Social engineering remains a powerful & ever evolving cyberweapon


What most surprised me in 2023 was the MGM attack , where a group known as Scattered Spider employed social engineering to deceive MGM help desk employees into resetting the passwords and MFA codes of high-value MGM employees. This access enabled them to infiltrate MGM’s managed IT service, Okta, to install an identity provider and create single sign-on for themselves.

The breach also extended to the Microsoft Azure cloud environment, leading to multiple system vulnerabilities and exposure of customer data.

The ransomware attack cost MGM Resorts an estimated $100 million — and it showed yet again how social engineering remains a powerful and ever evolving cyberweapon.