Tag Archive for: linger

Questions linger after ‘cyber issue’ shuts down MGM computer systems

/in


MGM Grand

Jae C. Hong / AP

The Las Vegas Monorail passes by MGM Grand, April, 27, 2006, in Las Vegas.

By (contact)

The targets of cybersecurity attacks are typically high-profile companies that face challenges getting back online, said Yoohwan Kim, a UNLV computer scientist who studies data privacy on blockchain and network security.

Think hospitals, utility companies, even casino giants like MGM Resorts International.

MGM, with 28 properties worldwide, including many up and down the Las Vegas Strip, starting late Sunday experienced what resort officials labeled a “cyber issue.”

The nature of the issue was not detailed, but a statement from MGM said efforts to protect data included “shutting down certain systems.” The FBI is taking part in the investigation.

The shutdown prevented credit card transactions and crashed the BetMGM sports betting mobile app and company websites. It also prevented digital access to guest rooms, halted some slot machine play and provided the company plenty of bad publicity.

It was not known how many people were affected by the disruptions.

“One thing is clear: When this happens, there’s a lot of chaos in the company figuring out what it will take to fix it,” said Kim, who spearheaded the effort to develop a cybersecurity major at UNLV.

Kim said answers to many questions — Who did this? What information was compromised? Why MGM? — wouldn’t be immediately known. An attack of this nature takes time to execute and could have been years in the making, he said.

The motivation was more than likely money — pay a ransom to get back up and running, he said. MGM could have been asked to pay “several million dollars,” Kim speculated.

“It comes down to a cost analysis” when deciding whether to pay, he said. “If there’s urgency and people will die (such as could be the case with a hospital), that’s motivation to pay the ransom to resolve as fast as possible.”

This is not the first time MGM has been the target of a cyber issue.

Details about millions of people who stayed at MGM properties were published in 2020 on a hacking forum, including some driver’s license and passport…

Source…

Questions linger regarding NCDIT hack

/in


RALEIGH, N.C. (WNCN) — A lot of questions remain following the shutdown of many state computer systems last week. 

The state’s Department of Information Technology admits it encountered what they call a “cyberthreat” last week and has been working to get all systems back online. 

However, there are a lot of answers that remain elusive as to exactly what happened and how large the impact was. 

CBS 17 has pieced together information about the hack. 

We depend on our computer systems at home and at work and it’s common knowledge in the cyber security world that hackers are always trying to get into our personal as well as work systems. 

It’s an everyday occurrence and the state Department Of Information Technology says every week, “billions of intrusion attempts” are made to the state network. 

Last week, the agency admitted they encountered a threat which required them to protect state systems and data prompting what they called “system maintenance.”   

That knocked scores of state computers in many agencies offline. NCDIT did not reveal how many agencies were affected.

However, the NC Department of Health and Human Services was one of the agencies affected because it posted a notice on its website saying systems that were affected by the outage are now back online.   

The proactive action by NCDIT required password resets for many employees of state agencies, council of state offices and some local governments. 

NCDIT says due to the large number of accounts, they are taking time to get reset all passwords. 

They said teams worked through the weekend to restore things. But CBS 17 saw tweets on the NCDIT twitter page from Monday and Tuesday indicating that some state employees were still not online and were frustrated.  

Tweets of frustrated customers. (Steve Sbraccia/CBS 17)

NCDMV says impacts to its services were “minimal” and that no driver’s license offices or license plate agencies were closed as a…

Source…

Concerns Linger Following UKG Ransomware Attack

/in


​A long ordeal for customers of Ultimate Kronos Group (UKG) is nearing an end. The vendor has restored its time-keeping and payroll services after a ransomware attack disrupted the lives of thousands of HR professionals and employees alike.

But experts say fallout from the attack will continue. Given that some customer data was stolen, companies will have to transition manual records back into UKG systems and shaken clients question their futures with the vendor.

In a public update on Jan. 22, UKG said it had restored core time, scheduling and payroll capabilities to all customers impacted by the ransomware attack on its Kronos Private Cloud system. The statement said UKG is now focused on the “restoration of supplemental features and nonproduction environments” and is offering video-based recovery guides to help customers reconcile their data.

The outage—which lasted more than a month for many UKG clients—forced thousands of organizations to scramble to create manual workarounds. It happened during a particularly challenging time of year; employers had to find ways to pay workers holiday pay and overtime as employees worked extra shifts to cover staff shortages caused by the omicron variant of the coronavirus and ongoing resignations.

UKG and companies using its services may be facing legal action. 

“Unfortunately, some customer data was stolen in the attacks and that creates a secondary concern for UKG and its clients,” said Allie Mellen, a security and risk analyst with research and advisory firm Forrester. UKG confirmed in its latest public statement that the personal data of at least two of its customers had been “exfiltrated” or breached.

Cautionary Tale for HR Tech Vendors

HR technology analysts say vendors and their clients should brace themselves for similar attacks as more hackers train their sights on sensitive employee data rather than customer data.

“The reality is we’re going to see more of these attacks,” said Trevor White, a research manager specializing in HCM technologies with Nucleus Research in Boston. “The question for HR vendors is how they’ll limit disruption to their customers as they go about solving problems related to ransomware and other cyberattacks….

Source…

Fallout From Hack of City Law Department Could Linger for Months

/in


Among the thousands of lawsuits New York City faces each year, this case was unexceptional — a man suing the city and several police officers over his arrest during a 2016 demonstration. But last week, the case hit a snag for an unusual reason: The city’s Law Department had been hacked, and lawyers were struggling to gain access to important documents.

“Practically all attorneys from the New York City Law Department still do not have remote access to electronic files,” wrote Jorge M. Marquez, a city attorney, to the judge on July 1, asking for an extension of deadlines in the false-arrest case.

Mr. Marquez noted that attorneys could enter the Law Department’s offices to review files but because of the pandemic, many attorneys, including himself, were not going into work. “It is currently unknown when this problem will be resolved,” he wrote, adding that the city hoped it would be in the coming weeks.

More than a month after hackers gained access to the Law Department’s computer system — which stores an untold amount of sensitive information — it is now apparent that the breach had a more profound effect than officials have publicly revealed. The department’s chief IT officer has been reassigned and replaced. And the fallout, as chronicled in internal communications obtained by The New York Times, may for months continue to affect the 1,000-lawyer agency that defends the city in court.

Many city Law Department employees have returned to the office on a limited basis, but the inability to retrieve documents remotely has slowed some of their work.

Laura Feyer, a spokeswoman for Mayor Bill de Blasio, said in a statement that the Law Department’s attorneys are “arranging on-site and remote work accordingly to ensure there is minimal impact to cases.”

Nick Paolucci, a Law Department spokesman, said that a majority of the department’s attorneys have been able to meet court deadlines and that the legal work of the city was moving forward.

But court records show the hack continues to complicate cases. In letter after letter to judges, the city’s attorneys have sought postponements in cases, saying that without access to electronic files, they could not prepare a…

Source…