Casino Rama Resort hit by data breach
The Casino Rama Resort in Ontario, Canada says its customers, vendors and current and former staff should keep an eye on their bank accounts, credit cards and other financial information after they confessed to being victims of a cyberattack with stolen information dating from 2004 to 2016.
On their website the resort says it became aware of the situation last Friday, 4th November 2016 and stated that the information stolen dates as far back as 2004 and includes: customers’ credit inquiries and collection and debt information; information on employees including payroll data, performance reviews, social insurance numbers and dates of birth; as well as vendor information.
The resort has advised customers, employees and vendors to monitor and verify all bank accounts, credit card and other financial transaction statements and report any suspicious activity to the appropriate financial institution.
Casinos and Resorts Targeted by Cybercrime
Gambling is big business and has long been a target for criminals. With the rise of online gaming and virtual casinos along with the interconectivity needs and technology developments faced by casinos and resorts, there are far more avenues of ingress for attackers to explore.
The relative wealth of gaming/gambling industry means that they can usually afford to spend more than most on security controls to minimise the risks of a breach, but as this attack on the Casino Rama Resport shows – ineffective security strategies or vulnerabilities (perhaps through the supplier chain) can cause a significant amount of sensitive data to be stolen with substatntial damage to reputation as well as revenues.
The ongoing investigations should clarify the extent and causes of the breach but the breadth and depth of information gathered from the Casino Rama Resort indicates that attackers may well have been quietly exfiltrating data for some time, highlighting potential issues with intrusion detection and poor time-to-identify or time-to-contain metrics.
The Increasing Threat of DDoS
Internet gaming companies have been subject to DDoS attackers since the early days of the industry, but the number of attacks have increased in recent years. DDoS overwhelms a company’s website with thousands of requests for information, temporarily paralyzing it until a demanded ransom is paid or the site’s technicians or web-hosting company are able to fend off the threat.
The recent attacks using Mirai botnets are on a completely different scale to previous DDoS attacks and by recruiting millions of vulnerable internet connected devices such as DVRs, Webcams and other devices found in the smarthome, the next generation of DDoS attacks are powerful enough to take down core pillars supporting the Internet as shown by the attack on Dyn (the DNS services company) which took down Twitter, Spotify, Amazon, Netflix and a whole host of other sites and online services.
Infosec Partners can help
Internet gaming companies and global luxury hotel groups are amongst the many significant organisations Infosec Partners have helped. Concerned that your organisation isn’t prepared for a breach or worried that you might have been breached? We can help. From stress testing your security strategy and working with board level and executive leaders to strengthen the cyber culture of your organisation, to hands on the ground support in preparing your security ecosystem and responding to critical incidents. Infosec Partners are proven experts in full-spectrum cybersecurity and a team you can trust.
For your free consultation, complete the adjacent form or to speak with trusted advisor immediately call us on
+44 (0)1256 893662