Loading

wait a moment

Hackers Claim a 10-Minute Conversation Led to MGM Resorts Breach

The ransomware group behind the MGM Resorts breach has taken to X to say it took a mere 10-minute conversation to breach the company.

MGM made headlines this week when a massive breach crippled the company, with ATMs, digital room keys, and slot machines not working. According to the ALPHV hackers, it wasn’t some complicated cyberattack that brought down the company but a mere 10 minutes of social engineering:

All ALPHV ransomware group did to compromise MGM Resorts was hop on LinkedIn, find an employee, then call the Help Desk.

A company valued at $33,900,000,000 was defeated by a 10-minute conversation.

vx-underground (@vxunderground) — September 12, 2023

ALPHV says they do not expect MGM to pay the ransom.

Interestingly, the hackers say that it was a specialized subgroup of ALPHV that are experts at social engineering that pulled off the breach:

No, this isn’t an attempt to screw anyone over. This particular subgroup of ALPHV ransomware has established a reputation of being remarkably gifted at social engineering for initial access.

It isn’t really a surprise ALPHV (or the subgroup) is behind this attack.

This breach illustrates the importance of training employees how to recognize and properly respond to social engineering efforts. Security experts have long maintained that the human element is often the weakest link in the cybersecurity chain, and MGM Resorts just proved that true.