Report on Security Incidents in the Gambling Industry Internet gambling attracts quite a large number of online criminals who are hungry for easy money. Since March 2018, I have been responsible for cybersecurity at The Marble Online casino. Since then, we have had to deal with many different online threats in the casino, but not like the latest one. Last Monday we received a cyberextortion email from an online criminal group threatening to take the casino offline using a distributed denial of service (DDoS) attack unless the casino paid them a $5 ransom. BTC. When this occurred, we alerted the casino's IT security team to prepare for a possible imminent DDoS attack, and then took no further action. Say no to plagiarism. Get a tailor-made essay on “Why Violent Video Games Should Not Be Banned”? Get the original essay At the time, the best European online casinos did not have a system in place to prevent this type of attack. Shortly after, four days later, on a Friday evening, the DDoS attack was launched against the casino's online resources and the casino's website was taken offline for 30 minutes. Therefore, casino users were unable to play for 30 minutes as the casino was unavailable for them. Analysis and Investigation Later on Monday, we came together as a cybersecurity team and conducted an analysis of the attack. After extensive investigation, we linked the attack to the same criminal group that sent the extortion email. Malicious actors invest a lot of time to compromise an environment for malicious purposes. We discovered that the traffic was coming from Australian and overseas IP addresses. The analysis also showed that it was a volume-based attack that included UDP, ICMP, and other spoofed packet floods. UDP floods targeted User Datagram Protocol (UDP) packets from the website that flooded random ports, causing the application listening to that port to repeatedly check. As no applications were found in the endless cycle of requests, this process monopolized the resources of the casino website, making it inaccessible to users. ICMP floods overwhelmed the casino's online resources with ping packets without waiting for responses. This consumed the bandwidth of the online casino, causing a slowdown. Volume-based attacks like this saturate the bandwidth of the targeted resource, the casino resources in this case. We received another email threatening a much longer attack unless a ransom of 10 BTC is paid to the criminal group.Brief Risk AssessmentHigh risk profile; Having a large online presence and being a well-known brand, The Marble Casino was most likely at the top of the criminals' target list. In this case, the criminals were clearly motivated by financial gain as they demanded a huge ransom. High risk industry; With online gaming, a little downtime disrupts services and user experience. Marble Casino must be online and operating 24/7, creating a single point of failure where criminal groups can attack. Casino users depend on a consistent and reliable online presence of the casino web pages. Potential impact on business includes: ReputationA DDoS attack could reduce customer confidence in casino services and online security and result in overall reputational damage. A study organized by Corero found that deteriorating customer trust is the most damaging consequence of DDoS attacks for online businesses today, ranking it at 42%. Service disruptionVolume-based attacks cause outages of an online service and therefore users cannot access it. services. DDoS could take control of the casino's online resources, leaving none for its intended users. Cybercriminals can use such attacks to disrupt an online business, like The Marble Casino, by flooding its domain with illegitimate traffic. Financial Losses A DDoS attack can make online businesses sweat. A casino can lose considerable revenue when its online services are interrupted, even for a short time. Additionally, a deterioration in customers' trust in the casino due to the attack could encourage them to play at the casino's competitors. In this way, the casino's market share decreases and consequently its profits decrease. Steps for Impending DDOS Attacka)ContainmentMake changes to the casino network to contain the attack. Some of the possible network changes to be made include: Distribute attack traffic Switch to alternative sites or networks using DNS (Domain Name Server) Route targeted traffic to casino services Use caching/proxy Terminate attacks unwanted processes and connections to casino servers and routers Allow other communication channels (VPN Control packet delivery based on session and user details. Eradication To eliminate future DDoS attacks against the casino, implement bandwidth blocking and prioritization, for example by denying site connections based on geographic information, IP address and traffic signatures on the casino's online resources with capable hardware that can support it. scrubbing algorithms, setting limits on traffic volume, traffic priority over individual packet types, minimum and maximum burst size, which involves traffic redirection (spoofed traffic in this case); from its intended destination to a server of choice in order to reduce unwanted requests to the casino's web services.RecoveryChecking normal status: Ensure that the affected online services can be operational again and that the performance of the infrastructure have returned to baseline Verify that traffic is operationally normal again, without a sudden increase. Allow some time to pass since the last attack before traffic flow is considered normal again. Ensure there is no collateral damage, manage if necessary and plan for the future.Rollback; Launching all suspended services and applications. Initiate all mitigation measures and announce the end of the incident to relevant stakeholders. Return to the original network, with all relevant changes in place. Lessons Learned The main lesson we can learn from this unfortunate incident is vital importance of having installed DDoS protection hardware. on the edge of the Internet – something IBM and ABS thought they didn't need. This type of protection is the only way to protect an organization's entire security infrastructure in the event of an attack. If our customers had suffered an attack like this, they probably wouldn't have even noticed the attack was happening, and it certainly wouldn't have compromised them