sadflute

They had control of their OKTA account so they had the keys to the kingdom. The call was to the help desk to reset a password.

It took human error. Ransomware is not the beginning it comes later. Security in layers is effective in theory but you cannot rely one one layer. The threat actors started with psychology to access the system by a phone call and social engineering. That gave them the initial entry. From there is is still a guess but my money is on they dwelled in the environment doing reconnaissance. Carefully poking around to see what alerts were detected and acted on. This was more than likely a organized and sophisticated attack. The ransomware was staged but not detonated originally according the ALPHV's statements. It wasn't until they decided that MGM had brought in a negotiator or government assistance. As stated before 99% is great but that 1% is all it takes. The Ransomware was detonated after showing small bits of proof they had control of the network and systems. The Uber breach was worse. The threat actor went into their Slack Channels announced that he has control of their environment and they laughed thinking it was a joke. Search the screenshots he supplied. Malwarebytes is an amazing solution but it is only one layer. Never forget Humans are a layer in security too.