How Financial Institutions Can Combat AI-Deepfake Fraud

Nov 25, 2024

In 2023, MGM Resorts, one of the largest hotel chains in the world, faced one of the most significant ransomware attacks in its history. Customers were being checked in on paper via clipboards, and in some cases, lights wouldn’t turn on from in-room systems being crippled. All in all, the attack cost MGM roughly $100 Million, with much more non-quantitative costs. 

The fascinating aspect of this breach was its origin—a simple vishing (voice phishing) attack, which commonly refers to tricking a user into providing confidential organizational information via a phone call. In terms of the MGM attack, a hacker impersonated an employee and made a call into IT help desk in order to get a password reset. This provided the hacker access to an Okta account with admin privileges. The rest is history. 

The incident highlights a critical vulnerability for many organizations: the lack of sufficient cybersecurity voice protection. In this blog, we will delve into the MGM Resort Attack and how your organization can set up a proper vishing defense. 

Step-by-Step Breakdown of the Vishing Attack on MGM Resorts

To kick things off, let’s dig into what we know about the MGM attack. For those unfamiliar, MGM Resorts is one of the largest hotel chains in the world, primarily based out of Las Vegas, Nevada. This particular attack affected their 12 locations on the Las Vegas Strip which includes the MGM Grand, Park MGM Hotel, Aria, Bellagio, and more. From the research we’ve done, let’s look at the steps hackers took in more detail. 

  1. Reconnaissance: Similar to the start of many cyber attacks, the hackers performed recon to understand what vulnerabilities they could exploit. Social engineering attacks are one of the most common tactics involving tricking a user into providing sensitive information. 

  2. The Vish: Once enough information was gathered, the attackers identified the account they were going after. They called IT Help Desk to perform a password & MFA reset to gain access to an Okta Admin account. They had the employee's general information to get past basic security questions. 

  3. Launching the Ransomware Attack: Once inside the network, attackers could easily move laterally within the business and deploy ransomware. 

The interesting thing about this vulnerability is that it only took 2 steps to gain access to the business. Most companies deploy detection and response capabilities at the perimeter of firewalls, email, or authentication, however across voice phishing, there aren’t many (if any) solutions that help understand and protect against vishing. 

How Voice Phishing (Vishing) Led to a Ransomware Attack

Vishing involves using social engineering techniques over the phone to manipulate a target into providing sensitive information or granting access to secure systems. The MGM Resorts case shows how a vishing attack, when executed strategically, can give attackers enough leverage to infiltrate and disable a large organization’s infrastructure.

In MGM’s case, attackers targeted an MGM employee who held access to the internal systems. Through a series of calculated phone calls, they manipulated the employee into revealing information that allowed them to bypass security protocols. Once inside, they quickly escalated access, moving laterally within MGM’s network and eventually executing ransomware to lock the organization out of its systems. This attack is a powerful example of how voice phishing can have a ripple effect, leading to massive disruptions and substantial financial losses.

Why Traditional Security Measures Are Not Enough

Many organizations, including MGM, rely on traditional security practices such as password protection, firewalls, and antivirus software. However, these measures are rarely enough to counter a voice phishing attack. Vishing attacks exploit human psychology, preying on employees' trust, empathy, or fear to manipulate them into unwittingly compromising security.

Organizations often lack dedicated cybersecurity voice protection solutions that could prevent vishing attacks. Without tools specifically designed to detect voice phishing, it’s challenging to monitor and control how employees respond to unknown callers. This lack of cybersecurity voice protection leaves organizations vulnerable to social engineering attacks, which can lead to severe consequences like ransomware.

How an Organization Can Stop Voice Phishing Attacks

Given the growing threat of vishing attacks, it’s crucial for organizations to adopt strategies that help prevent these incidents:

  1. Employee Training and Awareness: Training employees to recognize voice phishing techniques is a first line of defense. Employees should know how to identify suspicious requests and be empowered to verify a caller’s identity before providing any information.

