Fish hack, no seriously..

Image result for fish face

Credit: Getty Images. NB. not the actual fish involved

We have talked about phishing before and warned you of the dangers of phishing emails that spread malware, ransomware and other toxic payloads. Today however we are talking fish. Actual fish.

It was never going to be long before the obsession with web-enabling everything from air conditioning to kettles, caused a bit of a problem. In this case, a web-enabled fish tank (stay with us) was hacked and using this fish tank’s connection, criminals managed to move through the network and steal data from the fish home a ‘smart tank’  in a casino…

If you consider the use web-enabled equipment, including any animal enclosures, please risk assess it thoroughly and please protect it properly from fishers, phishers and other cyber botherers. Criminals will head for the point of least resistance every time and you need to know where that is before they do.

If you want to view some free content of ours on cyber protection, head over here.

 

Advertisements

Online gambling business – ICO taking a look at user tracking. #DataProtection #GDPR

ImagecourtesyofGualberto107atFreeDigitalPhotos.net

ImagecourtesyofGualberto107atFreeDigitalPhotos.net

The UK Information Commissioners Office (ICO) is taking a look at lovation tracking software installed without users knowledge who log into online betting services.

 

The use of this software may be contravening the Data Protection Act (1998) as this Act requires data subjects to be aware if their personal information is collected and give permission for it to be used in ways they agree to and nothing more.

The timing of this investigation is crucial as GDPR will enter law next May and fines of up to 4% of global turnover will come into force for serious data protection breaches.

If you want to read more about the story click here.

If you want to learn more about Data Protection and GDPR click here.

Nine years worth of data swiped from Ontario casino – hacker claims

Nine years worth?! OK hackers make as lot of claims, but data going back nine years is almost as impressive as the MySpace hack that reminded everyone that once had a MySpace page.

Does beg the question why they were keeping this old data though…collect it for what you need it for and delete safely!

Full story…

Understanding the motives in attacks

ddos attacklReading a recent story about the sentencing of a UK teen for carrying out a Distributed Denial of Service (DDoS) attack on an online casino, we were reminded of how important it is to understand and scope all of the motivations for carrying out cyber attacks.

An apparently disaffected young person, with no other intent other than to gain notoriety or ‘see if they can’, is as real a threat to an online casino as a determined criminal seeking to harvest credit card details. It has cost the business money and inconvenience, the only good thing to be said about it is that apparently no customer details were compromised.

generic_jail_prison_barsOther details of the teen in question included his collection of weaponry bought over the internet from China. His sentence may have been suspended but interest in him and his online habits are unlikely to be…

If you would like to read the whole story click here.

Four Winds casino hit by hackers

Stack of Chips(US) Michigan casino Four Winds has discovered that cardholder data including all of the data stored on the mag strip, has been stolen by hackers and the casino is warning users between October 2014 and October 21, 2015 , that their information may have been compromised and/or stolen.

Cybercrime knows no geography, so it is important not to be distracted by the location of the crime. This may have happened in Michigan, but the criminals could be anywhere.

phishThere are no details available yet on how the hackers managed to upload the code that allowed this information to be copied from the casino system. Phishing of employees is one of the most popular and successful routes into a business and ensuring employees are able to spot phishing and its more aggressive and successful big brother, spear phishing, is imperative. Employees are always going to be the Achilles heel of a security strategy and that is why businesses that handle personal information, need to ensure they place enough importance on training and re-training them with security awareness and the latest threats.

Advent IM HMG accreditation concepts trainingInsider threat is often a worry for many businesses too and it is the other end of the human threat; when the nefarious individual is already on the inside. Obviously, we don’t know what happened in this instance but this offers all such businesses a warning to review security training, vetting and overall strategy.