A Teenager Brought Down MGM: Why AI Has Lowered the Barrier to Cybercrime

Written By Tony Crimando

In 2023, the world watched as two of the biggest names in entertainment, MGM Resorts and Caesars Entertainment, suffered major cyberattacks. What shocked many wasn’t just the size of the companies affected—it was the simplicity of the hack and the profile of the attackers.

The reported ringleader? A teenager. The tools? Readily available AI and social engineering tactics.

The cost? Over $100 million in damages for MGM alone, and potentially more for Caesars.

This incident is a wake-up call for every business, large or small. Cybercrime is no longer a high-tech, elite operation reserved for sophisticated groups. In today’s world, a single person with an internet connection and basic tools can do catastrophic damage.

The Rise of Low-Skill, High-Impact Cybercrime

The attackers reportedly used a basic tactic known as social engineering. By impersonating an employee and calling the IT help desk, they gained access to sensitive systems. It wasn’t some complex zero-day exploit. It was human error—amplified by tools like AI-generated voice cloning and chat-based scripting.

AI makes it easier than ever to:

  • Imitate employees convincingly using real-time voice tools

  • Automate phishing emails that bypass spam filters

  • Scan for vulnerabilities using tools with simple interfaces

  • Write code that exploits known weaknesses in outdated systems

This means more attackers, more attempts, and a greater need for proactive protection.

Why SMBs Are Even More at Risk

While companies like MGM can recover from a multimillion-dollar hit, small and mid-sized businesses cannot. Most SMBs do not have dedicated in-house security teams, and they often underestimate the sophistication of modern threats.

If a teenager can bring down a billion-dollar corporation, what could they do to a 20-person law firm, an auto repair shop, or a construction company?

The risk is no longer theoretical.

What You Can Do

You don’t need a giant budget to protect your business—but you do need a plan.

Here are key actions every business should take:

  • Implement multi-factor authentication across all systems

  • Train employees regularly on how to spot phishing attempts

  • Use endpoint detection tools and keep software updated

  • Partner with a proactive IT provider who monitors threats 24/7 and guides your strategy

Simple Support’s Role in Cybersecurity

At Simple Support, we help SMBs stay ahead of threats. Our Complete Support Plan includes:

  • 24/7 threat monitoring

  • Proactive patching and vulnerability management

  • Employee training and phishing simulations

  • Strategic planning to ensure your IT systems grow securely with your business

Cybersecurity isn’t a one-time install. It’s an ongoing process that evolves with your business and the threat landscape. And today, that landscape is shifting faster than ever.

The Bottom Line

A teenager used basic tools to exploit weaknesses at MGM and Caesars. It wasn’t about skill—it was about opportunity.

If your business still thinks, “It won’t happen to us,” it’s time to rethink that strategy.

Don’t wait for a wake-up call. Get ahead of the threats now.

Schedule a free consultation with Simple Support to review your cybersecurity posture and take proactive steps to protect your business.

Schedule a Cybersecurity Audit
Tony Crimando
Next

What SMBs Really Want from an IT Provider in 2025