[BreachExchange] City of Las Vegas said it successfully avoided devastating cyber-attack

Destry Winant destry at riskbasedsecurity.com
Thu Jan 9 10:10:00 EST 2020 

https://www.zdnet.com/article/city-of-las-vegas-said-it-successfully-avoided-devastating-cyber-attack/

Officials from the city of Las Vegas said they narrowly avoided a
major security incident that took place on Tuesday, January 7.

According to a statement published by the city on Wednesday, the
compromise took place on Tuesday, at 4:30 am, in the morning.

The city said IT staff immediately detected the intrusion and took
steps to protect impacted systems. The city responded by taking
several services offline, including its public website, which is still
down at the time of writing.

City officials have not disclosed any details about the nature of the
incident, but local press reported that it might have involved an
email delivery vector.

In a subsequent statement published on Twitter on Wednesday, the city
confirmed it "resumed full operations with all data systems
functioning as normal."

"Thanks to our software security systems and fast action by our IT
staff, we were fortunate to avoid what had the potential to be a
devastating situation," it said.

"We do not believe any data was lost from our systems and no personal
data was taken. We are unclear as to who was responsible for the
compromise, but we will continue to look for potential indications,"
the city also added.

Since this is believed to be an email-based compromise, the type of
attack the city avoided can be anything from something as complex and
dangerous as a ransomware infection that triggered after an employee
opened a boobytrapped email, to something as mundane as a phishing
attempt that tried to get an employee's credentials.

All in all, Las Vegas officials can count themselves lucky, especially
if this was an attempt to infect the city's network with ransomware.

Major US cities like Atlanta, Baltimore, and more recently New Orleans
have suffered ransomware infections over the past two years, and all
needed months to recover, and paid millions of dollars to secure and
rebuild IT networks.

More information about the BreachExchange mailing list