Takeaways from the MGM Attack and Emerging Threat Landscape
November 2023 by Vaidotas Šedys, Head of Risk Management at Oxylabs
The recent cyberattacks on MGM Resorts and Caesar’s Palace serve as a dire warning to organizations that staying hyper-vigilant is critical to preventing security threats and mitigating incidents. According to a report by CNBC, Caesar’s paid a $15 million ransom to the cybercrime group following the takedown of MGM’s computer systems, forcing the company to shut down the network while its infrastructure was compromised and data was extracted from its servers.
Cybercrime is expected to increase 3 times by 2027
The widespread adoption of connected devices and the growing value of data are leading to a substantial increase in cyberattacks, according to The World Economic Forum. A recent report from the organization highlights the extent of the problem, estimating that costs will rise significantly, from $8.44 trillion in 2022 to $23.84 trillion by 2027.
The group recommends standardized cybersecurity measures, increased education through digital literacy campaigns, and building networks that fuse security initiatives into the system. While these recommendations represent standard advice all organizations should be using today, identifying new types of threats remains critical to addressing the constantly innovating threat landscape.
Threat actors are rapidly advancing their skills
Hackers continuously improve their skills, upgrade their techniques, and sharpen their strategies. Staying on top of their activities requires constant awareness of emerging threats, such as:
1. Deepfakes and AI-generated fraud
Deepfake technology, a subset of artificial intelligence, uses deep learning algorithms and artificial neural networks to generate fraudulent images, videos, voice recordings, and documents. Many people weren’t convinced of its potential when it first emerged in 1997; unfortunately, the technology has advanced to produce striking representations that are surprisingly authentic (at least to some people).
Not everyone is convinced by deepfakes, and people are rapidly learning to distinguish between what is real and what is artificially generated. However, it could be argued that the technology has reached a level where it could be used to create convincing voice impersonations for phishing attacks. The same techniques could also be used in combination with stolen personal data to breach telephone systems in financial services and related industries.
2. Prompt injection attacks
The UK’s National Cyber Security Centre recently published an article highlighting the potential risks of using large language models (LLMs) like Google Bard, ChatGPT, and Meta’s LLaMA. Specifically, the agency is concerned that chatbots, virtual assistants, and automated systems can be manipulated by hackers using a "prompt injection" attack.
In a prompt injection attack, the hacker first studies the chatbot’s behavior to identify vulnerabilities. Malicious inputs are then carefully crafted to exploit the chatbot’s limitations, such as insufficient security checks and weak input validation. Once identified, the attacker exploits the vulnerability by prompting the chatbot to extract unauthorized data directly or have the system inadvertently reveal sensitive information.
Hackers additionally use prompt injection attacks to impersonate users for phishing and social engineering schemes. Organizations typically guard against these attacks through various security measures, including access controls, context awareness, input validation, security testing, rate limiting, and widespread system monitoring.
3. Biometric data vulnerabilities
Biometric data leverages biological or behavioral characteristics to authenticate users, including fingerprints, facial recognition, voiceprints, iris scans, hand geometry, palm prints, retina scans, and vein patterns. The use of biometric data is typically secure because of its uniqueness and complexity, however, it can still be extracted through data breaches.
Attackers can also impersonate individuals through falsified or stolen biometric samples, like high-resolution photos and fingerprints. Data can additionally be stolen during biometric authentication via a “man-in-the-middle attack” that extracts data while it is being transmitted from the user to the system.
4. Quantum computing threats
Standard computers use “bits” as the fundamental unit of information, which is always in one of two physical states represented by a single binary value that is usually a 0 or 1. In contrast, quantum computing leverages the principles of quantum mechanics by using quantum bits (qubits), which can exist in multiple states simultaneously due to a property called superposition.
As a result, quantum computing can potentially solve a greater range of complex problems exponentially faster and with greater accuracy. However, some experts believe the technology could be used to generate cyber attacks on a massive scale.
One example is a ransomware attack, where hackers breach systems to encrypt data and demand payment in exchange for the key. While ransomware attacks are currently based on classical algorithms and encryption methods, quantum computing could potentially break specific classical encryption schemes once the technology becomes accessible.
Researchers in the cryptography space are preparing for the inevitable use of quantum computers by developing cryptographic techniques and algorithms designed to withstand attacks using the technology. These include hash-based cryptography, lattice-based cryptography, and code-based cryptography.
5. Supply chain attacks
Supply chain attacks focus on breaching the processes, software, hardware, or third-party vendors that are critical to the production, distribution, or final delivery of an organization’s products and services. These types of attacks are not new, but they are growing in scope and sophistication and can be difficult to mitigate due to multiple layers and attack targets.
Preventing a supply chain attack requires a proactive approach. Measures include thorough vendor assessments, continuous monitoring, access controls, encryption, and robust intrusion detection systems.
Knowing your enemy is critical to preventing cyberattacks
The recent security breaches at MGM Resorts and Caesar’s Palace underscore the urgent need for organizations to strengthen their security posture. Standardized security measures and educational campaigns can help prevent and mitigate attacks, however, the advancing crime landscape demands staying ahead of emerging threats, including deepfakes, prompt injection attacks, biometric data vulnerabilities, quantum computing threats, and supply chain attacks.
By implementing strong security measures, continuously adapting to new challenges, and fostering digital literacy, organizations can effectively protect their digital assets and preserve their operations in an increasingly interconnected world.