MGM’s Recent Cybersecurity Breach: A Cautionary Tale on Social Engineering and Malware
November 3, 2023

MGM’s Recent Cybersecurity Breach: A Cautionary Tale on Social Engineering and Malware

Source: Vox

Recent headlines have been dominated by the massive cybersecurity breach faced by the iconic casino and hospitality giant, MGM Resorts. This incident isn’t just another entry in the long list of corporate hackings; it shines a light on the evolving tactics used by cybercriminals. In MGM’s case, a combination of social engineering and malware was employed, demonstrating the sophisticated nature of modern threats. Companies must remain vigilant, understand the risks, and adopt robust countermeasures. Let’s dive in.

MGM’s Tryst with Cybercrime

The perpetrators initiated their attack through vishing, a type of social engineering where fraudulent phone calls are made to trick individuals into disclosing personal information. In MGM’s incident, as reported by Vox, attackers posing as IT personnel convinced an unsuspecting employee to divulge sensitive data. This data access was then leveraged to infiltrate the company’s systems and deploy ransomware, crippling its operations and causing significant financial and reputational damage.

The Rise of Hybrid Threats

MGM’s experience underscores a disturbing trend in cybercrime: the blending of various attack methodologies to exploit multiple vulnerabilities. While malware like ransomware is a well-known threat, combining it with persuasive social engineering tactics creates a more potent mix. This hybrid approach catches victims off-guard, as they might be prepared for one type of threat but not the combination.

Safeguarding Against Modern Cyber Threats

Companies need to be proactive to shield themselves from these evolving cyber threats. Here are some steps businesses can take:
Employee Training: Awareness is the first line of defense. Regular training sessions should be conducted to educate employees about the latest threats, especially vishing. They should be trained to be skeptical of unsolicited communications and to verify identities before sharing sensitive information.
Multi-Factor Authentication (MFA): Deploy MFA across all access points. Even if login credentials are compromised, MFA can provide an additional layer of security.
Regular Backups: Ensure that company data is backed up regularly. In the event of a ransomware attack, having access to backups can reduce the impact.
Update & Patch: Regularly update and patch all systems. Outdated software can be a gateway for malware.
Incident Response Plan: Create a robust incident response plan. In case of a breach, knowing the steps to take can mitigate damage.
Invest in Cybersecurity Tools: Employ advanced cybersecurity tools that offer real-time monitoring, threat detection, and immediate response capabilities.
Segmentation: Segment your networks. Ensure that if one part is compromised, the attackers can’t easily move to other sections.
Vendor Risk Management: Regularly assess the security protocols of third-party vendors. A vulnerability in their systems could be exploited to gain access to yours. (This was particularly important in this hacking incident)

DOF’s Thoughts

MGM’s unfortunate incident serves as a wake-up call for businesses globally. In an era where cyber threats are ever-evolving, companies must stay a step ahead. This involves understanding the threats, investing in robust cybersecurity measures, and fostering a culture of continuous learning and vigilance. Only then can we hope to safeguard our digital futures.

Please contact DOF today if you feel your organization is in need of robust cybersecurity solutions that are tailored to all industries. We specialize in implementing software and working with organizations’ employees to ensure that your data and systems are safeguarded at all times. Reach out today for a consultation.