The MGM Cyber Attack: Protecting Your Data from Vishing and Ransomware

Published: September 25, 2023

The recent cyberattack on MGM Resorts has raised questions about the vulnerability of even the most prominent organizations in the face of cyber threats. This attack, allegedly orchestrated by a group known as Scattered Spider, highlights the importance of understanding the tactics used by cybercriminals and the steps individuals and organizations can take to protect themselves from similar incidents.

The MGM Cyber Attack Unveiled

MGM Resorts, a global hotel and casino chain, faced a significant cyberattack that disrupted its operations for several days. The attackers, who reportedly specialized in social engineering, used a technique called “vishing” to manipulate victims into providing access to sensitive information. Vishing, a combination of “voice” and “phishing,” leverages human nature and trust to breach cybersecurity defenses.

Scattered Spider, the group behind the attack, allegedly gained access to MGM’s systems by impersonating an employee through a convincing phone call to the company’s IT help desk. This breach not only disrupted MGM’s operations but also put its customers’ data at risk. The attackers demanded a ransom in cryptocurrency for the release of encrypted data.

What Can We Learn?

1. Social Engineering is Effective: Vishing, as a form of social engineering, highlights the importance of human factors in cybersecurity. More than 90% of cyberattacks begin with some form of phishing, and vishing is particularly effective due to its personal touch. It serves as a reminder that even the best security systems can be compromised if the attackers exploit human vulnerabilities.

2. Use of Publicly Available Information: Attackers often use publicly available information, such as LinkedIn profiles, to impersonate employees and gain access to systems. Organizations and individuals must be cautious about the information they share online and be aware that attackers can use it against them.

3. Weak Verification Processes: Companies need to strengthen their verification processes to confirm the identity of individuals making sensitive requests over the phone. Inadequate verification methods make it easier for attackers to impersonate employees and gain access to valuable data.

4. Importance of Employee Training: Employee cybersecurity training should cover vishing attacks, just as it does for phishing. Awareness and education can help employees recognize and respond to suspicious phone calls effectively.

5. Set Up Multi-Factor Authentication (MFA): Implementing MFA adds an additional layer of protection to user accounts. Even if login credentials are compromised, MFA can prevent unauthorized access.

6. Regularly Monitor Your Accounts: Individuals affected by a data breach should regularly monitor their financial accounts and be vigilant for unusual charges. Additionally, consider freezing your credit to protect against identity theft.

The MGM cyberattack serves as a stark reminder that no organization is immune to cyber threats. By understanding the tactics used by cybercriminals and taking proactive steps to protect sensitive data, individuals and organizations can significantly reduce their risk of falling victim to attacks like vishing and ransomware. At the end of the day, cybersecurity awareness and readiness are essential to safeguarding our digital lives.

Reach Out To Us

Recent Posts

Schedule a Free Network Assessment

A network assessment is an in-depth analysis of your current IT infrastructure that provides you with a comprehensive understanding of your existing environment and recommends improvements such as network consolidation, simplification, or automation.

Learn More
With Accent, one email or call is enough to remove the burden of IT problems. The reachability and responsiveness of the staff continues to exceed expectations and the employees actually care about helping their clients (and do so with speed and effectiveness). Hire Accent, they’re excellent at meeting the needs of their clients with flexible service and most definitely worth the investment.
Jackson WertTrue North Strategic Advisors
We started using Accent Consulting for our IT needs this past year. Their professionalism and attention to details are excellent! I would recommend this company to anyone!
Dr. Loretta TaylorEvans, Taylor & Finney Eye Care
I want to thank the team at Accent Consulting for truly listening to my needs and developing a plan to address them. The new server migration was perfect!
Daniel PhillipsPhillips & Company CPA
They were very prompt and knowledgeable. They did great, answered my questions and dealt with my concerns. We will continue to do business with Accent Consulting.
JoAnn McElfreshJenkins Realtors, Inc.
These folks did a GREAT job setting up our dedicated fiber line! Very professional and efficient. Highly recommend this company for all your IT needs! We liked them so much we decided to give them all our business in the future.
Daniel LeensvaartSummers Plumbing, Heating & Cooling
Previous
Next