米高梅的情况也是如此. The threat actor can impersonate anybody they want on the phone to establish credibility and, 假设他们做了适当的研究, can sound so authentic that they are often given whatever access they need.
The very fact the threat actor was able to get through to the MGM help desk illustrates another key vulnerability vishing attacks exploit: access. Think about the amount of phishing or smishing attacks that are automatically flagged and triaged through security software, which effectively minimizes the human risk by simply not letting them reach the recipient.
在钓鱼的情况下, 电话可能来自一个未知的号码, but have a familiar area code – or if a company is a national or international conglomerate like MGM, 人们可能会期待随机的电话. 而大多数手机都有防钓鱼安全措施, 企业通信系统很可能不会, 工作人员预计会接到未知号码的电话.
最后,我们知道什么是网络钓鱼和欺骗通信. 常见的危险信号, 比如展示一种紧迫感, 糟糕的语法, 拼写错误, 连结及附件, 在野外很容易被受过教育的人发现吗.
The reason most people know this is hopefully because they were provided with proper training that includes security awareness materials and simulated phishing attacks. But when was the last time your organization did any training on non-electronic social engineering?
还记得, 社会工程可以通过电话或亲自进行, so be sure to educate your employees on how to screen phone calls and physical interactions with the same filter as email or text.
With a recent attack on Caesars Casino (also claimed to be by Scattered Spider) that ended in a reported 1500万到3000万的赎金 以及米高梅拒绝支付赎金的明显影响, now is a great time for your organization to remind your end users of how they can identify and prevent attacks.
而赌场袭击事件目前占据了新闻头条, the reality is that an operational shutdown like this within a municipality or hospital can have far more deadly implications than breaking out the sliding credit card machines or writing physical cash out tickets.
如果您对安全意识培训有任何疑问, incident response planning or any other cybersecurity-related concerns, 请联系施耐德唐斯网络安全团队 (电子邮件保护).
Please note specific details on the attack have not been confirmed by MGM, 凯撒或FBI外发布的声明 米高梅的网站和X.
The Schneider Downs 网络安全 practice consists of experts offering a comprehensive set of information technology security services, 包括渗透测试, 入侵防御/检测审查, ransomware安全, vulnerability assessments and a robust digital forensics and incident response team. 除了, our Digital 法医s and Incident Response teams are available 24x7x365 at 1-800-993-8937 if you suspect or are experiencing a network incident of any kind.
想要了解情况? 订阅我们的双周通讯, 关注网络安全, at 089wbug3.945996.com/subscribe.
要了解更多信息,请访问我们专门的 网络安全页面.
