Tag: mgm

  • The biggest cyber security breaches of 2023

    The biggest cyber security breaches of 2023

    Now that it’s 2024 we’re reflecting on the biggest events in tech that occurred in 2024, and in today’s article we want to talk about the biggest cyber security breaches that occurred in 2023.

    Before we get into it, let’s talk about the hard numbers.  Across the board, cyber threats are up year over year and 2023 was no exception. Here are 8 eye opening statistics on cyber threats as of writing:

    1. The global average cost of a data breach is $4.45 million and a ransomware attack $5.13 million as of 2023.
    2. The average lifecycle (discovery to remediation) of a data breach is 277 days.
    3. 74% of data breaches still involve a human element in 2023.
    4. 64% of Americans have not checked to see if there data has been lost in a data breach.
    5. Almost half (46%) of all cyberattacks were on US targets.
    6. More than 1 million identities were stolen in 2023.
    7. 30% of those people were a victim of a data breach in 2023.
    8. 54% of office works express feeling “cybersecurity fatigue” in regards to news of data breaches.

    Unfortunately, public apathy towards cybersecurity preventions from ongoing, sustained attacks and the lucrative nature of successful attacks performed on business entities makes for a potent recipe in these attacks only continuing to increase in 2024.

    We want to take a look back at the biggest breaches that occurred in 2023 and also present our solution for preventing an attack of this nature from occurring to your business.

    1. MGM – Occurring in September, the unusual way MGM was breached made headlines because it did not initially involve a computer. Instead, attackers posed as people of importance to the company via a phone call and gained access to their systems, causing a loss of reputation, $100 million in damages, and 5 class action lawsuits to be filed.
    2. ChatGPT – Not even AI is safe when it comes to targeted attacks from hackers, in March of 2023 a bug in their source code exposed the personal information of a 1.2% of their Plus Subscribers including home addresses, full names and email addresses.
    3. MOVEit File Transfer System – The fallout from this breach that occurred in June 2023 extended far beyond the file system management software company itself, including California’s biggest pension fund holders CalPERS and CalSTRS.
    4. RockStar – RockStar is another example like MGM that proved hackers don’t need expensive equipment to breach insecure systems, with this breach being conducted using a cellphone, a hotel room TV and an Amazon FireStick.
    5. The City of Oakland – An entire city was the target of a hack that occurred in February of 2023, the sustained attack which lasted more than a week prompted the city to even declare a state of emergency while systems remained offline. Class actions lawsuits were also filed in the aftermath of the attack in this case.

    These are just five attacks that made major news last year, but there were thousands more that did not make major news. When an attack occurs on a small business many times it leaves the owners with no choice but to close up shop (60% of small businesses that are the victim of a cyber attack close within 6 months).

    As IT providers it’s a frustrating topic for us as so much of this is preventable. If more preventions were put in place and it was more difficult for attackers to realize their goals than it would have a cumulative positive effect overall. As the saying goes, an ounce of prevention is worth a pound of cure. Let us help you meet your cybersecurity goals in 2024 by clicking on the image below.

    Looking for more to read? We suggest these other articles from our site.

    This article was powered by Valley Techlogic, an IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.

  • In the aftermath of the MGM cyberattack, five class action lawsuits have already been filed

    In the aftermath of the MGM cyberattack, five class action lawsuits have already been filed

    MGM Resorts are a staple on the Las Vegas strip, operating more than two dozen hotels and casinos around the world with nine of them being found in Las Vegas itself. You may have heard of the Bellagio, Mandalay Bay, and the Luxor? These are all MGM properties that host millions of visitors each year.

    Now some of those same visitors are wondering if the chain gambled with their private data. It was reported on September 11th that MGM was facing some kind of “cybersecurity issue” that trickled down to their facilities, with customers facing problems using the digital keys to their hotel rooms to slot machines not functioning as intended.

    Guests were left spending hours waiting to check in as the hotels shifted away from digital entry back to manual keys to get guests into the rooms they’d already paid for. It reportedly took 10 days for things to resume normal operations with some problems still occurring here or there.

    It’s now being reported that the cause of this hack was a persuasive phone call made by one of the members of a hacker group called “Scattered Spider” which has since claimed ownership of this attack. In a strange turn of events this group does not prioritize technology-based attacks such as malware or phishing but instead mostly engages in “Vishing”.

    “Vishing” or voice phishing is when someone calls you pretending to be someone else, they usually are purporting to be from a company you might do business with financially – such as your credit card company or banking institution.

    With number spoofing this type of attack can be very effective, and as the MGM attack shows even a massive organization is not necessarily immune from an attack if the bad actors is using the right attack vector for the job. That’s why it’s important to have several safeguards in place when it comes to protecting your systems and data.

    It’s alleged that a member of the Scattered Spider group found an MGM employee’s information on LinkedIn and was able to convince a member of their help desk to give them all the access they needed to perform the attack. Someone close to the group has said the original plan was to hack their slot machines but when that plan failed, they moved to plan B which was holding MGM’s data hostage for a payment in Crypto.

    Even though they’re now back to normal operations, MGM is not out of the woods yet. Five class action lawsuits have been filed with customers claiming the chain risked their personal identifiable information (PII) by falling for this attack. Two were filed against MGM directly, and three against their partner company Caesars Entertainment. We have talked about the legal ramifications. of cyber attacks before and it’s something companies should definitely be aware of, the insult of being hacked may not end just with the loss of data or systems being damaged – there may be legal consequences as well.

    Over 90% of successful attacks have a human element to them, with this most recent attack on MGM included in that figure. Cyber security training can go a long way in preventing cyber threats to your business, but vishing may still catch you or your employees off guard. You may be wondering how someone on the phone could possibly be so convincing that you give them access to your systems or financial accounts. We made a chart on the top 8 steps you need to take to guard against a vishing(voice phishing or)’ smishing (text message phishing) attack on your business.

    Of course, as we mentioned the best defense against cyber attacks in general is a layered approach, that way if one wall is breached an attacker would still have to get through several more to do any damage to your business. That’s where a partnership with Valley Techlogic comes in – we take a layered approach to protecting your backups, protecting your systems, and protecting you and your employees from bad actors. Learn more today through a consultation.

    Looking for more to read? We suggest these other articles from our site.

    This article was powered by Valley Techlogic, an IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.