3 Unexpected Exposures We Found in Leading Las Vegas Casinos

3 Unexpected Exposures We Found in Leading Las Vegas Casinos

Share:

Share on linkedin
Share on facebook
Share on twitter

This year, after a long break, the security community of Black Hat has gathered in person at Las Vegas, USA, for the ultimate mix of business and leisure. For many security professionals who attend Black Hat, visiting the surrounding casinos is a popular after-hours activity.

In light of the recent alerts issued by the Nevada Gaming Control Board at the beginning of July 2021, warning casinos of cyber attack threats, Reposify’s research team chose two leading casinos from Las Vegas and analyzed their security posture. The research team ran a check for any security issues that might be visible to attackers by leveraging the company’s external attack surface management (EASM) platform.

casino-cyber-exposures-las-vegas

The 3 Security Exposures Discovered in Las Vegas Casinos 

1. Backend Architecture and Data Leakage

Among the exposures discovered in the network perimeters of the leading casinos in town was a stack trace of a casino’s purchasing system. This detailed error message leaked information about the casino’s backend architecture and other susceptible data points. Malicious actors can leverage exposed stack traces to extract information and gain access to internal networks.

2. Microsoft Exchange Server Exposure 

Reposify’s researchers have also discovered a Microsoft Exchange server, with several critical vulnerabilities (CVSS 9.8) which allow attackers to gain domain administrator rights and execute remote code attacks among other vulnerabilities.

3. Exposed firewall login page

Another sensitive asset discovered was an exposed login page of a firewall system. This login page was not protected by multi-factor authentication and could be breached with stolen credentials or via brute force attacks.

Upon discovery, Reposify has disclosed the details of these security issues to the affected companies in order to help them resolve the issues as soon as possible.

When it Comes to Network Security, There is No Room To Gamble 

The US gambling industry is no stranger to cyber attacks. During the past year alone, several casinos had to shut down operations due to repeated ransomware attacks and data breaches among other cyber incidents.

Casinos are considered a lucrative target for attackers, as evident by the numerous recent attacks on such establishments. After reviewing the exposures and unencrypted assets discovered over publicly accessible internet, we urge security teams to take immediate actions to identify and eliminate unknown exposure in their attack surfaces before they fall victim to the next cyber attack. When it comes to securing the network perimeter there is no room to gamble.

Contact Reposify to get a complimentary report of your organizations’ external attack surface exposures and unknown risks for our security experts. Don’t gamble on your network security.

New call-to-action

Reposify is an attack surface management platform delivering autonomous 24/7 discovery of exposed assets across all environments and the supply chain. Leading enterprises worldwide use Reposify to gain unparalleled visibility of their internet-facing assets and actionable security insights for eliminating shadow IT risks in real-time

Share:

Share on linkedin
Share on facebook
Share on twitter

Ready to discover your External Attack Surface?

Read Next

Gartner Recognized Reposify for its Innovative External Attack Surface Management Solution.

Gartner has named Reposify to its 2021 Emerging Vendors list in the external attack surface management (‘EASM’) security category.

The 4 Most Vulnerable Attack Surface Exposures in the Pharmaceutical Industry

Reposify's research team examined the security posture of leading pharmaceutical companies worldwide and found the industry's 4 most prevalent and vulnerable attack surface exposures.

The Dos and Don’ts – Black Hat USA 2021

The Black Hat event is holding its respectful reputation as the most hostile network in the world. Before you attend the event, we created a shortlist of dos and don'ts to help you best prepare.