https://qz.com/young-hackers-are-sticking-up-las-vegas-casinos-for-hef-1850837238
“With MGM, a short telephonic exchange and some collaboration with a ransomware-as-a-service group called ALPHV, also known as BlackCat, was all it took. In April 2022, America’s cyber defense agency issued an alert noting that ALPHV had “compromised at least 60 entities worldwide.”
“All ALPHV ransomware group did to compromise MGM Resorts was hop on LinkedIn, find an employee, then call the Help Desk,” VX-Underground, a malware research group, posted on X. “A company valued at $33,900,000,000 was defeated by a 10-minute conversation.”
The white-hat hacker Rachel Tobac, who uses similar attack methods in her work by posing as an internal teammate, wrote on LinkedIn that organizations are less equipped to deal with phone-based attacks than email. It works for three reasons, according to Tobac: “lack of verification protocols, easy spoofing, compensation tied to how fast they handle requests.”
WearyTravelers.net 