Las Vegas still struggling against hackers

[Num7]

Have you heard about this? That's pretty crazy.

Las Vegas still struggling against hackers as the weekend arrives

Online MGM room reservations were down, and sportsbooks didn't have much action in the resort community.

www.nbcnews.com

Room reservations and sportsbooks were still dark across swaths of Las Vegas on Friday as the community trudged through its fifth day of a battle against hackers who struck the city’s biggest hotel chain.

As of 1 p.m. PDT, visitors to the "book a room" tab on the MGM Resorts website were greeted with the stark message of "online hotel reservations are currently unavailable."

The site also told guests that any change and cancellation fees are being waived for stays between Wednesday and Sunday.

The security breach also threatened to dim sports betting, a key attraction for football-minded Las Vegas visitors every fall. The machines used to take wagers were flickering on and off Friday at properties throughout the chain.

"They can take bets, kind of. It's in and out," influencer Jennifer Gay, who runs the popular vegasstarfish Instagram feed, said from the Bellagio sportsbook Friday. "If the system is up, you can (bet). When it's down, you can't."

She added: "The real gamble is whether you can wager on a game or not."

 

[Mayhem]

A person familiar with the attacks said the hackers behind the Las Vegas intrusions are members of a group that the cybersecurity industry often refers to as "Scattered Spider."

Talked their way in = 'And while many hacker groups employ varied hacking techniques to wreak havoc on computer systems, this group’s entry points can be decidedly low tech: phone calls and online chats with tech support.'

 

[Num7]

Yep, it does sound like they worked their way in with social engineering and low level scam calls.

And it's been going for over a week, right? That's nuts!

 

[Mayhem]

Looks like it, comes down to the actual company in the end, if someone rings asking for a password reset they must not be verifying them to the extend needed.

 

[TimeWizardCosmo]

Looks like it, comes down to the actual company in the end, if someone rings asking for a password reset they must not be verifying them to the extend needed.

Think of all the money spent on cybersecurity across Windows, Azure, Google and everyone else... And then how comical it is that it can all be defeated by calling someone up and pretending to be someone else.

 

[MODAT7]

Think of all the money spent on cybersecurity across Windows, Azure, Google and everyone else... And then how comical it is that it can all be defeated by calling someone up and pretending to be someone else.

Long ago before my health collapsed, I used to do small business networking, and security was part of my job description. It was amazing the level of whining I'd get because people would have to do something simple or learn something new that wasn't that hard. It's not too hard to discern that the Vegas people are no different. A few simple things done and all of this could have been avoided. They have lost MILLIONS in sales, when it would have been far cheaper to spend another $100k to million to upgrade, implement, and enforce some of the simplests of things. I'd really like to know how many CEO's figured this out and how many "morons" got fired over this.

 

[Mayhem]

It can also be the mentality 'it won't happen to us'.

Too late then.