In today’s digital age, the ever-present threat of cybersecurity breaches looms over businesses, reminding us of the need for robust security measures. One recent incident that has grabbed headlines and drawn attention to these vulnerabilities is the September 2023 data breach at MGM Resorts International. In this blog post, we will delve into the details of this breach and explore how Pindrop’s innovative technology solutions could have played a pivotal role in preventing this significant security incident.
The September 2023 MGM Resorts Data Breach
The September 2023 breach at MGM Resorts International sent shockwaves throughout the industry as it exposed sensitive information about countless guests. This breach resulted in the unauthorized disclosure of personal data, including names, addresses, phone numbers, passport information, and more. The incident serves as a stark reminder of the cybersecurity challenges faced by businesses today, particularly in industries like hospitality, where safeguarding customer data is paramount.
But how did a simple phone call cause all this harm?
The group of attackers known as Scattered Spider specializes in social engineering. Particularly, they use Vishing (voice phishing), a technique that involves gaining unauthorized access through convincing phone calls, much like phishing for emails. In this specific scenario, the cybercriminals employed Vishing to manipulate MGM Resorts International’s IT team into resetting Okta passwords. This seemingly innocuous action granted the attackers parallel access to the victim employee’s computer, paving the way for data exfiltration.
While the MGM breach primarily involved data stored on a server, Pindrop’s technology could have added an additional layer of security through voice recognition,caller ID intelligence and behavioral pattern analysis.
Could Pindrop have helped prevent this attack?
Indeed, Pindrop is a multi-factor platform that helps protect against a wide spectrum of attacks, including Vishing. Specifically for Vishing, Pindrop offers solutions like spoofing detection based on the phone number, voice authentication, and liveness detection. These features could have been instrumental in rejecting the impostor’s voice, detecting repeat fraudsters, or identifying indicators of manipulations in the victim’s voice, such as deepfake or replay attacks.
This type of attack, as seen in the MGM breach, is remarkably similar to the threats Pindrop has successfully thwarted for over a decade. While Pindrop’s historical focus has been on financial institutions, the technology’s adaptability makes it relevant and effective across various sectors, including hospitality.
Voice Biometrics and Liveness Detection: Pindrop’s voice biometric solutions allow businesses to verify the identity of callers by analyzing their unique vocal characteristics. Had MGM Resorts International implemented voice biometrics in addition to audio liveness detection, unauthorized access to guest accounts could have been significantly more challenging for cybercriminals.
Fraud Detection: Pindrop’s technology also includes fraud detection capabilities that analyze voice, caller behavior and call metadata to identify suspicious patterns. This could have helped detect unusual activity on the compromised server, potentially alerting MGM’s security team to the breach sooner.
Multi-Factor Authentication: Implementing multi-factor authentication (MFA) with voice recognition could have made it substantially more difficult for cybercriminals to gain access to the cloud server where guest data was stored.
Preventing future breaches
The MGM Resorts International breach serves as a stark reminder of the importance of proactive cybersecurity measures. In today’s interconnected world, businesses must constantly evolve their security strategies to stay one step ahead of cyber threats.
Pindrop’s technology solutions offer a promising avenue for businesses to bolster their cybersecurity defenses, particularly in industries that handle vast amounts of customer data, such as hospitality. By incorporating voice biometrics, fraud detection, and MFA, organizations can significantly reduce their vulnerability to data breaches and enhance customer trust.
What you can do next
In addition to fraudsters’ use of more creative and organized tactics, recent advancements in AI technology have allowed fraudsters to gain access to confidential information using AI-generated voice deepfakes at an unprecedented rate. As we’ve seen, the MGM Resorts International breach is just one example of the evolving threat landscape.
The question is, how prepared is your organization to defend against these ever-more sophisticated attacks? Are you ready to fortify your business against deepfake threats?
**On Demand Webinar: Pindrop leaders Amit Gupta and Elie Khoury dive into the threat of deepfakes and how to protect your business and customers from future attacks.