February 21, 2020

MGM Resorts hack may mask “specific, strategic attack” to get VIP details

By Lucy Ingham

The hack on MGM Resorts that has exposed the personal details of over 10 million people may be a smokescreen for a far more sophisticated attack to get in-depth personal data on law enforcement leaders, private sector heads, key government influencers and politicians.

This is according to Sam Curry, chief security officer at Cybereason, who acknowledged that the MGM Resorts hack was devastating for all of the 10.6 million people whose data has been published on a hacking forum, a small minority had far more severe data exposed.

He highlighted that while for the majority, personal details were restricted to names, home addresses, phone numbers, emails and dates of birth, for 1,300 individuals, data from personal IDs was also present.

“The biggest concern in the MGM disclosure is that hackers stole deeper, more sensitive data on 1,300 individuals, including information off driver’s licenses and military ID cards,” said Curry.

“While it is too early to speculate, there is the possibility the theft that appears to have impacted 11 million customers is a diversion for a specific, strategic attack to access information on influencers in government, law enforcement, politics and the public and private sector.

“That’s not to say that the larger set isn’t suffering but rather that their suffering is a callous digital ‘collateral damage’ covering the more focused and motivated compromise like an assassin throwing a grenade into a crowd on a busy street to cover their true intention.”

The data included personal and contact details not only for business and leisure travellers, but for government officials, journalists, celebrities and tech CEOs.

MGM Resorts becomes latest hotel group to suffer hack

Whether the MGM Resorts hack, which was first exposed by ZDNet, is truly a targeted attack in disguise is impossible to say for certain, but it does highlight how the hotel industry is increasingly being seen as a target of choice by cybercriminals.

“MGM Resorts isn’t the first major hotel group to fall victim to data theft, and it won’t be the last. Hotels collect highly sensitive information from their guests, including names, phone numbers, home and email addresses, and more,” said Chris DeRamus, CTO of DivvyCloud.

“As such, cyberattacks aimed at hospitality organisations are on the rise. In recent years, we’ve seen multiple hotel giants, such as Choice Hotels and Marriott’s Starwood Hotels, suffer from costly data breaches.”

Notably, even the non-financial data stolen in the attack can still cause problems for victims.

“This sort of data is a honey pot for cybercriminals. When personal information such as this is leaked it becomes very sought-after, especially when it includes contact details for a number of high profile users such as celebrities,” said Jake Moore, cybersecurity specialist at ESET.

“All the users on this list should now be concerned about the increased risk of further attacks such as targeted phishing emails, or worse still, falling victim to SIM swapping. This is when cyber criminals use social engineering to manipulate mobile network providers into porting your phone number to a new SIM. Attackers can then change two-factor authentication (2FA) codes and get into online accounts bypassing passwords.”

Read more: Radisson Hotel hack shows vulnerability of hospitality industry

Verdict deals analysis methodology

This analysis considers only announced and completed cross border deals from the GlobalData financial deals database and excludes all terminated and rumoured deals. Country and industry are defined according to the headquarters and dominant industry of the target firm. The term ‘acquisition’ refers to both completed deals and those in the bidding stage.

GlobalData tracks real-time data concerning all merger and acquisition, private equity/venture capital and asset transaction activity around the world from thousands of company websites and other reliable sources.

More in-depth reports and analysis on all reported deals are available for subscribers to GlobalData’s deals database.

Topics in this article: ,