Vishing, a fusion of “voice” and “phishing,” represents a sophisticated social engineering tactic that leverages telephonic communication to extract sensitive personal or administrative information. Though not a novel concept, historical instances underscore the enduring efficacy of vishing in breaching security barriers.
MGM Cyber Attack Analysis
Against the backdrop of historical precedents, the MGM Resorts cyberattack in September 2023, orchestrated by the Scattered Spider group utilizing ALPHV/BlackCat ransomware, stands out as a poignant example. Employing vishing as a pivotal element, the assailants adeptly simulated an MGM employee during a call to the IT help desk, successfully obtaining credentials that were then used to disrupt critical services such as card payments, knock out reservations sites, shut down ATMs and locked guests out of their hotel rooms. The ensuing compromise of customer data prompted MGM Resorts to implement comprehensive measures, including free credit monitoring.
