The attackers simply combined the art of social engineering with the treasure trove of information available on platforms like LinkedIn. An MGM employee's details, casually shared on LinkedIn, became the blueprint for a vishing attack. A call was made to the MGM help desk, mimicking this employee, a password reset was requested, and just like that, the gates were thrown open. In the ensuing chaos, ATMs, slot machines, key cards, and even room lights malfunctioned.

The attackers, identified as a part of the ALPHV group (or perhaps the youthful 'Scattered Spider' group), left no stone unturned, ensuring that gamblers couldn't gamble, and hotel guests were left stranded.

Intriguingly, this isn't an isolated incident. Since August, according to David Bradbury, Chief Security Officer at Okta, both ALPHV and Scattered Spider have victimized five companies, including the likes of MGM and Caesars.

With ransomware attacks becoming increasingly prevalent, simply paying off the attackers isn't a viable solution. The FBI consistently warns against such actions, as they further embolden cybercriminals. The need of the hour is robust prevention, which goes beyond mere technical measures.

Attachments

Disclaimer

FastPassCorp A/S published this content on 21 September 2023 and is solely responsible for the information contained therein. Distributed by Public, unedited and unaltered, on 22 September 2023 13:31:07 UTC.