Security vulnerabilities found in Las Vegas casinos
External attack surface management platform, Reposify, has discovered “alarming exposures” in the IT networks of several Las Vegas casinos.
Recently, the Nevada Gaming Control Board alerted casinos over the possibility of cyber attack threats, which led to Reposify researchers running checks.
The checks were looking for security issues that may be visible to attackers by leveraging the company’s EASM platform.
The researchers found exposures in the network perimeters of casinos and also a stack trace of a casino’s purchasing system.
Reposify says the “detailed error message leaked information about the casino’s backend architecture and other highly sensitive data points.”
Exposed stack traces can be used by hackers to extract information that could allow them to gain access into the internal networks of companies.
In addition, the researchers also discovered a Microsoft Exchange server that had several critical vulnerabilities, which allows attackers to gain domain administrator rights and execute remote code attacks.
Reposify has disclosed its findings in full to the affected companies in an attempt to help them resolve the issues.
During the past year, several casinos have had to shut down due to repeated ransomware attacks and data breaches, making the findings more alarming.
Arnon Yosha, Senior Security Research at Reposify, said: “Casinos are considered a lucrative target for attackers, as evident by the numerous recent attacks on such establishments.
“After reviewing the exposures and unencrypted assets discovered over publicly accessible internet, I urge security teams to take immediate actions to identify and eliminate unknown exposures in their attack surfaces before they fall victim to the next cyber attack.
"When it comes to securing the network perimeter there is no room to gamble”.