Tara Lemieux, CMMC Consultant, Redspin

Published in Dark Reading on May 6, 2024

The landscape of cybersecurity is not just a battleground of code and firewalls; it’s also a realm where psychological tactics play a crucial role. A prime example of this is the September 2023 MGM Casino hackattributed largely to social engineering — a method that manipulates human psychology to gain access to confidential information or secure systems. Social engineering, while seemingly modern, has roots that stretch back decades and has been a tool for adversaries in various guises.

During the early 1990s, when I began my tenure at the National Security Agency (NSA), the emphasis on understanding and countering influence operations was intense. We were drilled in recognizing and mitigating the psychological tricks and social engineering tactics that could be used against us. Yet, despite this training, we observed seemingly innocuous local businesses, like a pizza shop offering discounts to NSA employees who showed their badges, which could be easily replicated and used for coercive purposes. This incident underscores the simplicity yet effectiveness of social engineering, relying on human vulnerabilities rather than technological vulnerabilities.

Fast forward to the present, and these rudimentary tactics have evolved into sophisticated strategies, as demonstrated by the MGM Casino hack. The attackers didn’t solely rely on advanced technology; instead, they leveraged psychological manipulation, exploiting human trust and curiosity to breach defenses…

Continue reading here