Online casinos are a potential target for criminals. These establishments serve as bank-like platforms for customers – making attacks on virtual casinos all the more lucrative for bad actors.
This study looks at significant threats facing the online casino industry in 2023. Whether you’re an apprehensive new bettor or a software developer for a casino, there’s something relevant to you in this piece.
What Is an Online Casino Cyber Attack?
A ‘cyber attack’ is a broad term for various criminal activities. Essentially, this type of offence takes place over the Internet – with the intention being to steal information, money, or both. Online casinos are targeted for cyber attacks due to the significant investment of money and personal data from punters.
And if you think that only small platforms are hit by cyber attacks, think again. Two globally recognised websites, BetMGM and Caesars, were hit in mid-2023, leaving customer information in the air. Even the most stringent of defences can be overloaded by an intricate attack – hence the importance of encrypted data.
What Types of Cyber Attacks Are There?
Cyber attacks come in many different shapes and sizes – but most criminals take the same course of action repeatedly. This is because the most-used type of attack works better than new-age alternatives. However, this also means that online casinos are well-equipped to deal with such attacks.
DDoS
First is the DDoS (Distributed Denial of Service) attack. With DDoS attacks, criminals overload the casino’s servers by throwing loads of traffic at the website. Although online casinos are developed to handle plenty of traffic, DDoS attacks are specially designed to barrage casinos with data. In turn, the servers ‘overheat’ and shut down. As a result, players can’t access the site any further, and the casino loses out on potential revenue. This attack type is not limited to online casinos but is commonly seen on such platforms – with aggressors keen to disrupt the service during significant events.
It should be noted that most DDoS attacks target the casino itself rather than player information. However, some DDoS attacks are used with other means to extract customer data while the platform is offline and vulnerable. Here are some types of the attacks described:
Phishing Scams
Phishing attacks are particularly detrimental to online casinos. This is because a phishing scam requires an attacker to pose as a real online casino and request information from a customer. To acquire this information, criminals send fake emails to customer’s email addresses.
The innocent customer, believing that the online casino is simply looking for additional ID verification or payment information, opens the email and provides sensitive information. The attacker takes this information and sells it on the dark web or uses it for personal gain – with many bettors none the wiser until it’s too late.
A fascinating feature of phishing scams is that they don’t cause damage to the online casino’s infrastructure. The real problem lies with the casino’s reputation and depth of security systems.
Malware & Viruses
If you’ve ever surfed the Internet, you’ve probably encountered an ad, email, link, or website containing malware. In basic terms, malware is downloadable software that grants criminals access to personal information, security systems, and other sensitive data.
Through no fault of their own, online casino employees are at a significant risk regarding malware. This is because employees are vectors for the casino’s back-end – and by getting the employee to download malware accidentally, the criminal can access crucial files. Therefore, casino operators must ensure all employees stay safe while accessing company information. Even more important is the addition of firewalls, antiviruses, and MFA (Multi-Factor Authentication).
Examples of Online Casino Cyber Attacks
Now that we’ve covered the most common types of cyber attacks, it’s time to delve into specific examples. Casinos worldwide are targeted by attacks of this kind, with significant industry players falling victim to malware and DDoS onslaughts.
BetMGM & Caesars – 2023
Though they may be rivals in the gambling space, BetMGM and Caesars are on the same page regarding cybercrime. The pair were struck by an attack in September 2023 – which resulted in the breach of customer data for millions of players. Specifically, staff at BetMGM and Caesars believed that the information acquired by thieves contained social security numbers and driver’s license information.
Due to the sensitive nature of the attack, very little information on the attacker’s process exists. However, according to expert opinions obtained by NPR, this attack appears to be a tremendously sophisticated phishing scam. The organisation behind the attack is known for text and email phishing attacks – with the goal being to bypass security systems.
Customers reported needing help to transfer money at on-site ATMs and physical games at the Vegas-based casino. Even worse, the platforms were forced to go offline while their security teams investigated the issue. Although details are limited, it’s believed that a ransom was paid in exchange for deleting stolen data.
Gateway Casinos and Entertainment – 2023
A Canadian firm operating over 30 establishments across the country’s biggest states encountered a massive threat during 2023. The attack was vast – resulting in the shuttering of 14 casinos for a limited time.
Employees reprimanded the company for its silence following the attack in April. It wasn’t until the summer of the same year that Gateway Casinos and Entertainment acknowledged the repercussions of compromised security systems. Eventually, heads at Gateway explained that sensitive employee data was likely exposed to the hackers.
As is standard procedure after an attack, Gateway has been reluctant to provide detailed statements. The attack was severe enough to warrant the complete shutdown of multiple services for two weeks – so it’s safe to assume a severe breach occurred. Whether the shutdown was just for security checks or due to the damage caused by the attack is unclear.
How to Avoid Cyber Attacks
While there’s nothing you can do as a customer to prevent casino-focused cyber attacks, there are some measures you can take to protect your account. Employing two-factor authentication, generating a distinctive password, and allocating a single email address per account will offer vital safeguarding, even within safe online casinos, against basic threats.
If your profile information is compromised in an obvious way – which can be evidenced by receiving phishing scam emails or texts – then you should change your password and/or email address immediately. In addition, it’s worth contacting the casino to inform them of the issue.
For casino employees, the same protocols apply. A particular element of common sense is required to avoid scams – but you can do little if a breach has been made on the site’s security systems. Just cancel any payment cards associated with the account immediately and contact the relevant authorities.
How Common Are Cyber Attacks?
As the Internet becomes more prevalent in today’s world, further online casino cyber attacks are to be expected. Statistics published by Arkose Labs show that between the end of 2021 and the start of 2022, a 260% increase in iGaming cyber attacks was seen. In the eight years following 2014, Vegas-based casinos averaged one attack or more per year. Damning statistics from Security Magazine reported 2,200 cyber attacks every single day – bringing up an average of one attack every 39 seconds. This number grows week-to-week, with an expectation that we’ll see attacks every second in the future. Most of these attacks, at around 85%, were based in Europe – but the US is also a target.
So, cyber-attacks are common enough to be given appropriate attention. Online casinos should seek to defend against cyber attacks on multiple fronts – especially considering many wars are fought online.
The most concerning aspect of all of this is the methods used to carry out assaults. Just 1% of cyber attacks are carried out by humans, with 99% of strikes thrown by bots and AI. The most prominent type of cyber attack was account fraud – making innocent bettors the victims in a more significant battle between corporations and hackers.
Mentioning AI perks the ears of most. AI has been around for years, but it’s only now that cyber attack groups are genuinely beginning to understand its power. Yogonet has revealed that AI-focused studies are bringing up more complex signatures than ever before – with attacks 3x more complicated than those of the last decade. An incredibly stringent security infrastructure is needed for online casinos to avoid being hit by multiple cyber attacks per year. The number of attacks will only grow from here on out – operators must simply avoid letting any attempts bear fruit.
![The Richest Gamblers in the World [TOP 15]](https://www.slotozilla.com/au/wp-content/uploads/sites/35760/new_uploads/2024/02/blog-sz-au-1-215x161.webp)