  2. Multi-Factor Authentication (MFA): MFA adds an additional layer of security that can mitigate the impact of compromised login credentials. Even if an attacker gains access to a password, MFA can prevent unauthorized access.

  3. Implementing Cybersecurity Voice Protection Technology: Specialized voice authentication and AI-driven monitoring systems can help detect unusual caller behavior, identify suspicious voice patterns, and flag potential phishing attempts. These technologies can monitor call patterns and highlight anomalies, making it harder for attackers to exploit human vulnerabilities.

  4. Zero-Trust Framework: Adopting a zero-trust approach means that every access request, even from trusted internal sources, requires verification. This framework reduces the risk of attackers gaining access to sensitive systems through social engineering.

Ransomware with Voice Phishing: The Ripple Effect of a Simple Call

The MGM Resorts attack illustrates how a single voice phishing attempt can escalate into a ransomware attack, affecting not only the target organization but also its clients, partners, and reputation. Vishing has become a preferred technique for attackers because it’s low-cost and relatively simple to execute, yet it can yield devastating results.

As voice phishing continues to evolve, especially with potential enhancements through AI, the risks will only grow. It is critical that companies prepare themselves with a strong cybersecurity voice protection strategy and recognize the importance of safeguarding their systems from voice-based threats.


Strengthening Vishing Defense

The MGM Resorts attack is a stark reminder of how vulnerable organizations are to voice phishing attacks. Through a series of simple calls, attackers turned a vishing attempt into a large-scale ransomware operation that continues to impact MGM today. This incident shows why traditional defenses alone are insufficient. Organizations must take proactive steps to educate employees, enforce strong verification processes, and adopt advanced cybersecurity voice protection solutions.

In an era where a single voice phishing attack can lead to severe consequences, organizations need to stay vigilant and adaptive. MGM’s experience should be a wake-up call for businesses everywhere to assess their vulnerabilities and prioritize comprehensive voice phishing defenses.

In 2023, MGM Resorts, one of the largest hotel chains in the world, faced one of the most significant ransomware attacks in its history. Customers were being checked in on paper via clipboards, and in some cases, lights wouldn’t turn on from in-room systems being crippled. All in all, the attack cost MGM roughly $100 Million, with much more non-quantitative costs. 

The fascinating aspect of this breach was its origin—a simple vishing (voice phishing) attack, which commonly refers to tricking a user into providing confidential organizational information via a phone call. In terms of the MGM attack, a hacker impersonated an employee and made a call into IT help desk in order to get a password reset. This provided the hacker access to an Okta account with admin privileges. The rest is history. 

The incident highlights a critical vulnerability for many organizations: the lack of sufficient cybersecurity voice protection. In this blog, we will delve into the MGM Resort Attack and how your organization can set up a proper vishing defense. 

Step-by-Step Breakdown of the Vishing Attack on MGM Resorts

To kick things off, let’s dig into what we know about the MGM attack. For those unfamiliar, MGM Resorts is one of the largest hotel chains in the world, primarily based out of Las Vegas, Nevada. This particular attack affected their 12 locations on the Las Vegas Strip which includes the MGM Grand, Park MGM Hotel, Aria, Bellagio, and more. From the research we’ve done, let’s look at the steps hackers took in more detail. 

  1. Reconnaissance: Similar to the start of many cyber attacks, the hackers performed recon to understand what vulnerabilities they could exploit. Social engineering attacks are one of the most common tactics involving tricking a user into providing sensitive information. 

  2. The Vish: Once enough information was gathered, the attackers identified the account they were going after. They called IT Help Desk to perform a password & MFA reset to gain access to an Okta Admin account. They had the employee's general information to get past basic security questions. 

  3. Launching the Ransomware Attack: Once inside the network, attackers could easily move laterally within the business and deploy ransomware. 

