April 10, 2024
Research Fellow:
- Bobby Boughton, MacroPraxis Research Institute Fellow
Link To Research Paper
Breach Analysis Visual:
Research Summary
The Turn Back Time (TBT) Breach Analysis of the MGM Resorts ransomware attack examines how the BlackCat/ALPHV and Scattered Spider cybercriminal groups infiltrated MGM’s systems through social engineering, ultimately leading to significant financial and operational damages. This analysis maps the attack to the MITRE ATT&CK framework, detailing each stage from reconnaissance to impact. By evaluating MGM's security failures and the missed opportunities for early detection, the report highlights how deception technology could have disrupted the attack during its early stages, potentially reducing the financial impact from $155 million to near zero. Key takeaways emphasize the need for layered security strategies and proactive threat detection to minimize damage from future ransomware incidents.
This research underscores the critical role of deception-based cybersecurity in mitigating breaches before attackers gain a foothold. By deploying honeytokens, fake admin accounts, and deceptive network assets, organizations can identify intrusions earlier—potentially at Stage 5 (Persistence) instead of Stage 9 (Discovery)—significantly altering the outcome of an attack. While no cybersecurity measure is foolproof, integrating deception technology within existing security architectures can serve as a crucial early-warning system, allowing defenders to detect, mislead, and neutralize attackers before they cause irreparable damage.