From the original Ocean’s Eleven with the Rat Pack to the theme of Andy’s book in Funny Farm (an underrated Chevy Chase film btw), all men have dreamt of knocking over a casino with their buddies at some point. For most, this never surpasses being an intrusive thought or maybe a fantasy amplified by some alcohol. Nevertheless, it just isn’t done and isn’t a huge concern here in the US.
Now according to a report published on X (aka Twitter), ransomware tracker vx-underground unearthed evidence about the latest attack on MGM, and how they got there was incredibly simple. “All ALPHV ransomware group did to compromise MGM Resorts was hop on LinkedIn, find an employee, then call the Help Desk.”
Allegedly based in Russia, ALPHV caused major panic at MGM properties. On September 10th, slot machines were reported as not functioning, and outages across various equipment on the property were not working. First openly acknowledged by MGM on September 20th, they claimed things were back up and running but still were experiencing some intermittent issues.
Doing this kind of damage in a 20-minute phone call is disturbing. With security experts forecasting the rise in these kinds of incidents, there is a single reason. The demise of corporate security is coming from social media. Just like people can find old friends on Facebook, hackers and criminals can search profiles on LinkedIn to find credentials.
Similar attacks have happened to other casinos in recent months. As NBC Chicago reported, back in early September, Caesars Entertainment handed over $15 million to Scattered Spider, who had initially demanded $30 million to stop their hacking. While ransoms like these may sound exceptionally high, with the amount of information, data, and finances that can be compromised, it’s a drop in the bucket.
Now just to reach out and touch somebody.