The interesting thing about this vulnerability is that it only took 2 steps to gain access to the business. Most companies deploy detection and response capabilities at the perimeter of firewalls, email, or authentication, however across voice phishing, there aren’t many (if any) solutions that help understand and protect against vishing. 

How Voice Phishing (Vishing) Led to a Ransomware Attack

Vishing involves using social engineering techniques over the phone to manipulate a target into providing sensitive information or granting access to secure systems. The MGM Resorts case shows how a vishing attack, when executed strategically, can give attackers enough leverage to infiltrate and disable a large organization’s infrastructure.

In MGM’s case, attackers targeted an MGM employee who held access to the internal systems. Through a series of calculated phone calls, they manipulated the employee into revealing information that allowed them to bypass security protocols. Once inside, they quickly escalated access, moving laterally within MGM’s network and eventually executing ransomware to lock the organization out of its systems. This attack is a powerful example of how voice phishing can have a ripple effect, leading to massive disruptions and substantial financial losses.

Why Traditional Security Measures Are Not Enough

Many organizations, including MGM, rely on traditional security practices such as password protection, firewalls, and antivirus software. However, these measures are rarely enough to counter a voice phishing attack. Vishing attacks exploit human psychology, preying on employees' trust, empathy, or fear to manipulate them into unwittingly compromising security.

Organizations often lack dedicated cybersecurity voice protection solutions that could prevent vishing attacks. Without tools specifically designed to detect voice phishing, it’s challenging to monitor and control how employees respond to unknown callers. This lack of cybersecurity voice protection leaves organizations vulnerable to social engineering attacks, which can lead to severe consequences like ransomware.

How an Organization Can Stop Voice Phishing Attacks

Given the growing threat of vishing attacks, it’s crucial for organizations to adopt strategies that help prevent these incidents:

  1. Employee Training and Awareness: Training employees to recognize voice phishing techniques is a first line of defense. Employees should know how to identify suspicious requests and be empowered to verify a caller’s identity before providing any information.

  2. Multi-Factor Authentication (MFA): MFA adds an additional layer of security that can mitigate the impact of compromised login credentials. Even if an attacker gains access to a password, MFA can prevent unauthorized access.

  3. Implementing Cybersecurity Voice Protection Technology: Specialized voice authentication and AI-driven monitoring systems can help detect unusual caller behavior, identify suspicious voice patterns, and flag potential phishing attempts. These technologies can monitor call patterns and highlight anomalies, making it harder for attackers to exploit human vulnerabilities.

  4. Zero-Trust Framework: Adopting a zero-trust approach means that every access request, even from trusted internal sources, requires verification. This framework reduces the risk of attackers gaining access to sensitive systems through social engineering.

Ransomware with Voice Phishing: The Ripple Effect of a Simple Call

The MGM Resorts attack illustrates how a single voice phishing attempt can escalate into a ransomware attack, affecting not only the target organization but also its clients, partners, and reputation. Vishing has become a preferred technique for attackers because it’s low-cost and relatively simple to execute, yet it can yield devastating results.

As voice phishing continues to evolve, especially with potential enhancements through AI, the risks will only grow. It is critical that companies prepare themselves with a strong cybersecurity voice protection strategy and recognize the importance of safeguarding their systems from voice-based threats.


Strengthening Vishing Defense

The MGM Resorts attack is a stark reminder of how vulnerable organizations are to voice phishing attacks. Through a series of simple calls, attackers turned a vishing attempt into a large-scale ransomware operation that continues to impact MGM today. This incident shows why traditional defenses alone are insufficient. Organizations must take proactive steps to educate employees, enforce strong verification processes, and adopt advanced cybersecurity voice protection solutions.

In an era where a single voice phishing attack can lead to severe consequences, organizations need to stay vigilant and adaptive. MGM’s experience should be a wake-up call for businesses everywhere to assess their vulnerabilities and prioritize comprehensive voice phishing defenses.

Herd Security | Copyright© 2024

Herd Security | Copyright© 2024