View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
January 8, 2020updated 09 Jan 2020 9:48am

Las Vegas Hacked: Quick Reactions Save Sin City from Outages

"People interfacing with the city may experience brief interruptions of service"

By CBR Staff Writer

Updated January 9, 2020, 8.30am BST with details. 

The City of Las Vegas has contained a cyber breach, officials say, after hackers compromised systems, causing some initial service outages.

The attack was first flagged at 4:30 a.m. PST Tuesday January 8.

City officials say they do not believe public data had been accessed. The precise nature of the attack and/or malware payload has not been disclosed.

In an update posted 12 hours after the initial attack was reported, the city said: “We have resumed full operations with all data systems functioning as normal.

“Thanks to our software security systems and fast action by our IT staff, we were fortunate to avoid what had the potential to be a devastating situation.”

Las Vegas Hacked: Details Still Emerging

In an earlier comment, Vegas officials hinted at a nascent ransomware attack, saying: “People interfacing with the city may experience brief interruptions of service, but so far those interruptions have been minimal.”

Content from our partners
Green for go: Transforming trade in the UK
Manufacturers are switching to personalised customer experience amid fierce competition
How many ends in end-to-end service orchestration?

City spokesman David Riggleman told the Las Vegas Review that the city faces about 279,000 attempts to breach its computer systems every month.

Quick reactions and more robust network segmentation and security systems appear to have helped Las Vegas avoid suffering the kind of incident that has recently befallen New Orleans — which was forced to declare a state of emergency — and Florida’s Pensacola: both among the US cities hit by cybercriminals in recent months.

Read this: When Ransomware Cripples a City, Who’s to Blame? This I.T. Chief Is Fighting Back

Nearly 1,000 US government agencies, educational establishments and healthcare providers were hit by ransomware attacks in 2019.

Security firm Emsisoft says it has tracked successful attacks on 103 federal, state and municipal governments and agencies in 2019.

The New Zealand-based cybersecurity firm pointed to a report issued by the State Auditor of Mississippi in October 2019 that damns a “disregard for cybersecurity in state government,” with many state entities “operating like state and federal cybersecurity laws do not apply to them”.

That report found that many state government bodies do not have a security policy plan or disaster recovery plan in place; are not performing legally mandated risk assessments and are not encrypting sensitive information.

Security experts say comprehensive data backups are crucial to recovery in the event of a ransomware attack. As Aron Brand, CTO at Israel’s CTERA puts it crisply: “Make sure all of your data is reliably backed up and physically separated from the main dataset, with backup versions in a read-only repository. In the event of an attack, you can rollback to an uninfected file version and be up and running quickly.”

He adds: “If your data is outside your firewall, it must be encrypted. Keys should be generated and managed internally by trusted individuals, separate from any third-party service to ensure total data privacy.”

See also: Security Researcher Alleges Assault by Casino Vendor for Vulnerability Disclosure

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU