This year, after a long break, the security community of Black Hat has gathered in person at Las Vegas, USA, for the ultimate mix of business and leisure. For many security professionals who attend Black Hat, visiting the surrounding casinos is a popular after-hours activity.
In light of the recent alerts issued by the Nevada Gaming Control Board at the beginning of July 2021, warning casinos of cyber attack threats, Reposify’s research team chose two leading casinos from Las Vegas and analyzed their security posture. The research team ran a check for any security issues that might be visible to attackers by leveraging the company’s external attack surface management (EASM) platform.
The 3 Security Exposures Discovered in Las Vegas Casinos
1. Backend Architecture and Data Leakage
Among the exposures discovered in the network perimeters of the leading casinos in town was a stack trace of a casino’s purchasing system. This detailed error message leaked information about the casino’s backend architecture and other susceptible data points. Malicious actors can leverage exposed stack traces to extract information and gain access to internal networks.
2. Microsoft Exchange Server Exposure
Reposify’s researchers have also discovered a Microsoft Exchange server, with several critical vulnerabilities (CVSS 9.8) which allow attackers to gain domain administrator rights and execute remote code attacks among other vulnerabilities.
3. Exposed firewall login page
Another sensitive asset discovered was an exposed login page of a firewall system. This login page was not protected by multi-factor authentication and could be breached with stolen credentials or via brute force attacks.
Upon discovery, Reposify has disclosed the details of these security issues to the affected companies in order to help them resolve the issues as soon as possible.
When it Comes to Network Security, There is No Room To Gamble
The US gambling industry is no stranger to cyber attacks. During the past year alone, several casinos had to shut down operations due to repeated ransomware attacks and data breaches among other cyber incidents.
Casinos are considered a lucrative target for attackers, as evident by the numerous recent attacks on such establishments. After reviewing the exposures and unencrypted assets discovered over publicly accessible internet, we urge security teams to take immediate actions to identify and eliminate unknown exposure in their attack surfaces before they fall victim to the next cyber attack. When it comes to securing the network perimeter there is no room to gamble.
Contact Reposify to get a complimentary report of your organizations’ external attack surface exposures and unknown risks for our security experts. Don’t gamble on your network security.