Cyber Incident Victim: City of Las Vegas
Date:
Jan 2020
Location:
United States of America
Summary
The City of Las Vegas experienced a cyber-attack likely initiated through a malicious email, prompting its IT department to swiftly implement protective measures. Unusual activity was detected in the early hours of Tuesday morning, though the full scope of potential data compromise remained unconfirmed by that evening, with system analysis ongoing to minimize resident disruptions. The city routinely faces hundreds of thousands of monthly breach attempts, reflecting persistent targeting of its networks. While speculation arose linking the incident to geopolitical tensions, officials emphasized containment efforts and anticipated minimal operational impact as investigations continued.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 6 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On January 7, 2020, the City of Las Vegas experienced a cyber-attack targeting its computer network, with initial detection of unusual activity occurring at approximately 4:30 a.m. local time. City spokesperson David Riggleman indicated that threat actors likely gained network access through a malicious email, though the specific attack vector remained under investigation. The city's IT department implemented immediate countermeasures to contain the intrusion, with Riggleman confirming extensive protective actions were underway to secure systems. By the evening of January 7, officials had not yet determined the full scope of compromised data or systems, leaving the potential exposure of sensitive information unconfirmed. Riggleman stated a clearer assessment of the damage would require an additional 24-48 hours of analysis, noting that system disruptions for residents were possible but expected to remain minimal due to containment efforts. The city's infrastructure routinely faced significant cyber threats, with Riggleman disclosing that Las Vegas systems endured approximately 279,000 breach attempts monthly prior to this incident.
The attack prompted heightened operational scrutiny as city technicians worked to analyze network activity and restore normal operations. While no ransomware demands were publicly reported, the incident occurred against a backdrop of increased cyber threats targeting U.S. municipalities, with Las Vegas maintaining a policy against paying ransoms under Mayor Carolyn Goodman's administration. Riggleman emphasized the persistent nature of cyber intrusions, observing that malicious actors continuously attempted to exploit vulnerabilities in city systems. Federal advisories about potential Iranian state-sponsored cyber activity circulated following geopolitical tensions earlier that month, though no attribution for the Las Vegas attack was provided by city officials. Residents were advised to anticipate possible service interruptions as recovery efforts continued, with city departments prioritizing system integrity assessments and threat mitigation throughout the response period.