George Clooney and Brad Pitt in Ocean’s 11 looked pretty dapper en route to a $150M heist at three major casinos. Cyber-criminals may lack the handsome dapper look of the original Hollywood cast but some of them are having even better success attacking these gambling enterprises. It’s not just the fancy casinos on the strip either, online establishments are also feeling the sting of cyber attacks.
Casinos can make easy targets for cyber attacks because of the myriad of connected devices. Think about the networking infrastructure, the security cameras and then think about all the public-facing ATMs, card readers, slot machines. You name it, if it’s connected to the network it’s an entry path for cyber criminals. Proper patching and having a vulnerability system can prevent some of these attacks yet it’s a constant battle against well-armed foes.
Add up the impact of the two big casinos such as the Las Vegas Sands and The Hard Rock Hotel & Casino and the total was about $1Billion due to cyber attacks on both the gaming and internal networks. The FBI concluded that the attackers were Iranian hackers that were behind the Las Vegas Sands attack. Not only did they get into the network but they ended up with a lot of personal data on hotel customers as well. Down the strip, Bloomberg estimated that the attack on the Venetian and Palazzo which had their network taken down and private information leaked, the cost of the damage was about $40M. This doesn’t include the hidden cost of reputation damage and the loss of confidence of customers.
There are no hidden headphones or special vans parked outside when it comes to an online gaming enterprise, a market estimated at over $40 Billion. DoS or other methods are being used to get into online sites where the damage can be more severe than at a brick and mortar counterpart. Hack into a game and you are likely to lose gamblers in a hurry, creating very rapid losses for online gambling operators.
Within DDoS, Advanced Persistent Threats (APT) is when co-ordinated DDoS attempts with other web-based attacks are used in a multi-phase lengthy campaign persisting over weeks or even months at a time. Short, single vector attacks go straight at it and typically is the work of very focused individuals who pay a nominal fee at any of the many botnets for hire services.
The smart thermometer attack in the fish tank hack at a casino was ingenious in that hackers were able to get into the fish tank, into the database, back across the network, and then out of the thermostat into the cloud. With more devices connected, it’s going to be increasingly challenging for casinos to keep their networks safe from the onslaught of attacks.
Protecting the slot machines and every valuable asset is a necessity when it comes to keeping a network safe. The first order of business when it comes to protecting a casino is to get full visibility of what's actually connected. A systematic approach to applying patches can help reduce vulnerabilities at casinos and should be part of an overall security and protection plan as well. Monitoring the traffic is important and making sure that certain devices communicate within their respective separate zones (or segments) can also help casinos protect their networks and contain the damage if a breach occurs.
At Ordr, segmentation applies to both ends of the spectrum of detection/isolation and protection/prevention. On the side of detection, reaction and remediation we rate risk by levels when we see unusual activity such as a device unnecessarily scanning a network, or injecting unwanted packets. While setting off an alarm is one thing at a casino, we don’t think its enough to say “hey this machine is bad”. At Ordr, our system sends the alert but also we send all the remediation procedures with it. For example, the notice will be this Slot Machine which is connected to this particular Cisco switch on this port number 27 needs to be shut down or we need to quarantine this machine using VLANs. Another productive message can be “this HVAC controller on the main casino floor with this particular MAC address connected to this AP/wireless controller needs to be blacklisted.”
The damage at a casino can be very high, and hackers attack casinos because simply, that’s where the money is. We’re building and deploying a smart system that can isolate bad actors quickly when something suspicious comes up in a casino’s network. The proactive protection that we provide takes it a step further as we understand the flows and we whitelist certain transactions such as the application, protocols, and destination. The system is constantly learning and observing flows and noticing deviations if any. George Clooney will be impressed.