Prominent casino chain MGM Resorts recently fell victim to a cyberattack, resulting in the temporary shutdown of several of its systems. Reports are suggesting that the attack may have started with a phone call made by the hackers themselves. The company’s systems, including hotel room digital keys and slot machines, were reportedly affected by the breach.
The hackers responsible for this breach are believed to be a notorious group known as Scattered Spider, specialists in the field of social engineering. It is alleged that the group impersonated a legitimate MGM employee during a phone call to the company’s IT help desk, managing to obtain necessary credentials and gain unauthorized access to the systems.
Demanding a ransom payment in cryptocurrency, the hackers are currently holding the stolen and encrypted data at ransom. This unfortunate incident comes as another casino chain, Caesars Entertainment, experienced a cyberattack around the same time. It appears that both attacks exploited a technique called “vishing,” a form of social engineering that exploits human vulnerabilities.
Vishing attacks, which involve phone calls, have proven to be three times more effective than targeted phishing attacks without phone calls. Unfortunately, many companies tend to overlook vishing in their employee cybersecurity training, leaving them susceptible to such attacks.
In light of this incident, it is crucial for individuals to exercise caution when it comes to sharing personal information and engaging with unknown individuals. It is also important to verify the identity of individuals before providing any sensitive details. MGM customers are advised to carefully review their bank statements, be cautious of any suspicious emails claiming to be from MGM, and consider freezing their credit to prevent any potential identity theft.
As cybersecurity threats continue to evolve, organizations and individuals must remain vigilant and prioritize comprehensive cybersecurity training to protect sensitive data and mitigate the risks associated with cyberattacks. The MGM Resorts incident serves as a reminder of the importance of proactive measures in safeguarding against such malicious activities.