Social Engineering and the MGM Grand: What we can learn

DKB Security Operations

3 Min Read

Hackers exploited the MGM Grand in Las Vegas, and it has disabled several systems.

What happened?

Hackers recently exploited the MGM Grand in Las Vegas, shedding light on the growing threat of social engineering in cybersecurity. In a stunning turn of events, the ransomware group ALPHV, also known as BlackCat, managed to infiltrate MGM Grand's systems within minutes, causing widespread chaos across MGM Resorts International properties in the United States. As the FBI launches an investigation into this ongoing incident, the severity of the cyberattack serves as a stark reminder of organizations' vulnerability to social engineering tactics.

According to reports, ALPHV initiated the attack by accessing LinkedIn to identify an employee and then made a phone call to the company's Help Desk. In a remarkably short 10-minute conversation, the attackers were able to manipulate their way past security measures, effectively compromising the systems of a company valued at $33.9 billion. This incident highlights organizations' vulnerability to social engineering tactics and the need for robust cybersecurity measures to safeguard against such attacks.

How to Protect Your Company

While the MGM Grand is not releasing details while they investigate, the results we can see very clearly highlight the dangers of social engineering. There are things you can do to throw roadblocks into the path of social engineers.

  1. Employee Training and Awareness: Regularly educate your employees about social engineering tactics and the importance of not sharing sensitive information or clicking on suspicious links in emails or messages. Conduct phishing awareness training to help them recognize potential threats.

  2. Verify Requests: Encourage a culture of verification within your organization—instruct employees to verify the identity and legitimacy of individuals requesting sensitive information or access. Use established communication channels to confirm requests.

  3. Implement Strong Access Controls: Restrict access to sensitive systems and data to only those who require it for their roles. Implement robust authentication methods like two-factor authentication (2FA) to enhance security.

  4. Use Email and Web Filters: Employ email and web filtering solutions to detect and block phishing emails, malicious attachments, and suspicious websites. These tools can significantly reduce the exposure to social engineering attempts.

  5. Regular Software Updates and Patching: Keep all software, including operating systems and applications, updated with the latest security patches. Attackers in social engineering attacks can exploit vulnerabilities in outdated software.

In the wake of the recent cyberattack on MGM Grand casinos, where social engineering tactics were used to compromise a multibillion-dollar corporation, the imperative of cybersecurity becomes crystal clear. As businesses navigate the ever-evolving digital landscape, the lessons from this incident underscore the need for unwavering vigilance. While MGM Resorts continues its investigation, organizations can proactively fortify their defenses against social engineering. Prioritizing employee training, fostering a culture of verification, enforcing robust access controls, implementing email and web filters, and maintaining up-to-date software are critical defenses. In today's heightened cyber threat environment, these strategies safeguard assets and data, bolster cybersecurity, and inspire trust.

DKBinnovative is here to help.

Our cybersecurity teams provide 24/7/365 monitoring while helping your employees learn about social engineering and other threats through comprehensive employee education. Are you ready to protect your company? We would love to talk about cybersecurity with you.

Previous Blog

Next Blog

Leave Your Thoughts

Insights

Feature Blogs

What is Cyber Security Insurance? Cyber security insurance is a policy designed to help...

Overview of Managed Cloud Services In today's fast-paced digital world, businesses are...

Press Release from Channel Futures MSP "And the Winner is... DKB Innovative! Rated the...

Let's Connect

Ask Us Anything Or Just Say Hi...