LinkedIn Accounts Used for MGM Grand Malware Attack – and you could be next
All it took to hack MGM Resorts was a quick jump onto LinkedIn, search for user profiles, gather the public information shared by MGM employees, then call the Help Desk.
Hackers don’t hack, hackers log-in. 10 minutes. Yes 10 minutes is all it took for the #ALPHVransomwaregroup to expose the vulnerability that lies within human interactions. The ALPHV ransomware group managed to compromise #MGM Resorts by leveraging Linkedln to identify an employee and then simply contact the Help Desk. With their target identified, the hackers use the art of human intelligence. In just a brief 10-minute conversation, no not by going all out on terminal and their keyboard… they crushed MGM. This incident serves as a stark reminder that human interaction remains a potent vulnerability. No matter how robust the technical defenses, a single moment of trust can lead to catastrophic consequences.
The MGM attackers claimed they used one of the easiest ways to breach/ransom a company, a method often used in hacking: 1. Look up who works at a org on LinkedIn 2. Call Help Desk (spoof phone number of person being impersonated) 3. Hacker tells Help Desk they lost access to work account & needs help getting back in.
Reputational risks: If your account is hacked or compromised, a hacker could post information on your behalf, which could damage your reputation. Data sharing: Because LinkedIn is owned by Microsoft, your information could be shared across dozens of platforms without you necessarily realizing it.
VITC recommends that you consider the benefits you and your staff are getting with LinkedIn and determine if the risks are worth the rewards. If you need LinkedIn, we recommend that you have a corporate policy that defines the requirements of using a LinkedIn account for business- MFA, limited information, or perhaps a generic business account for your organization. If you do not need your LinkedIn account, you can delete it by following the steps below:
To close your account:
Tap your profile picture > Settings > Account preferences.
Tap Close account under Account management.
Tap Continue to proceed with closing your account.
Tap the reason for closing your account and tap Next.
Enter your account password and tap Done.
Article courtesy of Marc Tamarin
Marc Tamarin President | Virtual IT Consulting
Portland 503.336.1929 | Los Angeles 310.584.1067