Casinos & Gaming – Hackers’ Favorite Targets
With the increase in online casinos, as well as the use of technology in brick-and-mortar casinos the shift towards online gambling has opened up a new world for players and cyber threats alike. Hackers see these platforms, technology, and apps as target-rich environments since they can deliver a one-two combination punch, going after a platform’s money and customer data.
Since those in the gambling industry are familiar with cheaters and criminals of all kinds, you’d think they would take all the necessary precautions to protect their digital infrastructure and ensure the safety and security of their players, but often reality reveals a different truth.
Notable Online Casinos Cyberattacks
Online gambling has been accessible for the past two decades but has spiked in popularity over the last few years. In 2021, the global online gambling and betting industry was worth $61.5 billion. Forecasts predict its value to skyrocket to $114.4 billion by 2028. Even a fraction of that is an attractive amount of money for a hacker.
- In 2016, hackers launched an attack against William Hill, which crashed the company’s websites. The cyberattack occurred during the 2015/2016 UEFA Champions League season, so experts estimate the company could have lost up to £4.4 million.
- MGM Resorts, which owns 31 hotel and gaming destinations, suffered a data breach in 2019 that exposed the personal information of over 10.6 million guests. A vulnerability in the site’s cloud server enabled the breach, with hackers stealing guests’ names, addresses, phone numbers, and email addresses.
- In late 2022, DraftKings announced that around $300,000 was stolen from about 100,000 customer accounts. The company found no evidence of its systems being breached. It believes that hackers obtained compromised login credentials stolen from other sites and accessed the DraftKings accounts of customers who used the same login information.
Which Attack Methods Do Hackers Use Against Casinos?
Hackers can use a variety of tactics to target online gaming platforms and casinos and their customers, launch attacks by exploiting poorly configured technological solutions, use tried and tested methods that work on any digital asset, and the good old standby of money laundering.
POS systems are easily compromised because they are often wrongly configured, unpatched, and have unsecured remote access or weak passwords. Hackers can install malware, card skimmers, and keyloggers on POS systems through phishing scams or other social engineering techniques. Once inside, they can steal credit card information, personal information, and other sensitive data from players and employees that use the systems.
Nowadays, when players visit casinos, they expect a complete guest experience that includes drinks, entertainment, and access to free Wi-Fi throughout the establishment. Since public Wi-Fi networks tend to have lower levels of security, they are an extremely attractive attack vector. Threat actors can use “man-in-the-middle” attacks, packet sniffers, or network analyzers to capture and analyze data as it is transmitted over the network.
A favorite money-making method for threat actors is using ransomware to steal a casino’s online data, holding it, or threatening to publish it until the company decides to pay. A more lucrative option for hackers is to lock casinos out of their systems and hold the access for ransom. This forces businesses to screech to a halt, making it more likely that the operator will pay to regain access.
DDoS attacks are another popular tactic used by hackers to disrupt the operations of online gambling companies. These attacks flood a company’s servers with traffic, causing them to become overwhelmed and crash. While DDoS attacks impede operations temporarily, they are often a smokescreen for more significant attacks.
Large numbers of high-value transactions happen in brick-and-mortar and online casinos daily, providing a potential cover for money laundering and allowing hackers to clean their ill-gotten gains. Although casinos are required to do due diligence to identify money laundering attempts, it’s challenging to determine which deposits are connected to fraudulent behavior, especially now that casinos accept cryptocurrency.
Most of these vulnerabilities could be eliminated with tighter security measures and stricter policies. However, like businesses in most industries, there is a constant struggle between IT and security teams as they try to increase protection without slowing down performance.
CYREBRO for Gaming and Casinos – Success Story
Late in 2020, CYREBRO’s Digital Forensics and Incident Response (DFIR) team initiated an investigation for one of its North American casino clients. The investigation involved a network traffic spike of SMB connections (port 445) to external IP addresses coming from multiple hosts.
Knowing that outbound traffic from SMB ports (port 445) indicates an infection from the WannaCry ransomware worm, the team sprang into action to remove the malware before it could be internally triggered.
The implications of this threat for a casino can range from customers’ credit card theft to significant downtime to the worm infecting additional machines, all of which could significantly damage the casino’s business and reputation.
To establish “patient zero,” the CYREBRO team sifted through a large amount of external and internal IP addresses that were involved to determine the initial access vector and understand the full scope of the incident.
CYREBRO’s investigation revealed the infection’s root cause was an external EternalBlue exploitation of an internal device’s new secondary computer. The unsecured configuration change of “computer X” by NRT technicians exposed the device to the internet by adding the secondary public-facing NIC (Network Interface Card). That configuration change allowed the attackers to exploit the machine externally, enter the casino’s internal environment and quickly infect it.
After fully identifying and purifying the casino’s environment, CYREBRO provided recommendations to help strengthen the organization’s security posture and prevent similar threats in the future.
Casinos Need Security for the Long Game
Companies that want to prioritize security but lack the in-house workforce or are unable to hire due to the industry-wide shortage of available experts should consider partnering with a SOC. That partnership can alleviate much of the pressure on lean in-house teams and help the company secure cyber insurance.
Any business that uses the digital world to function opens itself up to risks and attacks, even those in the online casino and gaming industry which have dealt with attempts to manipulate and hack their systems since their inception.
These ‘games’ between businesses and hackers will go on forever; the only choice is to step up security practices and protocols, remain informed about the latest threats, and have the capability to mitigate them the moment they are detected.