Nevada Urges Casinos Not to Underplay the Risk of Cyberattacks

The Nevada Gaming Control Board (NGCB) has once again issued a warning to casinos in the Silver State, cautioning them not to downplay the threat of cyber attacks against their operations and systems, and citing the rise of such incidents over the past months. 

Employees Need to Be Vigilant as Cybersecurity Risks Persist

The regulator issued a Cybersecurity Notice in which it summed up best practices, and emphasized the need to pay attention to such challenges, specifically arguing that they continue to persist and to be a threat to the day-to-day running of business. 

In its notice, the regulator spoke about social engineering and phishing, with hackers relentlessly attacking organizations well beyond the high-tech means of infiltrating the system and resorting to AI-assisted fraud instead, which easily allows them to attack companies by trying to impersonate insiders, especially those with IT credentials. 

Essentially, the NGCB has urged employees in the industry to remain sharp about everything they come in contact with and to reach out to managers and cybersecurity experts if they are not certain what they are handling.

Common phishing attempts highlighted by the regulator include requests to reset passwords, wire money, change payment instructions, and more. Urgency is often the telltale sign of such requests, with scammers and hackers trying to convince the employee that they need to act now. 

“Attackers often rely on urgency, impersonation, and human trust to bypass normal controls. Be wary of callers who pressure you to act immediately, keep a request secret, or override normal approval steps,” the Technology Office of the State of Nevada said.

Multiple Vegas Properties Have Faced Ransomware Attacks

Yet, even the best properties have been successfully breached, as recent reports from Wynn Resorts and MGM Resorts, as well as Caesars, indicate. Wynn Resorts supposedly lost 800,000 records, obtained by a group called the ShinyHunters, which demanded a $1.5 million ransom to not leak them. 

Caesars reportedly paid $15 million to extortionists, although the company never confirmed this, and another rumor had it that the company was asked $30 million first. 

All three incidents are highlights of how well-organized criminals can explore even the smallest vulnerability in an organization, which is often due to momentary distraction, to get into a big and arguably well-protected company’s system.