The MGM Cyber Attack: Protecting Your Data from Vishing and Ransomware

Published: September 25, 2023

The recent cyberattack on MGM Resorts has raised questions about the vulnerability of even the most prominent organizations in the face of cyber threats. This attack, allegedly orchestrated by a group known as Scattered Spider, highlights the importance of understanding the tactics used by cybercriminals and the steps individuals and organizations can take to protect themselves from similar incidents.

The MGM Cyber Attack Unveiled

MGM Resorts, a global hotel and casino chain, faced a significant cyberattack that disrupted its operations for several days. The attackers, who reportedly specialized in social engineering, used a technique called “vishing” to manipulate victims into providing access to sensitive information. Vishing, a combination of “voice” and “phishing,” leverages human nature and trust to breach cybersecurity defenses.

Scattered Spider, the group behind the attack, allegedly gained access to MGM’s systems by impersonating an employee through a convincing phone call to the company’s IT help desk. This breach not only disrupted MGM’s operations but also put its customers’ data at risk. The attackers demanded a ransom in cryptocurrency for the release of encrypted data.

What Can We Learn?

1. Social Engineering is Effective: Vishing, as a form of social engineering, highlights the importance of human factors in cybersecurity. More than 90% of cyberattacks begin with some form of phishing, and vishing is particularly effective due to its personal touch. It serves as a reminder that even the best security systems can be compromised if the attackers exploit human vulnerabilities.

2. Use of Publicly Available Information: Attackers often use publicly available information, such as LinkedIn profiles, to impersonate employees and gain access to systems. Organizations and individuals must be cautious about the information they share online and be aware that attackers can use it against them.

3. Weak Verification Processes: Companies need to strengthen their verification processes to confirm the identity of individuals making sensitive requests over the phone. Inadequate verification methods make it easier for attackers to impersonate employees and gain access to valuable data.

4. Importance of Employee Training: Employee cybersecurity training should cover vishing attacks, just as it does for phishing. Awareness and education can help employees recognize and respond to suspicious phone calls effectively.

5. Set Up Multi-Factor Authentication (MFA): Implementing MFA adds an additional layer of protection to user accounts. Even if login credentials are compromised, MFA can prevent unauthorized access.

6. Regularly Monitor Your Accounts: Individuals affected by a data breach should regularly monitor their financial accounts and be vigilant for unusual charges. Additionally, consider freezing your credit to protect against identity theft.

The MGM cyberattack serves as a stark reminder that no organization is immune to cyber threats. By understanding the tactics used by cybercriminals and taking proactive steps to protect sensitive data, individuals and organizations can significantly reduce their risk of falling victim to attacks like vishing and ransomware. At the end of the day, cybersecurity awareness and readiness are essential to safeguarding our digital lives.

Reach Out To Us

Recent Posts

Schedule a Free Network Assessment

A network assessment is an in-depth analysis of your current IT infrastructure that provides you with a comprehensive understanding of your existing environment and recommends improvements such as network consolidation, simplification, or automation.

Learn More