MGM Resorts Suffers Vishing Cyberattack

Reporting suggests massive cyber breach began with a phone call to the Help Desk

This blog provides a recap as of Wednesday, September 13, 2023, of the unfolding news surrounding the MGM Resorts cybersecurity event.


  • A Cyberattack on MGM Resorts began on Sunday, September 10, 2023.
  • The impact of the cyberattack was widespread, impacting properties, systems, websites, mobile applications and guests.
  • Vishing (voice phishing) has been reported as the tactic used by the ALPHV ransomware gang.
  • As of Wednesday, September 13, 2023, services and systems have not been restored.

The Cyber Incident

MGM Resorts continues to struggle today from last Sunday’s cyberattack that wreaked havoc upon hotel operations across the country. The digital intrusion forced the MGM hospitality group to shut down the company’s network systems, rendering hotel rooms inaccessible, slot machines dysfunctional, ATMs inoperable and casino floor deserted. The websites of all 31 MGM resorts, including the dozen located directly on the Las Vegas strip, were shut down, as well as the company’s mobile rewards app – raising alarms that the personal data from its massive customer base may have been compromised as well. That did not go over well with the tens of thousands of disappointed MGM guests who flooded social media with their ill-tempered posts.

A Vishing Attack

By Tuesday, widespread reporting suggested that the notorious ALPHV ransomware gang was behind the incident, and that access to MGM systems was likely achieved through a social engineering attack perpetrated through a deceptive phone call. As posted by malware repository vx-underground, “All ALPHV did to compromise MGM Resorts was hop on LinkedIn, find an employee, then call the Help Desk. A company valued at $33,900,000,000 was defeated by a 10-minute conversation.”

Another Vishing Attack on Caesar’s Palace

Social media rumors are now spreading about a similar ransomware attack on Caesar’s Palace the prior week. As reported by, Ceasar’s appears to have quietly paid a $30 million ransom to the attackers rather than go through the pains now felt by MGM. The Wall Street Journal has reported: “Hackers used a social-engineering scheme, in which a person pretending to be an employee contacted the company IT help desk to have a password changed, according to people familiar with the matter.” Which means that the Caesar’s cyberattack was also perpetration via vishing.

More on Casino Attacks

It’s no surprise that entertainment conglomerates, with their wealth of financial resources and personal customer data, are an attractive target for cybercriminals. This report provides a detailed listing of the many casino attacks (including a prior hack of MGM) perpetrated over the past decade.

The Telephone as a Weapon

What is surprising, however, is how easy organizations are making it for these malicious adversaries to continue unabated. That’s because cybercriminals are opportunists, always seeking the path of least resistance. And now they have found it…the telephone.

Initial Access via the Telephone

While organizations have been pouring significant dollars and resources into cybersecurity protections for their digital outlets, criminal adversaries have quietly turned their attention to the overlooked, under-protected voice channel. And they are clearly finding vishing (voice phishing) to be a surprisingly effective technique for gaining initial access.  That is because humans, when connected through the telephone and left in the hands of a master manipulator, are proving to be far easier to crack than most network firewalls. In fact, this Dark Reading study shows that more than 37% of vishing attempts actually succeed at extracting the desired action from unsuspecting human targets.  

You Can Protect the Telephone (and Voice Channel)

There is no way to change human nature, be it that of a criminal agent or that of a helpful employee. But it is possible (and quite simple) to reduce the opportunity for the two to ever come in contact. That is what Mutare’s Voice Traffic Filter does best.

The Voice Traffic Filter eliminates vishing, social engineering, robocalls, spoof calls, voice spam storms and more, at the network edge.  This enterprise-class solution works with voice networks of all types, from cloud to on prem and any combination thereof.  The solution also works for unified collaboration solutions, UCaaS, contact center solutions, CCaaS, and more.

The Voice Traffic Filter combines five layers of unwanted call defense, including sophisticated call pattern and behavior analytics, to detect and deflect suspicious callers before they reach their target. (Note that vishing attacks usually start with a series of recognizance probing calls that, when detected as a pattern, are red flags for what might be coming). There is no other enterprise application on the market that can match the power and effectiveness of Mutare’s Voice Traffic Filter when it comes to removing unwanted nuisance and nefarious calls from the voice network.

It is time organizations begin to put the same effort into protection of the voice networks and endpoints as they do their data networks if they truly want to shield corporate assets, operations, customers and their employees from criminal intruders.