This week, the cyber division of the US Federal Bureau of Investigation (FBI) issued a Private Industry Notification warning that ransomware gangs are now exploiting vulnerabilities in vendor-controlled remote access to casinos.
The new trend was first identified three months ago in The Daily Decrypt’s exclusive interview with Ido Naor, Co-founder and CEO of Security Joes. Naor identified several factors that make the gambling sector a prime target for cybercrime. The first is the rapid growth in online gambling during lockdown. The second reason is that many gambling sites now deal in untraceable cryptocurrencies, making them particularly attractive to cybercriminal gangs, who shifted their focus from banks to cryptocurrencies in 2018. Organized cybercrime is also tempted by some of the larger gambling sites, which host multiple gaming sites and resemble online shopping malls for gamblers.
High-rollers can lose six-figure sums
The attacks first identified by the FBI frequently targeted small and tribal casinos, encrypting servers and the personally identifying information (PII) of employees and patrons. As of June 2023, the FBI also reports that the Silent Ransom Group (SRG), also called Luna Moth, conducted callback phishing data theft and extortion attacks by sending victims a phone number in a phishing attempt, usually relating to pending charges on the victim’s account. When the victims called the provided phone number, cybercriminals directed them to a legitimate system management tool via a link provided in a follow-up email.
According to the FBI: “They then used the management tools to install other legitimate system management tools that can be repurposed for malicious activity. The actors then compromised local files and the network shared drives, exfiltrated victim data, and extorted the companies.”
The gambling sector remains vulnerable on two fronts: the gambling sites and, of course, the gamblers themselves; some of the larger gambling platforms host multiple gaming sites and resemble online shopping malls for gamblers. The second category of victims is composed of high-stakes rollers, gamblers who are prepared to lose a six-figure sum on the turn of a virtual card. Cybercriminals will often breach gambling sites solely in order to hack the customer details of high-stakes gamblers.
