San Francisco, CA, August 3rd, 2021 – Reposify, the leading external attack surface management platform, has discovered alarming exposures in the IT networks of Las Vegas’s leading casinos.
It is Black Hat season, and this year, after a long break, the security community has gathered in person at Las Vegas, USA for the ultimate mix of business and leisure. For many of the security professionals who attend Black Hat, visits to the surrounding casinos are a popular after-hours activity.
In light of the recent alert, issued by the Nevada Gaming Control Board at the beginning of July, warning casinos of cyberattack threats, Reposify’s researchers ran a check for any security issues that might be visible to attackers by leveraging the company’s EASM platform.
Among the exposures discovered in the network perimeters of the leading casinos in town, was a stack trace of a casino’s purchasing system. This detailed error message leaked information about the casino’s backend architecture and other highly sensitive data points. Exposed stack traces can be leveraged by malicious actors to extract information which can be used to gain access into internal networks.
Reposify researchers have also discovered a Microsoft Exchange server, with several critical vulnerabilities (CVSS 10) which allow attackers to gain domain administrator rights and execute remote code attacks among other vulnerabilities. Another sensitive asset discovered was an exposed login page of a firewall system. This login page was not protected by multi-factor authentication and could be breached with stolen credentials or via brute force attacks.
Upon discovery, Reposify has disclosed the details of these security issues to the affected companies in order to help them resolve the issues as soon as possible.
The US gambling industry is no stranger to cyber attacks. During the past year alone, several casinos had to shut down operations due to repeated ransomware attacks and data breaches among other cyber incidents.
“Casinos are considered a lucrative target for attackers, as evident by the numerous recent attacks on such establishments. After reviewing the exposures and unencrypted assets discovered over publicly accessible internet, I urge security teams to take immediate actions to identify and eliminate unknown exposures in their attack surfaces before they fall victim to the next cyber attack”, said Arnon Yosha, Senior Security Research at Reposify “When it comes to securing the network perimeter there is no room to gamble”.
As a service to the security community Reposify invites security teams to get in touch and receive a complimentary report of their external attack surface exposures.
Reposify, the leading external attack surface management platform, helps security teams discover and eliminate unknown exposures and shadow IT risks across all environments with no agents or deployment require
Reposify delivers an always up-to-date view of a company’s exposed asset inventory, analyzes and prioritizes every asset and generates a plan with actionable insights so teams can resolve more issues in less time. Leading enterprises worldwide use Reposify to discover and secure their internet-facing assets in real-time.
Reposify is a Gartner emerging vendor in the EASM space