from a security perspective. Like theDDoS attacks target a full spectrum of security risks, it is important to defend your entire security infrastructure and data against potential threats. Be prepared to respond. A proactive and robust cybersecurity strategy, clearly communicated within your organization, is your business's best defense against cyberattacks. Designing and implementing an incident response plan is an essential part of an effective cybersecurity program. One of the reasons Dyn was able to mitigate the attack quickly was because he had a response plan ready. The hackers involved in this incident designed and deployed a unique attack approach, and Dyn was still able to stabilize the breach before it destroyed the company. Your company's cybersecurity strategy must incorporate the ever-changing nature of cyber threats. Focusing too narrowly on specific incidents could hamper your company's ability to respond. CFOs should ensure their business is prepared to respond to new attack methods by running what-if scenarios and testing response capabilities. Your business may not always be fully prepared for planned attacks, but by testing your controls you can reduce your recovery time and cost. On the other hand, it's important not to overcomplicate your response plan. Including recovery steps for every possible scenario will result in a complex document that won't allow employees to act quickly. Instead, your plan should focus on recovery scenarios specific to your critical data, functions, and supply chain. Focus on creating an incident response program that can operate in multiple scenarios, taking into account people, locations, procedures and communications. Invest in people, not just technology. Dyn clearly had a team of experienced professionals to resolve an attack that could have destroyed his business. Every business, large or small, can take a similar approach to fighting cybercriminals. CFOs spend millions of dollars on software and technology to protect their companies against cybercrime, and they should invest more in training their own staff. Human error is the leading cause of cybercrime, according to Verizon's 2016 Data Breach Investigations Report. Training employees about the dangers of cyberattacks should be more than just handing out a list of do’s and don’ts. Be more creative. Consider using gamification for training exercises to present real-world scenarios to employees. One way to do this is to have “mock” hackers try to obtain confidential information from your employees. If your office doesn't respond correctly, the experience could prove to be a big lesson for everyone. For example, you don't want your employees to click on suspicious links in emails, so you train them to forward suspicious links to the security team. Then you send a rolling test email to see what they do. When a user answers correctly, they are rewarded by entering a drawing for a $100 gift card, the winner of which is drawn quarterly. How to implement the playbook to ensure relevant stakeholders are aware of and committed to the steps you have recommended. Be clear about the objective of your stakeholder engagement. The objective..

Essay / Report on Security Incidents in the Gambling Industry Internet gambling attracts quite a large number of online criminals who are hungry for easy money. Since March 2018, I have been responsible for cybersecurity at The Marble Online casino. Since then, we have had to deal with many different online threats in the casino, but not like the latest one. Last Monday we received a cyberextortion email from an online criminal group threatening to take the casino offline using a distributed denial of service (DDoS) attack unless the casino paid them a $5 ransom. BTC. When this occurred, we alerted the casino's IT security team to prepare for a possible imminent DDoS attack, and then took no further action. Say no to plagiarism. Get a tailor-made essay on “Why Violent Video Games Should Not Be Banned”? Get the original essay At the time, the best European online casinos did not have a system in place to prevent this type of attack. Shortly after, four days later, on a Friday evening, the DDoS attack was launched against the casino's online resources and the casino's website was taken offline for 30 minutes. Therefore, casino users were unable to play for 30 minutes as the casino was unavailable for them. Analysis and Investigation Later on Monday, we came together as a cybersecurity team and conducted an analysis of the attack. After extensive investigation, we linked the attack to the same criminal group that sent the extortion email. Malicious actors invest a lot of time to compromise an environment for malicious purposes. We discovered that the traffic was coming from Australian and overseas IP addresses. The analysis also showed that it was a volume-based attack that included UDP, ICMP, and other spoofed packet floods. UDP floods targeted User Datagram Protocol (UDP) packets from the website that flooded random ports, causing the application listening to that port to repeatedly check. As no applications were found in the endless cycle of requests, this process monopolized the resources of the casino website, making it inaccessible to users. ICMP floods overwhelmed the casino's online resources with ping packets without waiting for responses. This consumed the bandwidth of the online casino, causing a slowdown. Volume-based attacks like this saturate the bandwidth of the targeted resource, the casino resources in this case. We received another email threatening a much longer attack unless a ransom of 10 BTC is paid to the criminal group.Brief Risk AssessmentHigh risk profile; Having a large online presence and being a well-known brand, The Marble Casino was most likely at the top of the criminals' target list. In this case, the criminals were clearly motivated by financial gain as they demanded a huge ransom. High risk industry; With online gaming, a little downtime disrupts services and user experience. Marble Casino must be online and operating 24/7, creating a single point of failure where criminal groups can attack. Casino users depend on a consistent and reliable online presence of the casino web pages. Potential impact on business includes: ReputationA DDoS attack could reduce customer confidence in casino services and online security and result in overall reputational damage. A