In September 2023, MGM Resorts and Hotels, a major player in the casino industry, fell victim to a highly orchestrated cyber attack. The attack, believed to be the work of a sophisticated malware-spreading group, caused significant disruption to the company’s operations. Two theories emerged regarding the identity of the attackers, with Reuters pointing fingers at a hacking consortium called “Scattered Spider,” while an anonymous source suggested the involvement of the infamous BlackCat Ransomware.
In response to the attack, MGM has involved law enforcement agencies, with the FBI leading the investigation. The incident remains shrouded in secrecy, but MGM has made it clear that they will not give in to the demands of the cyber criminals. This steadfast refusal demonstrates the company’s determination to combat cyber threats and protect its operations.
Another aspect of the attack is the use of a technique known as “Vishing” or Voice/VOIP Phishing. In this method, hackers exploit LinkedIn profiles to identify vulnerable employees, often managers, within the target organization. By posing as clients or business partners, the attackers manipulate their targets into revealing sensitive information such as banking credentials or account passwords. In the case of the MGM attack, the Alphv ransomware operatives used this technique to gain control over the company’s network.
The identity of the attackers remains unknown, but one alarming detail has emerged – the entire attack was executed through a ten-minute phone call. This highlights the audacity and sophistication of modern cyber threats, emphasizing the need for robust security measures and constant vigilance.
1. MGM Resorts and Hotels suffered a major cyber attack in September 2023.
2. Two theories suggest the involvement of different hacking groups in the attack.
3. Law enforcement agencies, led by the FBI, are investigating the incident.
4. MGM has refused to comply with the attackers’ demands.
5. The attack utilized a technique called “Vishing” to exploit vulnerable employees.
6. The entire attack was executed through a ten-minute phone call, highlighting the audacity and sophistication of modern cyber threats.