Given the volumes of cash swashing around, it's not a surprise that leisure and gaming industries have become a particular target for cyber-crime and a new report suggests there is growing interest on the Dark Web when it comes to attacks on the gaming industry.
The extent and methods used are described by security provider IntSights in its Gaming and Leisure Cyber Security Benchmarking Report, which outlines the results of a six-month research project anonymously searching the clear and dark webs for threat intelligence on 30 leading gambling resorts.
Attacks include the usual DDoS and phishing, to sector specific hacks on slot machines and casino chips.
Threats from the Dark Web over the last six months specifically targeting the gaming and leisure sector have included 19 DDoS attacks on resorts, 29 on gambling affiliates, 30 on free coins generators, 52 validates' accounts for sale, 55 casino chips for sale, 61 scam guides on gambling resorts, 63 POS hacking tools, 69 VPN scams, 70 Stolen CC for cashout, 86 hacking slot machines, 90 hacking tools, 95 hacking tutorials, 141 logins with money balance for sale, 289 cash out methods, 345 carding.
An example of attacks include detailing how a hacker suggests an affiliation partnership to scam gambling companies: “I need someone who is in New Jersey and who wants to help me out and make some money at the same time. Here is the skinny...
I have found a way to use some of the bank logs that I manage to accrue using the personal information I have on various people with both …. poker and ….. I am able to use the instant bank transfer ACH to deposit funds onto my accounts and have two different accounts with pretty large balances in the wallet. Unfortunately, these sites do not let you play if you are not in the state of New Jersey. They are pretty damn good about it too and I have tried a multitude of proxy services and virtual machines to no avail. The only thing left I can think of and have heard from two others that it is successful, is to remote into a computer of someone who lives in New Jersey, and run the client from their computer with my account.
I would need you to get Teamviewer or some other remote access software, and let me remote in and do some gambling. I can then cash out and pay you, or better yet, give you login info of one of my accounts and let you have your own fun. Please let me know if you are interested and available to do this because if it actually does function, we are looking at a fucking GOLDMINE!”
There were some 29 affiliation suggestions for scams found in the past six months. This includes people using free coin generators and sharing them on hacking forums as a way to access and hack into other accounts and computers. In the past six months 30 free coin generators have been offered. Branded poker chips are being sold on the black market and in the past six months 55 have been offered for sale on the black market.
In its research IntSights conducted scanning via the IntSights cloud infrastructure looking for indicators of compromise such as: Stolen credentials that may be used to infiltrate a company's systems; Company employees on target lists posted by malicious actors. These lists can be used by the threat actor or others to launch a phishing or spam attack against the company; Dark Web attack indicators that suggest the intentions of malicious actors to hack, scam or damage company assets, employees or customers. Also, where a company's internal login page has been exposed and can be used by threat actors to infiltrate the company's network and harvest sensitive data, plus where a suspicious fake or phishing domain has been detected which can be used for malicious activity against a company or