Need The Best IT Services?

Call Us Today!

(719) 355-2440

MGM’s Cyber Attack Exposed: A Deep Dive into the World of Social Engineering and Protective Measures

In the evolving landscape of cyber threats, a silent menace is increasingly impacting organizations, catching them off-guard and compromising their security. This menace isn’t a sophisticated malware or a hidden exploit—it’s social engineering. The recent cyber attack on MGM offers a glaring case in point, shedding light on how a seemingly simple trick could cripple even the giants in the industry.

Hear From Our
Happy Clients

Read Our Reviews
Read Reviews about Colorado Computer Support

MGM’s Cyber Attack: Unmasking the Modus Operandi

MGM Resorts, a global powerhouse in the hospitality sector, recently witnessed a significant breach in its cyber defense. The perpetrators, cunningly enough, did not resort to conventional hacking techniques. Instead, they exploited a more human-centric approach: social engineering.

Having identified an MGM Resorts employee on the popular professional networking platform LinkedIn, these hackers masterfully impersonated the employee. This allowed them to make a direct call to the organization’s service desk, posing as the victim and requesting access to their account. And just like that, in a matter of minutes, MGM’s global operations were vulnerable.

Understanding Social Engineering

Webroot defines social engineering as “the art of manipulating people so they give up confidential information.” While there are myriad types of social engineering tactics employed by hackers, one particularly susceptible area is the helpdesk. Technicians manning the helpdesk, primarily trained to assist users, often become unsuspecting victims of these manipulative tactics. In MGM’s case, it was this very vulnerability that was exploited.

YouTube video

The Advent of AI and Voice Spoofing

As we delve deeper into the 21st century, technology continues to advance at an unprecedented rate, and with it, the tools available to cyber criminals. AI and voice spoofing are among the new-age threats to reckon with. It’s now increasingly feasible to replicate someone’s voice, opening avenues for deceit that were hitherto unimaginable.

For organizations, this underscores the pressing need for robust verification systems. Two-factor authentication, SMS text verification, and personalized questions and answers can act as effective buffers against potential scams. MGM’s incident stands as a stern reminder of the importance of these preventive measures.

Empower Your IT Service Desk

Merely having protective measures in place isn’t enough. The MGM episode highlights the critical importance of adequately training IT service desks and end users. Implementing a standardized operating procedure (SOP) tailored to preempt social engineering attacks can significantly mitigate risks.

Spotlight on CyberQP

In the backdrop of such incidents, companies like CyberQP are pioneering solutions for Managed Service Providers (MSPs). As a leader in Privileged Access Management and Helpdesk Security Automation, CyberQP’s recent innovation is noteworthy. The company has introduced Just-in-Time (JIT) privileged account creation for Active Directory.

This state-of-the-art feature equips CyberQP’s partners with the power to grant and revoke privileged access temporarily. Consequently, MSPs can minimize the exposure of their privileged accounts, keep insider threats at bay, and bolster their positioning for co-managed IT agreements. CyberQP’s insightful blog and webinar delve deeper into the intricacies of creating these accounts and passwords, ensuring technicians have them precisely when needed.


The MGM cyber attack serves as a potent testament to the evolving nature of cyber threats. Organizations must fortify their human firewalls in an age where hackers are innovatively bypassing complex cyber defenses. By recognizing the vulnerabilities, investing in robust verification systems, and aligning with pioneering solutions like those offered by CyberQP, businesses can navigate these treacherous cyber waters confidently.

Searching For A Reliable Technology Service and IT Management Team?

Connect With CCS To Schedule An Initial Consultation
You consent to receive text communication from Colorado Computer Support by entering your phone number. Rates and terms may apply—text STOP to opt-out.

Latest Blog Posts

How To Permanently Delete Your Data
How To Permanently Delete Your Data

Working with attorneys recently, I found out about the importance of [...]

Read More
How To Create QR Codes With Ease
How To Create QR Codes With Ease

Learn how to create QR codes effortlessly with our step-by-step guide. [...]

Read More
Maybe QR Codes Are Not That Safe After All
Maybe QR Codes Are Not That Safe After All

Discover the hidden risks of QR codes in our latest article, "Maybe QR [...]

Read More
Read The CCS Tech Blog

Certified and Verified Service-Disabled Veteran-Owned Small Business (SDVOSB)

Colorado Computer Support is a local IT company certified and verified service-disabled veteran-owned Small Business. When you use our IT services, you can be confident that you are dealing with a company owned by a disabled veteran and that they will be able to provide you with the best possible IT support.