Every year casinos attract millions of players and billions of dollars via both physical venues and their associated online platforms. And the industry is estimated to grow by $11.42 billion between 2021 and 2025. Players trust casinos with both their funds and their personal data, so it is no surprise that threat actors are targeting these venues. Cyber criminals today are also targeting online gaming sites, where there is significant potential for fraud, website compromises and man-in-the-middle attacks. In fact, gaming companies saw a 260% increase in online attacks from Q4 2021 to Q1 2022.
The recent successful cyber attacks on MGM Resorts International and Caesars Entertainment resulted in the halting of gaming and hotel operations at properties nationwide. This cyber attack has cost the companies millions of dollars in revenue and adversely affect their reputation. Technology in the casino industry changes rapidly, giving hackers more opportunities to target systems via mobile payments, online games, third-party suppliers, and IoT devices.
A Ransomware Warning to Casinos
Recently, 14 casinos across Canada were victims of a successful cyber attack that shut down operations. Russian state threat actors are suspected to be behind the many cyber attacks on casinos due to the Russia-Ukraine conflict. Successful cyber attacks on casinos have resulted not only in shutting down systems and but also have demanded ransoms in return, as well as the exfiltration of sensitive customer data to sell on the dark web.
Cyber attacks on casinos are nothing new, especially in Las Vegas, the mecca of gambling. From 2014 to 2022 there were at least 10 attacks on Vegas casinos, leaving these organizations unable to fully operate until system restoration was complete, causing significant financial and reputational damage.
Online Gaming Under Attack
Online casino customers need to have confidence in the application authentication process, and that their transactions are secure. Gaming platforms use multiple payment platforms and gateways to handle customer data, from PayPal and Skrill to traditional card-based payment networks like Visa and Mastercard. However, relying on these third-party solutions to access, hold, and process customer data puts casinos at a higher risk of being breached by malicious actors. In a 2022 report, 54% of businesses have suffered a data breach caused by a third party, and casinos need to ensure that business-critical data is secure throughout its lifecycle.
The Internet of Things
Casinos use IoT technologies to help automate and streamline their customers’ experience. This is achieved through wearable device gaming, smart lighting and cameras in venues, motion detectors, consumption tracking technology, trackable casino chips, and remote check-in and check-out. These devices are often targeted by hackers looking to infiltrate the casino as was the case for a North American casino in 2017. In this attack, cyber criminals managed to infiltrate the casino’s network by exploiting a vulnerability in the smart thermometer of an IoT-connected fish tank. Once inside, they accessed a database of high-roller customers and uploaded this data into the cloud.
Account Takeover Fraud
Online gambling services are regularly targeted by Account Takeover (ATO) fraud. Malicious actors target personal information to withdraw remaining funds or unique loyalty benefits from the victim’s account. Beyond the direct costs, compensation fees, and hours of recovery time, ATO can damage brands permanently by destroying the trust and loyalty of customers.
Identify, Notify, and Shield
Cybersecurity solutions for casinos should provide a superior level of protection against incoming threats without hindering business activities or negatively impacting customer experience. Centripetal’s CleanINTERNET® protects casino operations and proactively defends them against ransomware attacks, assuring gaming and entertainment organizations that their reputation, their customer data, and their partner data are all protected.
CleanINTERNET® is an intelligence-powered security solution using high performance computing technology, patented software algorithms and uniquely skilled security analysts to deliver a robust alternative protection strategy at significantly lower cost. CleanINTERNET® presents an alternative approach to cybersecurity, putting threat intelligence at the forefront, moving from reactive to proactive defense, and helping security teams be more efficient and effective.
Chat with our team today to proactively protect your casino. Get in touch.