Cyberattacks on MGM and Mr. Cooper: A Call for Enhanced Cybersecurity with Crowdstrike

The Rising Tide of Cyber Threats

Recent cyberattacks on prominent corporations like MGM Resorts and Mr. Cooper highlight a disturbing trend of large-scale security breaches that lead to the exposure of personal customer data. These incidents underscore the vulnerability of even the most seemingly secure organizations to sophisticated cyber threats.

MGM Resorts Cyberattack

The cyberattack on MGM Resorts was a sophisticated operation that utilized social engineering tactics to bypass traditional security measures. The attackers, associated with the group Scattered Spider, employed vishing—a form of voice phishing—to deceive MGM employees. They meticulously researched and impersonated an MGM staff member, leveraging information from platforms like LinkedIn to gain credibility and trick the IT help desk into providing system access credentials.

Once inside the MGM systems, the attackers deployed ransomware to lock down files and systems, exfiltrating personal data of customers that predated March 2019. This data included sensitive information such as names, addresses, and Social Security numbers, which could be used for identity theft and fraud.

MGM Resorts’ response to the attack was to immediately shut down affected systems to contain the breach. They also notified law enforcement and began an extensive investigation to determine the full scope of the incident. In the aftermath, MGM offered affected customers free credit monitoring services to protect against potential fraud stemming from the breach.

Mr. Cooper’s Data Breach

Mr. Cooper, a significant player in the mortgage and loan servicing industry, experienced a cyberattack that led to the unauthorized access of customer data. The company disclosed the breach after noticing suspicious activity within their IT systems on October 31, 2023. They promptly took their systems offline to prevent further unauthorized access.

While Mr. Cooper has not stored banking information related to mortgage payments on their systems, other customer data was compromised. The exact details of the compromised data were not immediately clear, but the breach had the potential to affect over four million customers. The ongoing investigation aims to clarify the extent of the data exposure.

The cyberattack caused significant disruptions to Mr. Cooper’s operations, with system outages persisting into the second week after the attack. Customers reported being unable to access their accounts, which hindered their ability to manage their loans and mortgages. Mr. Cooper had to explore alternative payment options and communicate with customers through other channels.

In a filing with the U.S. Securities and Exchange Commission, Mr. Cooper estimated up to $10 million in additional vendor costs due to the cyberattack. However, they anticipated that the attack would not have a material impact on their business in the long term.

The Cost of Cyber Insecurity

These cyberattacks not only lead to immediate financial losses and operational headaches for the companies involved but also pose long-term reputational damage and risks to affected customers. MGM Resorts and Mr. Cooper had to take immediate action to mitigate the attacks’ effects, including reverting to manual operations and offering credit monitoring services.

Crowdstrike: A Proactive Defense

In the face of these escalating cyber threats, Crowdstrike’s cybersecurity solutions offer a beacon of hope for corporations seeking to protect their data and operations. Crowdstrike provides a multi-faceted approach to cybersecurity:

Endpoint Protection with CrowdStrike Falcon

CrowdStrike’s Falcon platform is at the forefront of endpoint protection, providing an advanced Endpoint Detection and Response (EDR) capability. Here’s how it stands out:

• Preventive Technologies: Falcon uses sophisticated algorithms and machine learning to identify and block known and unknown malware and malware-free attacks before they can execute.
• Continuous and Comprehensive Visibility: It continuously monitors and records all activity on endpoints, providing full visibility into everything happening on the system, which is essential for detecting stealthy attacks.
• Behavioral Analytics: By analyzing behaviors on the endpoint, Falcon can identify malicious activities based on indicators of attack (IOAs) rather than relying solely on known malware signatures.
• Real-Time Response: The platform allows security teams to respond and remediate in real-time, stopping active attacks and preventing further damage.

Threat Intelligence with CrowdStrike

CrowdStrike’s threat intelligence is not just about having data on threats; it’s about understanding the adversaries and their methods:

• Adversary Profiling: CrowdStrike profiles the tactics, techniques, and procedures (TTPs) of threat actors, providing insights into their motives and methods.
• Contextual Awareness: The intelligence is not just a list of bad indicators but includes context that helps organizations understand the ‘why’ and ‘how’ behind attacks.
• Proactive Defense: With this knowledge, companies can move from a reactive to a proactive stance, implementing defenses tailored to the specific threats they are most likely to face.

Identity Protection by CrowdStrike

Identity protection is a critical layer in CrowdStrike’s defense strategy:

• Next-Generation Antivirus (NGAV): CrowdStrike’s NGAV protects against identity theft by using AI to stop known and unknown threats, including fileless and malware-free intrusions.
• Zero Trust Authentication: The platform enforces Zero Trust principles, ensuring that only authenticated and authorized users and devices can access an organization’s data and applications.
• Real-Time Monitoring: It monitors user activities and enforces user-based policies in real-time, preventing unauthorized access and lateral movement within the network.

Incident Response with CrowdStrike

When a breach occurs, CrowdStrike’s incident response team, known as Falcon OverWatch, steps in:

• • 24/7 Monitoring: OverWatch provides round-the-clock monitoring, ensuring that any breach is detected and responded to immediately.
  • Expert Team: The team consists of elite cyber security experts who can quickly analyze the breach, understand the scope, and determine the best course of action.
  • Rapid Remediation: They provide remote remediation services, which means they can contain and eliminate threats from an organization’s environment quickly, often before they realize they’ve been breached.

Conclusion

The cyberattacks on MGM Resorts and Mr. Cooper serve as a stark warning to all large corporations about the importance of robust cybersecurity measures. Crowdstrike’s comprehensive solutions provide the necessary tools to prevent, detect, and respond to cyber threats, safeguarding both company operations and customer data.

In an era where cyber threats are becoming more sophisticated and pervasive, it’s imperative for corporations to invest in advanced cybersecurity solutions like those offered by Crowdstrike to protect against the next generation of cyberattacks.

Reference Articles:

MGM cyber attack: How a phone call may have led to the ongoing hack – Vox

Casino giant MGM expects $100 mln hit from hack that led to data breach | CNN Business

Cyberattack Disrupts Mortgage Payments for Millions of Mr. Cooper Customers – The New York Times (nytimes.com)

Why Choose CrowdStrike As Your Security Provider? | CrowdStrike