What does the MGM casino cyberattack mean to you?
By Greg Collier
When we think of someone stealing from a casino, we may think of someone cheating at the tables. Or we may think of one of the famous heist movies like Ocean’s Eleven, whether it’s the Frank Sinatra or the George Clooney version. What we probably don’t think about is a chain of Las Vegas casinos being held hostage by hackers after a ten-minute phone call. Unfortunately, that’s what appears to have happened to the casinos owned by MGM Resorts this past week.
While MGM themselves are being tight-lipped about the situation, it seems that a hacker collective found an upper management employee of MGM Resorts on LinkedIn. The hackers then posed as this employee and called MGM’s IT help desk. While speaking with the person at the help desk for only ten minutes, the hackers were able to obtain the information needed to access MGM Resorts’ internal computer systems.
Once the hackers had the keys to the kingdom, so to speak, they infected MGM’s systems with ransomware. For the next few days, MGM Resorts had to shut down many of its systems, which greatly affected their business. Slot machines were inoperable, and the hotels could not issue electronic room keys to guests, just to name a few of the problems. The casinos even had to revert to giving out handwritten receipts to some of its winners.
MGM has stated they will not give in to the hackers’ demands.
So what does MGM’s trouble’s mean to the average consumer? Well, this kind of impersonation attack is known as social engineering and can be used in a multitude of scams. Social engineering is a form of manipulation and psychological persuasion that is often used for malicious purposes. It involves exploiting human psychology and social interactions to trick individuals or groups into divulging confidential information, granting access to restricted areas, or performing actions that may compromise security.
If social engineering can be used against a multi-billion dollar corporation, it can be used and be successful against anyone. Protecting oneself from social engineering attacks involves a combination of awareness, skepticism, and proactive measures.
Always verify requests for sensitive information, access, or actions, especially if they come via email, phone calls, or in-person interactions. Use trusted contact information to confirm the legitimacy of the request with the supposed authority or organization.
Be cautious of unsolicited communications from unknown or unexpected sources. Verify the identity of the person or organization before sharing sensitive information or complying with their requests.
By adopting these practices and fostering a security-conscious mindset, individuals can significantly reduce their vulnerability to social engineering attacks and help protect their personal and organizational assets.
Leave a Reply