MGM Grand Resorts Case Study

MGM Resorts International is an American global hospitality and entertainment company which operates more than thirty world-class hotels and casinos, and employees more than 80,000 people worldwide. MGM’s Las Vegas resorts include Bellagio, Mandalay Bay, MGM Grand, and Aria.

As one of the world’s most recognizable casino and hotel brands, MGM Grand’s reputation is its most valuable asset.

The Problem

A threat actor associated with a well-known cyber terrorist hacking group began offering the sale of a stolen data, allegedly originating from MGM Grand’s customer database. The actor in question, was a known member (or associate) of The Dark Overlord group, which has claimed responsibility for a number of other high-profile hacks and intrusions.

This scenario was especially troubling because the data was being offered by someone with an established reputation for hacking and selling high-profile databases.

News or mentions of this particular threat actor were flagged by Night Lion’s ARIA application, generating real-time alerts for our threat hunting team. Within several hours of its original posting, Vinny Troia, Night Lion’s CEO, contacted MGM Grand’s Chief Information Security Officer, alerting him of the active sale. Night Lion was then retained to investigate the data to further understand what it was or where it came from.

The Solution

At the behest of MGM’s security team, Night Lion’s counterintelligence unit managed to track down the perpetrator and locate the threat actor. They also managed to find the threat actors additional aliases, used to conduct other illegal activities in the past, and build up a file on him. Once they had established the identity of the actor, they then contacted the criminal and ‘interviewed’ him by posing as interested buyers and leveraging social engineering techniques, as a result of this interview the criminal revealed how the data was acquired.

Once our team had gained his confidence, the criminal told us how the breach was carried out and then provided our operatives with a copy of the breached data set. We then handed that data over to MGM so that they could begin to notify those affected by the data breach, as per their legal obligations. Our team worked with local and federal law enforcement agents and provided crucial information on the criminal, which would lead to his arrest. They worked with MGM to remediate the vulnerability in their security, which had enabled the data breach.