3 Unexpected Exposures We Found in Leading Las Vegas Casinos

3 Unexpected Exposures We Found in Leading Las Vegas Casinos


Share on linkedin
Share on facebook
Share on twitter

This year, after a long break, the security community of Black Hat has gathered in person at Las Vegas, USA, for the ultimate mix of business and leisure. For many security professionals who attend Black Hat, visiting the surrounding casinos is a popular after-hours activity.

In light of the recent alerts issued by the Nevada Gaming Control Board at the beginning of July 2021, warning casinos of cyber attack threats, Reposify’s research team chose two leading casinos from Las Vegas and analyzed their security posture. The research team ran a check for any security issues that might be visible to attackers by leveraging the company’s external attack surface management (EASM) platform.


The 3 Security Exposures Discovered in Las Vegas Casinos 

1. Backend Architecture and Data Leakage

Among the exposures discovered in the network perimeters of the leading casinos in town was a stack trace of a casino’s purchasing system. This detailed error message leaked information about the casino’s backend architecture and other susceptible data points. Malicious actors can leverage exposed stack traces to extract information and gain access to internal networks.

2. Microsoft Exchange Server Exposure 

Reposify’s researchers have also discovered a Microsoft Exchange server, with several critical vulnerabilities (CVSS 9.8) which allow attackers to gain domain administrator rights and execute remote code attacks among other vulnerabilities.

3. Exposed firewall login page

Another sensitive asset discovered was an exposed login page of a firewall system. This login page was not protected by multi-factor authentication and could be breached with stolen credentials or via brute force attacks.

Upon discovery, Reposify has disclosed the details of these security issues to the affected companies in order to help them resolve the issues as soon as possible.

When it Comes to Network Security, There is No Room To Gamble 

The US gambling industry is no stranger to cyber attacks. During the past year alone, several casinos had to shut down operations due to repeated ransomware attacks and data breaches among other cyber incidents.

Casinos are considered a lucrative target for attackers, as evident by the numerous recent attacks on such establishments. After reviewing the exposures and unencrypted assets discovered over publicly accessible internet, we urge security teams to take immediate actions to identify and eliminate unknown exposure in their attack surfaces before they fall victim to the next cyber attack. When it comes to securing the network perimeter there is no room to gamble.

Contact Reposify to get a complimentary report of your organizations’ external attack surface exposures and unknown risks for our security experts. Don’t gamble on your network security.

New call-to-action

Reposify is an attack surface management platform delivering autonomous 24/7 discovery of exposed assets across all environments and the supply chain. Leading enterprises worldwide use Reposify to gain unparalleled visibility of their internet-facing assets and actionable security insights for eliminating shadow IT risks in real-time


Share on linkedin
Share on facebook
Share on twitter

Ready to discover your External Attack Surface?

Read Next

The foundation of Cybersecurity: External Attack Surface Visibility.

The move to cloud changes how organizations protect data by creating distributed workforces and IT ecosystems. In parallel, threat actors target organizations because they know that these changes create visibility issues. 

This is how cybersecurity teams can improve IT asset management

Many organizations don’t realize that as they move mission-critical operations to the cloud, they also lose visibility into their assets. The answer lies in learning how to improve IT asset management.

External Attack Surface Management for Red Teams

With real-time visibility into the external attack surface, Red Teams can know when new assets go online for dynamic security across complex cloud and IT infrastructures.