There have been a large number of cyberattack threats to casinos in Las Vegas, and it has now come to the attention of the public, or more specifically, the Nevada Gaming Control Board.
Officials were performing a routine check when they found security issues that attackers might be aware of, using the company’s EASM platform. In addition, the casino’s investigators discovered unauthorized POS network access and the presence of malware.
The researchers discovered vulnerabilities in casino network perimeters as well as a trace of a casino’s purchasing system. Hackers are now focusing on systems that manage player reward points. It was also discovered that the detailed error message revealed information about the highly sensitive data points and backend architecture of the casino, which can be extremely dangerous for the operation of Las Vegas casinos. Security experts were unsurprised that hackers would target casino systems, which have sensitive data.
Hackers can use exposed stack traces to extract data that will let them access a casino’s internal networks. Furthermore, the investigators found a Microsoft Exchange server with numerous vulnerabilities that allow hackers to become domain administrators and conduct attacks remotely. The Nevada State Game Control Board is conducting investigations and actively monitoring the situation to find solutions.
Earlier this year, it was reported that slot machines in two Las Vegas casinos were inaccessible for nearly a week due to a ransomware attack. Many casinos had to close down recently as a result of recurrent attacks on ransomware and data leaks. This makes the findings even more concerning.
Casinos are a lucrative target for attackers, as evidenced by the numerous recent attacks on such establishments.
Arnon Yosha, Senior Security Research at Reposify, urged security teams to take immediate action to identify and eliminate unknown exposures in their attack surfaces.
