Déjà vu can suck sometimes.
Earlier this year I wrote about the importance of organizations reviewing their password management strategies. I also highlighted that companies must urgently review their employee access protocol, writing that companies must “be sure to continually train your employees to help your teams avoid being fooled by phishing and malware tactics..”
But casino gaming companies MGM Resorts International And Caesars Entertainment have been blindsided in this area in recent weeks by hackers who have used identity-based attacks and social engineering that impersonate their identities to gain access to secure systems.
According to reports, both MGM and Caesars were clients of identity management company Okta. The company saw ongoing activity patterns that showed malicious actors attempting to obtain passwords for privileged user accounts. Okta issued an alert to customers in late August warning of incoming threats from hackers seeking to “manipulate the authentication flow delegated through Active Directory (AD) before calling a targeted organization’s IT service desk, requesting a Resetting all MFA factors in » the target account.
Caesars noted in a filing that an “unauthorized actor” stole data in a social engineering attack targeting an outsourced IT support provider, according to a InfoSecurity Report. Caesars had seen evidence of recent suspicious activity and learned on September 7 that its systems had been compromised, with malicious actors hacking into a loyalty program’s database containing social security and driver’s license numbers of members.
According to some reports, hacker groups identified as BlackCat/ALPHV and Scattered Spider are behind these attacks. Caesars and MGM were required to collect ransom demands in exchange for not releasing the data into the wild. Some reports note that the two organizations complied with the demands by paying the hackers “tens of millions of dollars.”
Both events showed a consistent pattern of using an employee’s identity and social engineering to trick the IT help desk into providing access. According to a Reuters report, these ransomware bandits also breached the systems of several other companies operating in the manufacturing, retail, and technology sectors.
Understanding Black Hat Attacks
Ransomware heists have become increasingly common in recent years as they have become more profitable for hackers.
The formula is well known: black hat hackers encrypt a company’s data and demand payment of a ransom for the decryption key. If the company does not pay the ransom, the hackers threaten to release the data to the public or sell it to other criminals. These cyber thieves target businesses of all sizes, but are often interested in companies with valuable data.
This vulnerability is not unique to MGM or Okta; This is a systemic problem with multi-factor authentication. MFA, which was designed to authenticate devices, fails to ensure the security of the enrollment and recovery processes, which is essential where human user identification is essential. This is a recognized limitation arising from its original design, as it was not developed to address this specific challenge.
It is worth remembering that a 2022 study by security company Tessian and Professor Jeff Hancock of Stanford University found that employee errors and human errors were the main causes. cause of 88% of data breach events. IBM Security set this same figure at 95%.
Aside from the financial cost of paying the ransom, businesses may also lose revenue and productivity due to downtime and the need to recover from the attack. Ransomware heists can also damage a company’s reputation and erode customer trust.
How to fight ransomware attempts
Unfortunately, these events are likely to continue until industrial mechanisms are put in place to verify a person’s identity. This should happen at all levels.
Should companies adopt a “secret word” response to verify a person’s identity? Here’s a simple analogy: When you accidentally trigger your home security system, your home security company contacts you to confirm if a breakage has occurred. When you respond, the company may ask you for a “secret word” to verify that it is you, the owner, and that it was an accidental triggering of the system. It sounds simple, but it could provide protection against similar social engineering and phishing hacks. But this simplistic solution is not scalable and has its own vulnerabilities.
Taking it to the next level, a better solution to this problem would be an automated method to digitally validate a conversation on a peer-to-peer basis. This would verify that these identified individuals are conversing within or outside an organization. It’s almost eerily similar to a beginning Star Trek episode (May the gods destroy) when Spock encounters duplicate versions of Captain Kirk and demands a specific response from Captain Kirk to be assured of the identity of the real Kirk. Okta has suggested adding video to the authentication workflow to address the spoofing problem, but this can easily be circumvented by any AI-based generative solutions on the market, similar to video duplication. identity of Captain Kirk.
Identity technology can solve this problem at scale, and innovative startups have begun to emerge. AI-powered software solutions can add routine flows within your processes to prompt users to verify their identity as additional security before transactions or account changes. There are systems today that can also verify attributes like age and account ownership before speaking to an agent.
Many use cases can extend from call center verification to enterprise usage verification and even other business and personal categories in the coming years. We all need to feel confident that we are interacting authentically with the person(s) they say they are. This could make us feel safer in our connected world.