Cybersecurity in Online Gambling

12984439058?profile=RESIZE_400xThe world of online gambling has exploded in popularity, offering convenience and excitement to millions of players worldwide.  But, with this digital gold rush comes a host of cybersecurity risks and challenges that affect gambling companies, players, and the third-party vendors who support them.  There are risks, challenges, and opportunities for online gaming companies, the folks who partake in online gambling, and the third-party vendors who are there to help keep systems and data secure.[1]

For online gambling companies, prioritizing cybersecurity is not just about protection; it is a competitive advantage. Robust security measures can build trust with users and regulators, potentially opening new markets and opportunities. The risks are obvious:

  • Data Breaches: Online casinos hold vast amounts of sensitive user data, including personal and financial information, making them prime targets for cybercriminals.
  • DDoS Attacks: Distributed Denial of Service attacks can cripple gambling sites, causing downtime and loss of revenue.
  • Fraud: Sophisticated scams, including bonus abuse and account takeovers, pose significant financial risks.
  • Regulatory Compliance: Meeting strict data protection regulations across different jurisdictions is a constant challenge.

Online gamblers, meanwhile, must remain vigilant. Using strong, unique passwords, enabling multi-factor authentication when available, and being cautious about sharing personal information are crucial steps in protecting oneself. The risks are also obvious:

  • Identity Theft: Personal and financial data can be compromised if a gambling site is breached.
  • Unfair Play: Hackers might manipulate game outcomes, leading to unfair losses.
  • Addiction Vulnerability: Cybercriminals could exploit data to target vulnerable individuals with personalized marketing.

"Beyond the traditional security measures, an online gambling professional or enthusiast must always consider their software stack and be cautious installing any third party application from sites like TwoPlusTwo and other forums, regardless of their perceived usefulness," said Michael Skelton, Vice President of Operations and Hacker Success at Bugcrowd and an ex-professional poker player (2003-2010).  "The protection of your online wallet should be considered top of mind, and the reputation of a site when it comes to security should be a significant factor.  Historically, UltimateBet and Absolute Poker had cheated at the platform level, leading to significant losses, a risk much more likely in lesser known cryptocurrency gambling sites."

Personal data is always at risk when doing any activity online, whether gaming or not.  "Anytime you reveal your data to an organization, including an online gaming company, you are increasing your chances of being adversely impacted by a data breach," said Col. Cedric Leighton.  "In essence, you're providing potential hackers with a bigger target.  The more you expose your data to different organizations, the more likely you'll be compromised."

The National Cybersecurity Alliance (NCA) helps the public and businesses by providing resources and tips for keeping themselves safe, and their advice is simple and straightforward for online gamers.  "Online betting is a potentially exciting activity for interested gamers, but they should always proceed with patience, vigilance, and caution," said Cliff Steinhauer, Director of Information Security and Engagement at the NCA.  "Don't forget to enable MFA, use strong, unique passwords, and be suspicious of inbound messages about gaming that could be phishing attempts.  Attackers see opportunities to exploit the excitement around online betting to trick users into acting too quickly without thinking about the source or red flags in the message.  Slow down, have fun, and stay safe!"

Third-party vendors can position themselves as indispensable partners by staying ahead of emerging threats and offering innovative solutions.  Their expertise can be an asset in an industry where security is paramount.  They are tasked with a few challenges in their efforts to help their clients:

  • Supply Chain Attacks: As crucial links in the security chain, vendors are attractive targets for hackers seeking to infiltrate gambling platforms.
  • Reputation Risks: A security lapse could damage relationships with gambling companies and other clients.
  • Rapid Evolution: Keeping up with emerging threats and new technologies is a constant challenge.
  • Despite these challenges, the online gambling industry also presents significant opportunities for cybersecurity innovation:
  • Advanced Authentication: Implementing cutting-edge biometric and multi-factor authentication can enhance security and user experience.
  • AI and Machine Learning: These technologies can be leveraged for real-time fraud detection and prevention.
  • Blockchain Technology: Decentralized systems could enhance transparency and security for transactions and game outcomes.
  • Regulatory Tech: New solutions to help companies navigate the complex landscape of international gambling regulations and compliance.
  • Educational Initiatives: Opportunities to educate users about cybersecurity best practices, benefiting both the gambling industry and wider society.

Physical casinos are at risk judging by recent and costly attacks on some Las Strip staples. It is not just the gaming side; it is hotel operations, rewards programs, and rooms.  "Gambling casinos have also been victims of cyberattacks. Last September, MGM Resorts was struck by a massive cyberattack, which crippled everything from ATMs to electronic room keys, not to mention the gambling operations themselves," Col. Leighton said. "The ransomware group Scattered Spider, affiliated with ALPHV or BlackCat, claimed responsibility.  MGM Resorts did not pay a ransom, but the attack reportedly cost the company $100 million in lost revenues and other costs."

See:  https://redskyalliance.org/xindustry/those-darn-blackcats

"Besides MGM Resorts, Caesars Entertainment was recently hit by ransomware. Caesars opted to pay a $15 million ransom, unlike MGM," Col. Leighton added. "As the MGM and Caesars cases illustrate, cybercriminals and other actors will 'follow the money.' They are putting the online gambling industry in their crosshairs."

Online gambling sites are ripe for the lousy actor picking, for sure, including gambling-themed phishing sites that lure victims looking to strike it rich from their couch home or in-office chair. "The sophistication of today's phishing threats is becoming more difficult to detect, especially for users," said Patrick Harr, CEO at SlashNext. "Online gambling-themed phishing sites continue to pop up, and they will be used to steal credentials for future corporate-based attacks or to commit credit card fraud."

Krishna Vishnubhotla, Vice President of Product Strategy at Zimperium, breaks down how cybercriminals operate in the online gaming arena: "Cybercriminals can exploit online gambling to launch attacks via phishing emails, malicious links, or fake betting websites and mobile apps.  Due to the prevalence of smartphones for these activities, they often target mobile users," Vishnubhotla said, offering the apparent and not-so-obvious vectors for criminals:

What's obvious

  • Phishing Scams: Phishing scams are common. They often involve emails or messages mimicking legitimate betting sites, aiming to steal credentials or personal information.
  • Unsecured Wi-Fi Networks: Using public or unsecured Wi-Fi can expose users to eavesdropping and data theft.
  • What's not obvious
  • Social Engineering Beyond Email: Cybercriminals may use social media or messaging apps to target individuals with scams. Messaging apps and in-app messages on social apps are great for these.
  • Compromised Mobile Apps: Not all apps related to online gambling are legitimate. Some may be designed to look genuine. However, they are created to install malware or steal data from mobile devices. Betting and gambling apps will lure you into installing them by promising exponential returns.

"Since online gambling doesn't only take place outside of work hours, organizations should proactively educate their employees about these risks, advise caution with unsolicited communications, ensure the security of their mobile devices, and verify the legitimacy of websites and apps used for betting," Vishnubhotla concluded.

This article is shared at no charge and is for educational and informational purposes only.

Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization.  We provide indicators of compromise information via a notification service (RedXray) or an analysis service (CTAC).  For questions, comments, or assistance, please get in touch with the office directly at 1-844-492-7225, or feedback@redskyalliance.com    

Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://register.gotowebinar.com/register/5378972949933166424

 

[1] https://www.secureworld.io/industry-news/online-gambling-cybersecurity

E-mail me when people leave their comments –

You need to be a member of Red Sky Alliance to add comments!