study organized by Corero found that deteriorating customer trust is the most damaging consequence of DDoS attacks for online businesses today, ranking it at 42%. Service disruptionVolume-based attacks cause outages of an online service and therefore users cannot access it. services. DDoS could take control of the casino's online resources, leaving none for its intended users. Cybercriminals can use such attacks to disrupt an online business, like The Marble Casino, by flooding its domain with illegitimate traffic. Financial Losses A DDoS attack can make online businesses sweat. A casino can lose considerable revenue when its online services are interrupted, even for a short time. Additionally, a deterioration in customers' trust in the casino due to the attack could encourage them to play at the casino's competitors. In this way, the casino's market share decreases and consequently its profits decrease. Steps for Impending DDOS Attacka)ContainmentMake changes to the casino network to contain the attack. Some of the possible network changes to be made include: Distribute attack traffic Switch to alternative sites or networks using DNS (Domain Name Server) Route targeted traffic to casino services Use caching/proxy Terminate attacks unwanted processes and connections to casino servers and routers Allow other communication channels (VPN Control packet delivery based on session and user details. Eradication To eliminate future DDoS attacks against the casino, implement bandwidth blocking and prioritization, for example by denying site connections based on geographic information, IP address and traffic signatures on the casino's online resources with capable hardware that can support it. scrubbing algorithms, setting limits on traffic volume, traffic priority over individual packet types, minimum and maximum burst size, which involves traffic redirection (spoofed traffic in this case); from its intended destination to a server of choice in order to reduce unwanted requests to the casino's web services.RecoveryChecking normal status: Ensure that the affected online services can be operational again and that the performance of the infrastructure have returned to baseline Verify that traffic is operationally normal again, without a sudden increase. Allow some time to pass since the last attack before traffic flow is considered normal again. Ensure there is no collateral damage, manage if necessary and plan for the future.Rollback; Launching all suspended services and applications. Initiate all mitigation measures and announce the end of the incident to relevant stakeholders. Return to the original network, with all relevant changes in place. Lessons Learned The main lesson we can learn from this unfortunate incident is vital importance of having installed DDoS protection hardware. on the edge of the Internet – something IBM and ABS thought they didn't need. This type of protection is the only way to protect an organization's entire security infrastructure in the event of an attack. If our customers had suffered an attack like this, they probably wouldn't have even noticed the attack was happening, and it certainly wouldn't have compromised them from a security perspective. Like theDDoS attacks target a full spectrum of security risks, it is important to defend your entire security infrastructure and data against potential threats. Be prepared to respond. A proactive and robust cybersecurity strategy, clearly communicated within your organization, is your business's best defense against cyberattacks. Designing and implementing an incident response plan is an essential part of an effective cybersecurity program. One of the reasons Dyn was able to mitigate the attack quickly was because he had a response plan ready. The hackers involved in this incident designed and deployed a unique attack approach, and Dyn was still able to stabilize the breach before it destroyed the company. Your company's cybersecurity strategy must incorporate the ever-changing nature of cyber threats. Focusing too narrowly on specific incidents could hamper your company's ability to respond. CFOs should ensure their business is prepared to respond to new attack methods by running what-if scenarios and testing response capabilities. Your business may not always be fully prepared for planned attacks, but by testing your controls you can reduce your recovery time and cost. On the other hand, it's important not to overcomplicate your response plan. Including recovery steps for every possible scenario will result in a complex document that won't allow employees to act quickly. Instead, your plan should focus on recovery scenarios specific to your critical data, functions, and supply chain. Focus on creating an incident response program that can operate in multiple scenarios, taking into account people, locations, procedures and communications. Invest in people, not just technology. Dyn clearly had a team of experienced professionals to resolve an attack that could have destroyed his business. Every business, large or small, can take a similar approach to fighting cybercriminals. CFOs spend millions of dollars on software and technology to protect their companies against cybercrime, and they should invest more in training their own staff. Human error is the leading cause of cybercrime, according to Verizon's 2016 Data Breach Investigations Report. Training employees about the dangers of cyberattacks should be more than just handing out a list of do’s and don’ts. Be more creative. Consider using gamification for training exercises to present real-world scenarios to employees. One way to do this is to have “mock” hackers try to obtain confidential information from your employees. If your office doesn't respond correctly, the experience could prove to be a big lesson for everyone. For example, you don't want your employees to click on suspicious links in emails, so you train them to forward suspicious links to the security team. Then you send a rolling test email to see what they do. When a user answers correctly, they are rewarded by entering a drawing for a $100 gift card, the winner of which is drawn quarterly. How to implement the playbook to ensure relevant stakeholders are aware of and committed to the steps you have recommended. Be clear about the objective of your stakeholder engagement. The objective..

Navigation

« Prev 1 2 3 4 5 Next »

Get In Touch