A tale of 2 casino ransomware attacks: One paid out, one did not - What can be learned from MGM’s and Caesars’ infosec moves::What can be learned from MGM’s and Caesars’ infosec moves

    • sylver_dragon@lemmy.world
      link
      fedilink
      English
      arrow-up
      51
      arrow-down
      3
      ·
      1 year ago

      Your choice of OS doesn’t help when your IAM provider’s tech support happily resets your admin passwords for the attacker.

      • just_another_person@lemmy.world
        link
        fedilink
        English
        arrow-up
        8
        arrow-down
        50
        ·
        1 year ago

        Windows is notoriously insecure and vulnerable to all manner of attacks and escalations that make it the main target for ransomware. Has nothing to with IAM.

        • AngryishHumanoid@lemmy.world
          link
          fedilink
          English
          arrow-up
          33
          arrow-down
          2
          ·
          1 year ago

          What does that have to do with this post though? Or were you just waiting to say something about Windows because REASONS!

          • SquirtleHermit@lemmy.world
            link
            fedilink
            English
            arrow-up
            2
            arrow-down
            5
            ·
            edit-2
            1 year ago

            Shit, I’ll jump on the band wagon.

            Why do the Control Panel, Device Manager, and Properties windows stay bright white when I turn on Dark Mode?

            oh… you weren’t suggesting we actually do that… my bad. I’ll see myself out.

            edit: tough crowd

    • JJROKCZ@lemmy.world
      link
      fedilink
      English
      arrow-up
      37
      arrow-down
      2
      ·
      1 year ago

      Most of our vendors only make products for windows, barely understand windows and certainly don’t understand Linux or as400, and they dont intend to. Those that do run Linux and as400 are actively transitioning their systems to a windows based version as it’s easier for the casinos to maintain.

      Source: IT Director for a casino company and responsible for hundreds of windows servers, thousands of PCs, 12 Linux and half a dozen as400s - I’m not with Caesars or MGM thank god but their breaches caused me a ton of work and lost sleep trust me

      • fruitycoder@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        2
        ·
        edit-2
        1 year ago

        Yikes. I’ve seen that strat before. Dinosaur vendors are the worst. My only advice to focus on replacing bad vendors like that wherever and whenever you can, getting stuck actively building out an already legacy system sucks. Good luck!

        The “Adopt, Buy, Build” strategy is good one as well as the “strangler pattern” to help keep you from entrenching your self in shitty systems.

        • JJROKCZ@lemmy.world
          link
          fedilink
          English
          arrow-up
          10
          ·
          1 year ago

          Unfortunately there aren’t many vendors in this space, especially since a few of the shittier options have committed to just buying out competitors and sitting on their products rather than doing anything requested with them.

          The casinos are extremely tight with money, they bring in tons, they just aren’t interested in spending it on anything other than building new/more casinos and of course c suite bonuses like all corps. They’re whiney and cheap, not good clients.

          • fruitycoder@sh.itjust.works
            link
            fedilink
            English
            arrow-up
            2
            ·
            1 year ago

            IT being a cost center is a rough position to be in tbh, I get it. For me, even when I can convince them that moving to upgrading to more modern scalable systems will be an investment that should see an increase in uptime and a decrease in the number of admins needed, it is still a fight to get them to actually INVEST in it and not just unfunded mandate a change in systems.

            I don’t even want to think about what hundreds of Windows servers administration looks like. Like SCCM and Group Policy is more powerful than Linux admins give it credit for, but still at that scale what a nightmare. I hated it on the scale of tens of servers.