MGM Resorts social engineering attack disables critical systems

Scattered Spider impersonated an employee on the help desk, reset MFA, and pushed ransomware across MGM’s hotel and casino infrastructure.

Gaming floors, room keys, and booking systems experienced multi-day outages, exposing how people-centric attacks can defeat layered tooling.

Prevention playbook:

• Implement stringent help-desk verification, including callback procedures and biometric or hardware key resets.
• Adopt device posture checks for MFA approvals, and require phishing-resistant authenticators for privileged users.
• Conduct regular social engineering simulations, including voice phishing (vishing) scenarios.