Industry Insight: The cyber threat

Industry Insight: The cyber threat

Friday, August 14, 2015 Totally Gaming
Craig Jacobs on the stark reality of cyber security

For the 18th year, Black Hat returned to Las Vegas to demonstrate the latest and scariest cyber security information available, writes Craig Jacobs.

This means thousands of security professionals gathered in the center of the gaming world. This begs the question: what would you do if you knew thousands of potential hackers were going to be staying in your buildings for the week?

The stark reality is that the cyber threat is vigilant 365 days of the year. While thousands of threat actors may not be standing in your building every day, the industry would do well to act more like they are. With that in mind it is important for all gaming companies, large or small, online or brick and mortar, to dedicate a team to the cyber security posture of the company.

Last month, the gaming community was once again reminded of this reality. The New Jersey Gaming division acknowledged that a denial of service attack was executed against at least four gaming sites and that service was disrupted for nearly two hours. After the attack subsided ransom demands were received along with the threat of additional attacks.

The dedicated denial of service (DDoS) attack has long been a problem for online gaming sites. Events and peak play times have been plagued by cyber criminals who have exploited gaming companies with increasingly sophisticated attacks.

During the early years of online gaming, with many online casinos operating in a gray area, the attacks were devastatingly profitable for the threat actors. Today, with increased regulation and fewer gray areas, dealing with the cyber threat is more formalized, though not any simpler.

New Jersey seems keen on the cybersecurity threat and on July 27 released an analysis on point-of-sale malware that continues to threaten our payment cards. Of special note in the report is a recently released analysis from Trend Micro about a malware called MalumPOS that specifically targets major point-of-sale vendors.

The memory scraper targets any device that processes credit card information and disguises itself as a video card driver. You can read more of their report here.

With the recent service outages in New Jersey and the payment card breaches affecting casinos, it is important to be as vigilant as the threat. Ask yourself, “What would I do if Black Hat was coming.”


Craig Jacobs is the Director of Incident Response and Problem Management for MGM Resorts International where he drives priority incident escalation, communication restoration, analysis and review. He is also author of Breaching America, which explores what it takes to better protect America's organisations from security breaches.

The views expressed on this site are Mr. Jacobs' and do not necessarily reflect the views of MGM Resorts.


Paddy Power Betfair takes majority stake in Adjarabet


888 secures igaming licence in Portugal


Swedish regulator issues final warning to licensed operators


IG highlights client ‘quality’ as ESMA measures hit

Gaming Products & Services Directory

The essential directory for the gaming industry