Send a message
Careers
Would you like to join our growing team?
careers@email.com
Consulting
We’ll figure out the best option for you.
connect@email.com
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
close icon
Cybersecurity
Information Technology
Data Management
Awareness Training

When a (Social Engineering) Stranger Calls: Unpacking the MGM Hack

The call is coming from inside the casino! Well, not really.

MGM recently made headlines for one of the more sweeping ransomware attacks we have seen in recent days, taking a total of 10 days to recover regular function. The attack shut down everything from room keys to slot machines, forcing the hotel chain to go mostly analog while addressing the issues.

The source of the attack? If we believe the words of the proclaimed hackers: a single phone call. According to reporting from Vox, “it appears that the hackers found an employee’s information on LinkedIn and impersonated them in a call to MGM’s IT help desk to obtain credentials to access and infect the systems.” This information is corroborated with public statements from Okta who claim upticks in social engineering hacks. 

A note on Social Engineering. For those wondering, social engineering is a manipulative technique where attackers exploit human psychology to trick individuals or employees into revealing confidential information, performing actions, or making security errors, often through deceptive emails, phone calls, or in-person interactions. It doesn't rely on technical vulnerabilities but on psychological manipulation to gain unauthorized access or information.

The biggest take home lesson from the MGM hack that we can share is how important every individual is to your overall cybersecurity. Ensuring that employees have proper training of how to spot potential malicious actors or report questionable activity. This also includes the requisite work environment that empowers employees to feel comfortable raising these concerns and providing them with the appropriate tools and resources.

Working with your IT group or MSP to institute security awareness training and making such conversations the forefront of interacting with people across your organization can go a long way to improving your cybersecurity. 


Sources:

https://www.vox.com/technology/2023/9/15/23875113/mgm-hack-casino-vishing-cybersecurity-ransomware

https://thenewstack.io/mgm-hack-analysis-security-still-a-test-of-your-weakest-link/

https://www.reuters.com/technology/hackers-who-breached-casino-giants-mgm-caesars-also-hit-3-other-firms-okta-says-2023-09-19/

Cybersecurity
Information Technology
Data Management
Awareness Training
Category
Support and Best Practices
Virtualization
Emerging Technology
Hardware/Software Solutions
Infrastructure
IT Management
Networks
Security
Recent
May 2, 2024
By
Stratus Services
5 Indicators It's Time to Hire an MSP for IT Management?
Apr 16, 2024
By
Stratus Services
Protecting Your Company's Data in the Age of Generative AI
Feb 10, 2024
By
Stratus Services
Update Your Password Policy
Feb 6, 2024
By
Stratus Services
Perform a Cyberhealth Check-up in 9 Easy Steps
Tags
Information Technology
Video
Cybersecurity
Cloud Computing
Virtualization
Data Management
CMMC
A/V
Awareness Training
Backups
Infrastructure Design
Compliance
AI and Machine Learning
Desktop Support