Cyber security is important
for every sector, but particularly for some. For health services which rely on
strong communications with patients and professionals, it can literally be a
matter of life and death. For financial institutions,which rely on the ability
to send and receive large sums of money, it can be critical to keeping firms in
business.
But another, often less
often considered sector for which it’s absolutely essential is the online
casino industry. The reasons for this are threefold. Firstly, online casinos,
by their very nature, hold a great deal of potentially sensitive information
about their customers – including names, addresses, bank details and even their
betting history. They’re obliged to do this by law – so they know everyone
gambling with them is of the right age, and not using them to launder money.
Secondly, there is a
constant flow of money in both directions as well as considerable sums held in
the forms of deposits by players. Thirdly, if an online casino gains a
reputation for not being 100% secure, it also brings into question a whole lot
of other issues around whether it can be considered trustworthy at all.
The cost of
cyberattacks
It’s this potential for
reputational damage that can force even the most well-established businesses to
the brink of collapse – and even beyond. Luckily, there haven’t been many high-profile
instances of this in the casino industry to date. One of the most significant
attacks was when IT professional Ashley Mitchell stole
400 billion chips (worth £7.5 million) from an American poker site in 2011.
He was caught and sentence to two years in prison.
Communications company TalkTalk discovered the damage a cyberattack could do when it was the target back in October 2016. In their case, they shed around 100,000 customers in short order as well as sustaining costs estimated as being around £60 million.
Even the biggest and most successful online casino operators could be fatally wounded if this happened to them.So any online casino with plans to thrive has to have a range of robust measures in place. The leading operators invest a huge amount of money each year into keeping themselves and their customers safe from hackers who would dearly love to sink their businesses and extort some money in the process. That’s why you’ll see robust security measures, as well as a huge range of games, in place at a highly secure online casino such as 888, which also has responsible gaming measures and tools.
Here are the main threats
casinos need to be aware of – and how they’re dealing with them.
The DDoS threat
The greatest fear of any
casino is that it’s going to be a target of a Distributed Denial of Service
(DDoS) attack that will effectively act to paralyse their business. As most
casinos rely on being available 24/7 to their customers, any attack that
compromises this ability is treated very seriously.
With more and more of these kinds of attacks happening all the time – 2018 saw a rise of 37% over the number reported in 2017 – DDoS issues are pretty high risk. And it’s not just the number of the attacks that’s on the rise, the size of them is increasing too.
DDoS attacks involve hackers
gaining control over unsecured devices on a network, before flooding a website
with an unmanageable level of requests by bots. The volume of requests can
effectively paralyse a server, which often burns out and results in a website
collapsed. However, sometimes the server can fight back and cause the corrupted
devices to burn or explode.
Why might someone launch a
DDoS attack at an online casino? Hackers can use the opportunity to steal
everyone from chips to customers’ information.
A DDoS attack can shut down
an online casino for a prolonged period of time, damaging its reputation as
well as its ability to trade, which could amount to millions in just a short
time.
Back in 2016, a 602
gigabytes per second attack knocked out the BBC website and was considered to
be a major attack. But fast forward to 2018 and within the space of five days
two attacks of 1.3 and 1.7 terabytes a second respectively were recorded in the
USA. In both cases over 17,000 Memcached systems were highjacked for
amplification purposes, hence the huge size of the attacks.
It goes without saying that
online casino sites face exactly the same problem as every other site in
fending off a DDoS attack – namely, how to differentiate between their normal
traffic and that which is being sent to them with malicious intent.
As this is difficult to do
at the best of times, casinos need to concentrate more on having strategies
designed to mitigate the effects of an attack, especially when these are
attacking several vectors simultaneously.
To offer protection, there
are various different strategies.
Black Hole Routing
Although something of a
blunt instrument, sometimes this is the only option available. It involves
routing all traffic into a so-called ‘black hole’ as a means of protecting the
site as a whole. Inevitably, it means some of the legitimate traffic is directed
away from the site risking customer dissatisfaction.
Rate limiting
Although probably not enough
on its own to protect casinos from a complex attack, rate limiting undoubtedly
has the potential to slow down traffic enough to at least let the site continue
working until the issue has been resolved.
Web application firewall
It’s reasonably safe to
assume that all online casinos have an effective web application firewall in
place. These can be particularly effective when the attack is on the Application
Layer of a site and can help to filter out communications that are sent with
malicious intent. An especially useful feature of this method is that it can
quickly customise itself to be able to identify and separate out legitimate
traffic from that associated with an attack.
Anycast network diffusion
Undoubtedly one of the most
effective methods of dealing with a DDoS attack, this works in the same was as
diverting a flooding river into a series of smaller streams. In this instance,
it achieves this through using a network of distributed servers that can
successfully absorb the traffic without disruption being caused.
Other
cybersecurity issues which could affect casinos
Cyber hacking
While these are all measures that are capable of dealing with a serious attempt to bring a casino to its knees, the operators also have to be acutely aware of the dangers of hacking. As we’ve already mentioned, online casinos hold a wealth of information about their customers that could be very profitable indeed if it fell into the wrong hands.
So it’s fairly safe to
assume that the highest levels of encryption technology are used and this may
well also be requirement for the casino to hold its operator’s licence. Any
reputable casino should also have the information readily available about its
levels of security and any that don’t should probably be given a wide berth.
Phishing scams
This is a way hackers trick users into giving up their personal information or flooding their devices with malware. Understandably, it’s one of the top business concerns. The two types of phishing are:
-
Spear phishing – cyber attackers
identify particular individuals (usually a Financial Director) to infect the
computers of specific people at an organisation.
-
Whale phishing – hackers go after big
targets such as board members of a company, and hold their accounts to ransom.
Companies are usually pretty
well trained on how to spot a phishing scam by looking out for:
- Impersonal emails
- Poor English
- Requests for personal information
- URLs that don’t match the link
provided - Suspect files attached
Summary
Of course, as with every
sector, keeping one step ahead of the cyber criminals is a full-time occupation
for online casinos with new and more sophisticated threats arising the whole
time. But we can be sure that no-one is more aware of this fact than the
casinos themselves who will be taking every step possible to mitigate the risks
or, better still, eliminate them entirely.
