You are currently viewing The Human Hack Factor: A $100 Million Lesson from MGM Resorts’ Cyberattack
The Human Hack Factor: A $100 Million Lesson from MGM Resorts’ Cyberattack

The Human Hack Factor: A $100 Million Lesson from MGM Resorts’ Cyberattack

Mohammad Ashraful Islam - CEO Devs Core

Mohammad Ashraful Islam

7 Oct 2023

Linkedin Facebook Twitter

The Human Hack Factor: A $100 Million Lesson from MGM Resorts’ Cyberattack

Table of Contents:

I. The Attack

II. The Human Hack Factor

III. The Cost of the Attack

IV. Lessons Learned

V. Conclusion

In the digital age, cybersecurity is a top priority for businesses worldwide. However, even the most robust IT security measures can be undermined by a single human error. This was the harsh lesson learned by MGM Resorts, a prominent casino chain, when it fell victim to a cyberattack that cost an estimated $100 million1

The Attack

On September 10, MGM Resorts became aware of a “cybersecurity issue” affecting its systems1The attack disrupted operations across its Aria, Bellagio, and MGM Grand locations for about 10 days1Everything from hotel room digital keys to slot machines were affected1.

Cyberattack on MGM

The Human Hack Factor

The attackers, known as Scattered Spider, didn’t exploit a technical vulnerability in MGM’s systems12Instead, they used social engineering techniques to manipulate an MGM employee into providing them with access credentials12This method of attack, known as “vishing,” involves making a convincing phone call to gain access to systems12.

Scattered Spider is believed to have been founded in May 20222The group utilized SIM swap scams, multi-factor authentication fatigue attacks, and phishing by SMS and Telegram2They exploited the security bug CVE-2015-2291, a cybersecurity issue in Windows’ anti-DoS software2, to terminate security software, allowing the group to evade detection2.

In this case, Scattered Spider found an employee’s information on LinkedIn and impersonated them in a call to MGM’s IT help desk to obtain credentials to access and infect the systems12.

Tweet about MGM Hack

The Cost of the Attack

The cyberattack is estimated to have cost MGM Resorts around $100 million12This figure includes the direct costs of responding to the attack, potential loss of business, and other related expenses12.

Lessons Learned

This incident serves as a stark reminder of the importance of robust cybersecurity measures for all organizations. It also highlights the potential risks associated with social engineering attacks and the need for continuous vigilance and training to prevent such breaches.

Key takeaways include:

  • Human Factor: Even with strong IT security measures in place, human error can still lead to significant breaches.
  • Social Engineering: Techniques like vishing can be highly effective. Continuous training and awareness are crucial to mitigate these risks.
  • Publicly Available Information: Information shared online can be used by attackers. Employees should be cautious about what they share on platforms like LinkedIn.

Conclusion

The MGM Resorts cyberattack underscores that cybersecurity is not just about technology; it’s also about people. As business leaders, it’s crucial to invest in continuous training and awareness programs for employees to complement technical security measures. After all, in cybersecurity, the human factor can be both the weakest link and the strongest defense.

Tags: , ,

Leave a Reply