In an exclusive interview with Cyber Intelligence, Ido Naor, Co-founder and CEO of Security Joes, a cybersecurity firm specializing in incident response and crisis management services, explains why gambling is the latest sector to be targeted by cybercrime.
The rapid growth of online gambling that began during pandemic lockdowns has made the online gambling industry a honeypot for cybercrime. At the same time, research conducted by the UK Gambling Commission showed that online gamblers were spending more and were unlikely to change their gambling habits once the lockdown ended.
“There has been a big rise in gambling cybercrime ever since the pandemic lockdowns, when gamblers, including many high-stakes players, were forced to play online. Many players have since been reluctant to return to physical casinos, preferring online gambling, leaving the door open to fraud,” says Ido Naor, Co-founder and CEO of cybersecurity firm Security Joes.
The sector is also proving attractive to cybercriminals because many sites now deal in cryptocurrencies. According to Naor, this made the sector increasingly attractive to the cybercriminal gangs, many of whom appear to have followed the lead of the Lazarus Group, who shifted their focus from banks to cryptocurrencies in 2018.
The gambling sector is vulnerable on two fronts: the gambling sites and, of course, the gamblers themselves. Some of the larger gambling platforms host multiple gaming sites and resemble online shopping malls for gamblers. It was such platforms that first drew the attention of organized cybercriminal groups, as many of the gambling sites deal in cryptocurrencies. The second category of victims is high-stakes rollers, gamblers who are prepared to lose a six-figure sum on the turn of a virtual card.
According to Security Joes, cyber criminals will often breach gambling sites solely to hack the customer details of high-stakes gamblers. Security Joes’ constant monitoring of cybercriminal activity regarding online gambling sites has revealed a trend of cybercriminals breaking into gambling sites for the sole purpose of hacking the customer details of high rollers.
There is also a wide array of cybercriminals attacking the gambling sector. According to Security Joes, Chinese threat actors often prioritize the gambling sector, with the infamous APT27 group among them. The threat actor can even be a nation-state such as North Korea or Iran intent on amassing a war chest with which to purchase military hardware. At a lower level, it could be a handful of card sharks meeting in a garage.
New threat actors also look for a piece of the action and often turn to social engineering-based attacks. According to Security Joes, there is one whose modus operandi is to attack via customer service by pretending to have problems and then linking to a screenshot. Although the customer interface may be in the form of a multi-language platform, the threat actor then fakes language problems by, for instance, suddenly switching to speaking only Spanish. Then the employee at the customer service center unwittingly downloads the payload in the form of malware along with the harmless-looking screenshot. This particular payload is so sophisticated that Security Joes named the primary threat actor behind the attacks, Icebreaker. These specific attacks started around September of last year.
The malware used is designed to sit dormant on the network until the stolen data can be sold to third parties, as there is a large market for corporate espionage and juicy and highly privileged data that can be sliced and diced and subsequently sold to different markets.
In the case of online gambling, it is crucial to identify the nature of the attack to analyze the motives of the cybercriminals. The aim of highly organized criminals is not always immediate financial gain. The customer details of individual gamblers can, for instance, be of immense value to an online blackmailer. For instance, a prominent financial executive or gambling addict politician might be willing to pay an incredibly high price to keep their bad habits out of the public eye. Whatever steps online betting sites now take to safeguard themselves and their customers against cyber-attacks, the new reality is that possessing customer data itself is now a gamble.
