Zero Standing Privileges: The Future of Access Management
Introduction The help desk at MGM Resorts had no idea they were about to enable one of the most devastating casino breaches in history. In September 2023, a group called Scattered Spider didn’t need sophisticated malware or zero-day exploits. They simply called the IT help desk, impersonated an employee using publicly available LinkedIn data, and convinced a well-meaning support agent to reset credentials and disable MFA. Within hours, they had super administrator privileges in MGM’s Okta and Azure environments....