GAMBLING CYBERSECURITY

The need for cybersecurity for online casinos is also explained by operators’ preferences

Online casinos and gambling sites face increasing threats because they are attractive, potentially highly lucrative targets for cyberattacks, as described above.

However, some gambling site operators prefer commercial considerations over cybersecurity, despite being aware of the importance of security measures to support the use of their platforms and protect themselves from potential financial losses and harm to reputation.

This only underscores the importance of effective cybersecurity for the online casino and gambling industry.

Cyberthreats that effective cybersecurity for gambling operators must address

The main cyberthreats that target online gambling sites include:

• Credential stuffing – in which hackers fraudulently gain access to valid username and password combinations from one compromised site and use them to access other sites. Credential stuffing is a common type of cyberattack targeting gambling operators.
• DDoS attacks – which extremely slow down communication or cause servers to crash.
• Phishing – a common type of attack, which can target both players (with a possible offer of a bonus, for example) and employees (as when an attacker misrepresents himself as an IT manager).
• SQL attacks – perpetrated in order to add, delete, modify or steal data.
• Third party and supply chain management – many online gambling operators rely heavily on numerous third parties, which increases the risks they face. The main concerns in this regard are user data confidentiality and potential cyberattacks on their own organization due to the compromise of a third-party product or service. The risk is amplified when organizations fail to vet large providers as meticulously as smaller ones.
• Ransomware – this type of threat is presently not high on the list, but is a growing threat. According to a UK National Cyber Security Centre (NCSC) report published in 2021, stakeholders identified ransomware as a key threat to the industry. They added that these attacks were becoming more sophisticated, targeted and aggressive. The stakeholders feared that ransomware attacks might develop into the most severe threat both in terms of their ability to defend themselves against a possible attack and in terms of potential impact.

The importance of cybersecurity for gambling platforms with respect to regulatory compliance

Due to the huge amount of personal information and payment credentials collected by gambling operators and online casinos, they are required to adhere to strict regulations, including:

• The PCI DSS (Payment Card Industry Data Security Standard), which applies to every business that stores, processes or transmits cardholder data. 
• The EU GDPR (General Data Protection Regulation): a pan-European data protection law that requires organizations to manage data appropriately, with heavy fines and penalties imposed on those who fail to comply.

Examples of recent attacks that could have potentially been avoided with ACID’s gambling cybersecurity solution

The following examples of cyberattacks emphasize the importance of implementing effective cybersecurity measures to protect gambling operators and online casinos:

• Icebreaker cyberattacks: Since September 2022 and into 2023, a social engineering cyberattack campaign has been targeting the gambling and gaming industries. According to The Hacker News, the threat actor poses as a customer while initiating a conversation with a support agent of a gaming company under the pretext of having account registration issues. The adversary then urges the individual on the other end to open a screenshot image hosted on Dropbox.
• Activision: In December 2022, the company, developer of Call of Duty, was breached. It only revealed in February 2023 that the perpetrators gained access to sensitive data on employees, as well as content schedules.
• Clubillion: A data breach in the popular gambling app with data hosted on Amazon Web Services was detected by a vpnMentor research team in March 2020, and was plugged only 17 days later. The breach originated in a technical database built on an Elasticsearch engine. The daily activities of millions of users worldwide – up to 200 million records per day (50 GB), including details of technical activity of Android and iOS users around the globe, were recorded. According to vpnMentor, “every time an individual player took any action on the app, a record was logged.” The compromised data included customers’ names, IP addresses, phone numbers, email addresses, private messages and rewards. Cybersecurity Insider summarized the potential effect of the breach: “Clubillion Data Breach could spell deep trouble to the future of the gaming app as it can lead to loss of trust among players, force EU’s data watchdog to reprimand it for breaking GDPR rules and make Google Play and Apple Store remove it from their respective platforms as it has failed to protect its user data securely.”
• MGM Resorts International hotels and casinos: In early 2020, the detection of 142 million personal details of MGM Resorts International hotels and casinos offered for sale on the dark web revealed the data breach; the hacker/s had succeeded to exploit a misconfiguration of MGM’s cloud server. The stolen data included personal information of 10.6 million guests, including celebrities (among them then Twitter CEO Jack Dorsey and Canadian musician Justin Bieber); US government officials connected to the FBI, Department of Homeland Security, Department of Justice, and Transportation Security Administration; CEOs and employees at some of the world’s largest tech companies.
• SuperCasino: In January 2020, a data breach of the popular gambling website led to the exposure of customers’ private information (names, usernames, registration dates, email addresses, phone numbers, and other data for internal use). Although the company insisted that financial data (credit card information, payment credentials) and passwords were unaffected, it urged its customers to change their login details and be watchful for possible scams.
• SBTech: In March 2020, SBTech was the victim of a ransomware attack due to which its online sports and casino betting platforms were offline for about a week. The attack also affected a large number of online betting sites powered by the company, as reported by ZDNet. To cover damage incurred by customers, the company placed US$ 30 million in escrow.

The benefits of ACID’s cybersecurity for gaming operators

Gambling site operators failing to protect themselves adequately from cybercrimes place themselves at risk of great financial loss – both directly, and as a result of fines due to non-compliance with regulations and standards. They are also at risk of great harm to their reputation.

ACID offers an exceptionally cost-effective solution for online gambling operators and online casinos: It deploys clusters of bots and implements advanced AI algorithms in order to detect the first signs of an attack in the clear, deep and dark web and in multiple other sources, as early as in its initial planning phase. Once such signs are detected, ACID alerts the targeted company in real time, providing all the available information – including screenshots of threats detected on the dark web and deep web, which clients may be reluctant to access themselves. ACID continues to monitor the sources, using client-specific keywords in several languages, and provides updates with any additional data as it becomes available.

While ACID scans numerous, diverse sources 24/7/365, upon a specific request from clients, it can include additional sources that they are particularly interested in and scan those as well.

Additionally, ACID conducts widespread monitoring activities to detect any hacked accounts that may be offered for sale, indicating that a company has already been breached, to enable it to take appropriate action.

ACID’s state-of-the-art solution provides real-time alerts to cyberattacks waged against gambling sites and online casinos, even as early as in their planning stage. The initial information provided and the subsequent updates enable the targeted companies to implement effective countermeasures to mitigate the effects of an attack or foil it altogether, and support them in maintaining their business continuity.