Ransomware, Zero Trust, and Microsegmentation: Lessons Learned from the MGM Ransomware Attack

In September 2023, MGM Resorts International, one of the world's largest gaming and hospitality companies, was hit by a ransomware attack. The attack impacted all of MGM's properties in Las Vegas and some of its properties in other parts of the country.

The attack was carried out by a ransomware group known as ALPHV. ALPHV is a relatively new ransomware group, but it has quickly become one of the most active and dangerous ransomware groups in the world.

The MGM ransomware attack resulted in significant financial losses, operations disruption, and raised concerns about the security of the gaming and hospitality industry. The impact is estimated to be tens of millions of dollars, including closures of casinos and hotels, cancellation of events, loss of customer data, and damage to MGM's reputation. The attack also negatively impacted the Las Vegas economy, with businesses that rely on MGM's customers experiencing a decline in sales.

Lessons Learned from the MGM Ransomware Attack

The MGM ransomware attack provides a number of important lessons for cybersecurity leaders:

• Zero trust is essential: Zero trust is a security model that assumes that no user or device can be trusted by default. All users and devices must be verified before they are granted access to any resources.

A zero trust security model would have made it much more difficult for ALPHV to carry out its attack. With a zero trust model, ALPHV would have needed to compromise multiple systems and accounts in order to gain access to MGM's critical systems.

• Microsegmentation is critical: Microsegmentation is a security technique that divides a network into small segments. Each segment is isolated from the other segments, and only authorized users and devices can access each segment.

Microsegmentation would have helped to limit the damage caused by the MGM ransomware attack. If ALPHV had been able to encrypt data in one segment of the network, the other segments would have been unaffected.

• Multi-factor authentication is a must: Multi-factor authentication (MFA) adds an extra layer of security to user accounts. With MFA, users must enter a code from their phone in addition to their password when logging in.

MFA would have made it much more difficult for ALPHV to gain access to MGM's systems. Even if ALPHV had been able to steal passwords, they would not have been able to log in to MGM's systems without the MFA codes.

• Security awareness training is essential: Employees are often the weakest link in the security chain. Security awareness training can help employees to identify and avoid common phishing attacks and other social engineering attacks.

Security awareness training would have helped to reduce the risk of the MGM ransomware attack. If employees had been trained to identify and avoid social engineering attempts on phone, phishing emails, etc., ALPHV would have had a much harder time gaining access to MGM's systems.