Over the years, cybersecurity-related crimes have been closely associated with typical online operations. Nonetheless, as a recent report suggests, any business operation—whether based online or offline—should have a reason for concern.
IntSights, a worldwide internet security firm, has for some time been carrying out investigations on the number of online hacker threats aimed at brick-and-mortar casinos.
In line with the findings of their research, this risk is indeed real and is, unfortunately, spreading wide across various significant gambling holdings.
Researchers from IntSights were able to identify more than 1,500 online security threats, surprisingly all aimed at land-based casinos.
Within the six-month research period, the company determined that most of the incidents, to a great extent, originated from the underground hacker realm and market hub within the dark web.
The security firm mentioned that researchers employed artificial intelligence and data mining tools for the process of scanning through the dark web databases and identifying what is distinctly termed “intelligence” in 30 of the “leading gambling casinos” to understand the imminent threats that face this industry.
Nonetheless, the identity of the said casinos remained anonymous.
What’s more, IntSights utilized professional personnel who they said boast backgrounds in the “elite intelligence security and military intelligence.”
The dark web, in a basic definition, is an exclusive portion of the global internet which is only accessible through particular software provisions.
It typically allows website operators and its users to remain not only untraceable but also anonymous.
Of the more than 1,500 identified threats in the supposed six-month period, over a quarter of the risks had close relations with the so-called “carding” scene on the dark web (player membership casino schemes).
In the subsequent investigation on the dark web, this system reportedly examined data from black markets, hacking forums, closed groups in typical instant messaging forums and hacking forums not to mention “paste sites.” Consequently, when on the surface web (which is the regular internet that exists outside of the dark web), this system is purported to have scanned and verified paste sites and search engines, not to mention websites belonging to major firms in the said gaming industry.
The findings were published in a comprehensive report which was labeled “Gaming and Leisure Cyber Security Benchmarking Report.” In this report, the company went on to outline the said threats.
The threat signs included:
- 86 attempted or successful slot machine hacking cases.
- 95 hacking tutorials on offer.
- 55 cases of casino chips on sale offers.
- 61 cases of “scam guides” concerning casino resorts.
- 19 DDoS (Distributed Denial of Service) attacks on casinos.
- 63 point-of-sale hacking tools cases.
- 289 cases of information on illegal cash-out techniques together with 141 customer logins holding cash balances on sale cases.
Furthermore, the report also mentioned that the research was carried out anonymously with the scanning process taking place within the company’s cloud infrastructure.
To acquire the information on actual and/or potential threats, the IntSights report stated that researchers mainly searched for distinct signs on the dark web.
The signs include:
- Indicators of the intention to scam.
- Damaged or hacked company assets.
- Internal company logins.
- Leaked personnel credentials which could readily be utilized in the further infiltration of a concerned company’s systems.
- Registered phishing or fake domains.
- Staff listed as a target by “malicious actors.”
IntSights stated that this report would go a long way in assisting security teams in fortifying and resourcing their infrastructure to better combat attacks and threats.
Previous instances of security threats targeted toward the gaming industry support the claims by IntSights.
For instance, Las Vegas Sands Corp suffered a detrimental hacking attack in the wake of the year 2014 (February) which resulted in the widespread theft of customer data.
In the same year, it later surfaced that U.S. courts were in pursuit of anonymous registrants of 35 domains and websites (Chinese-language) for purportedly illegally employing trademarks owned by the Las Vegas Sands, which apparently has authorized casino operations in Macau.
Later in the year after the incidents, Galaxy Entertainment, a casino operator based in Macau, issued a warning to the public regarding fake websites illegally using the brands of the company.