Safety Takeaways From MGM Resorts and Caesar’s Entertainment Cyberattacks

Your staff should be informed on social engineering of all forms. Vishing is not an aspect of the past, but still a huge threat today as we can see and learn from MGM Resorts and Caesar’s Entertainment cyberattacks.
Safety Takeaways From MGM Resorts and Caesar’s Entertainment Cyberattacks

Share this post

Choose a social network to share with.

This is a representation of how your post may appear on social media. The actual post will vary between social networks

A version of this article exists on rAVe [PUBS], written by @Paul Konikowski.

On Sept. 11, 2023, a number of MGM resorts and casinos were simultaneously disrupted by ransomware and data extortion attackers, costing the company $100 million, according to AP News. Caesar’s Entertainment was also attacked, which the Wall Street Journal reported resulted in the company paying roughly half of the $30 million demanded. 

The resorts and casinos were attacked by the Scattered Spider, aka Roasted 0ktapus, aka Muddled Libra, part of the larger ALPHV ransomware group, BlackCat. No, this is not another “Oceans…[number]” film or animated action hero comic book movie. This is Cybersecurity Awareness 101. Take out your pens and pencils, and let’s get started.

According to the cyberattackers, they initially gained access to the MGM computer networks by misleading the IT help desk personnel into resetting their passwords. They did this by looking up an MGM employee on LinkedIn and then calling the help desk asking for a password reset. The initial attack vector had nothing to do with artificial intelligence; it was a basic social engineering attack over the telephone.

It is important to train your staff to be competent using the telephone, even if they “don’t like phone calls.” They need to be able to detect social engineering of all forms, not just email phishing scams. Users need to know about phone phishing scams, vishing, and social engineering using text messages, which is known as SMS phishing or smishing.

Vishing, or voice phishing, is a form of attack that attempts to trick victims into giving up sensitive personal information over the phone. And it can happen to anyone, so it is important to be aware of them. Vishing is not an aspect of the past, but still a huge threat today. Learn more by watching this video here.  

Interested in more tips on how to develop a strong cybersecurity and privacy learning program that keeps your staff vigilant about social engineering scams? Read the rest of Konikowski's article here

Please sign in

If you are a registered user on AVIXA Xchange, please sign in

Go to the profile of Paul Konikowski
7 months ago

Thank you for cross-posting this @Iulia Popescu look for a follow-up article soon 

Go to the profile of Iulia Popescu - AVIXA
7 months ago

Super informative content! Can't wait to see what you write about next @Paul Konikowski