In February 2020, Trend Micro, in collaboration with Talent-Jump Technologies Inc., exposed an operation known as DRBControl. Of particular note was that the campaign seemed to target online gambling enterprises across the world, particularly those in Southeast Asia, for espionage purposes. The attacks commenced with spear-phishing manoeuvres aimed at support teams and then leveraged two backdoors. Throughout the course of the campaign, cyber criminals have exfiltrated databases and source code.
An International Phenomenon: Internet Gambling Targets in the UK
It’s important to note that international hacking campaigns present a threat for internet gambling companies across the world, even here in the U.K. For example, a January 2020 report from PrivSec.Report explores a data breach reported by SuperCasino. As the company alerted users about the incident, it was noted that credit cards, passwords and personal documents were not exposed.
However, this event should serve as a cautionary tale that online gambling companies in the U.K. are a target for cyber crime, and it’s important to respond to that threat appropriately in order to prevent worse outcomes in the future.
Online Gambling Security: Why Are Casinos a Target For Cyber Crime?
So what motivates cyber criminals who attack internet gambling companies?
We saw in the DRBControl campaign that espionage can serve as a driving force for bad actors. A large-scale data breach that contains sensitive personal information may indicate that the perpetrator is looking to cash in by selling passwords and financial data on the black market. Individuals who purchase this information can sometimes execute credential stuffing attacks to compromise other accounts belonging to the users who have had their data exposed.
Other attack types aimed at breaking down online gambling security defences can provide additional clues about the threat landscape.
Phishing Attacks Against Users
While the DRBControl attack sheds light on the potential for online gambling operators to be targeted during spear-phishing campaigns, users are vulnerable to similar attacks. Whether account details of theirs were exposed in a separate data breach or they’re attacked by fraudulent users of the gaming platform, the risk for your customers is the same. With an account takeover, bad actors can gain further access to personal information or use the account for further fraudulent purposes.
Internet gambling companies are also vulnerable to in-game fraud, whether on an individual basis or as part of larger, coordinated money laundering efforts. During a recent HooYu compliance webinar, 93% of the participants said they expected to see higher rates of fraud following changes in the landscape due to Covid-19.
Online gambling security experts should also be vigilant against ransomware attacks, which aim to extort the targeted business.
As ZDNet reported this year, this is exactly what happened to one prominent online betting company, and the attack ultimately had a huge financial impact. In March 2020, SBTech experienced a ransomware attack. For about a week, the incident took down hundreds of websites throughout the world that relied on the company while U.S. regulators kept the group offline for longer. In order for an acquisition to proceed, SBTech had to agree to put $30 million into escrow to handle potential fallout from the event. The full scope of the consequences remains to be seen.
Internet Gambling: What Are Some Best Practices for Online Gambling Security?
As you can see, there’s a wide variety of reasons for criminals to target internet gambling businesses. Espionage, extortion, money laundering and smaller-scale fraud could be contributing factors, as well as the desire to capitalize on stolen user data.
With this threat landscape in mind, here are some time-tested strategies for online gambling security.
In order to prevent attackers from gaining a foothold in your system and from taking over individual user accounts, enhanced login security can help you protect your online gambling company. This includes implementing multifactor authentication where possible, such as requiring biometric data for logging in from new devices or when suspicious behaviour is detected.
Ensuring Compliance and Going Beyond Minimum Regulatory Standards
Adhering to security standards established by the Gambling Commission is essential for internet gambling companies operating in the U.K. In addition to maintaining compliance, the agency can serve as a useful platform for exploring additional online gambling security measures to prevent money laundering, fraud and ransomware attacks that could jeopardize the business’s financial standing and reputation.
Successfully navigating across the evolving cyber threat landscape is of paramount importance for gambling companies. Cyber criminals are constantly changing their techniques, requiring constant vigilance and skilled support. Saphisle consultants are prepared to discuss the latest online gambling security issues with you. contact us or book a meeting today to find out how we can help your company meet these challenges.
Content mapping link: