Fish hack, no seriously..

Image result for fish face

Credit: Getty Images. NB. not the actual fish involved

We have talked about phishing before and warned you of the dangers of phishing emails that spread malware, ransomware and other toxic payloads. Today however we are talking fish. Actual fish.

It was never going to be long before the obsession with web-enabling everything from air conditioning to kettles, caused a bit of a problem. In this case, a web-enabled fish tank (stay with us) was hacked and using this fish tank’s connection, criminals managed to move through the network and steal data from the fish home a ‘smart tank’  in a casino…

If you consider the use web-enabled equipment, including any animal enclosures, please risk assess it thoroughly and please protect it properly from fishers, phishers and other cyber botherers. Criminals will head for the point of least resistance every time and you need to know where that is before they do.

If you want to view some free content of ours on cyber protection, head over here.

 

TwoPlusTwo forum hacked

cropped-istock_000012299872medium.jpgPlayers are being asked to exercise caution in what they post in the TwoPlusTwo forum and some have been advised to change their passwords.

Any question of a hack should mean all users would be sensible to change their passwords and to something they do not use elsewhere, that is robust and does not contain dictionary words. If you would like some guidance on the best way to do this, try our main blog here.

If you would like to read the whole story, click here.

GDPR and the Gambling Industry

The EU’s General Data Protection Regulation (GDPR) is going to affect all businesses trading in or through the EU and the UK gambling market will also feel it’s impact.

The UK has its own Data Protection Act and the EU Data Protection Directive has been in place since 1995.  But developments in technology and business models have left the rules out of date in many ways and so an overhaul was overdue.

For Gambling, there will be a lot of things to think about and we can’t cover everything in a blog post. But here is some food for thought or a starter at least. You know where we are if you need us.

GDPR will impact all Gambling providers and non-EU providers need to be extra vigilant and take care not to breach these regulations. Most of the regulations are not new but the requirement for compliance will be enforced and a fine of up to 4% of the previous year’s global turnover (or €20,000,000 which is the new, greatly increased, ceiling) for a serious data breach.

Data subjects must be clearly notified their information is being collected and or processed and for what specific purpose. There must be a clearly defined reason for collecting the data that the subject is completely aware of.

Once you have the subjects data, you can only hold and use it for the purpose you collected it for and for no longer than it is required for that purpose. The data subject also needs to to totally clear on who they have lent their data to.

If any ‘data profiling’ takes place, the subject should be informed and of any of the consequences that may arise from it. There should also be a mechanism for the data subjects to withdraw their consent to use their data.

Operators will also be required to notify data subjects within 72 hours of a breach of un-encrypted data.

Stack of Chips

You can get us at http://www.advent-im.co.uk

0121 559 6699 / 0207 100 1124

bestpractice@advent-im.co.uk

Four Winds casino hit by hackers

Stack of Chips(US) Michigan casino Four Winds has discovered that cardholder data including all of the data stored on the mag strip, has been stolen by hackers and the casino is warning users between October 2014 and October 21, 2015 , that their information may have been compromised and/or stolen.

Cybercrime knows no geography, so it is important not to be distracted by the location of the crime. This may have happened in Michigan, but the criminals could be anywhere.

phishThere are no details available yet on how the hackers managed to upload the code that allowed this information to be copied from the casino system. Phishing of employees is one of the most popular and successful routes into a business and ensuring employees are able to spot phishing and its more aggressive and successful big brother, spear phishing, is imperative. Employees are always going to be the Achilles heel of a security strategy and that is why businesses that handle personal information, need to ensure they place enough importance on training and re-training them with security awareness and the latest threats.

Advent IM HMG accreditation concepts trainingInsider threat is often a worry for many businesses too and it is the other end of the human threat; when the nefarious individual is already on the inside. Obviously, we don’t know what happened in this instance but this offers all such businesses a warning to review security training, vetting and overall strategy.

Hackers slurp 150k credit cards from casino….there could be more

The Register has today reported the theft of 150k credit card details from an unnamed casino. Apparently, the casino was a virtual security-free zone, not even sporting a firewall. Experts say there may be six more casinos targeted by the Fin5 hacker gang.

Read the full story here

cropped-istock_000012299872medium.jpg

Minnesota Casino – Data Breach

Grand Casino Mille Lacs has apparently suffered a data breach of customer payment cards. There are few details available and it is under investigation, but it would appear from a local news story that the payment card details have been used in fraudulent activity.

The KNSIRadio website posted this ‘toll free number for those concerned

866-328-1987 — for customers with questions.

cropped-istock_000012299872medium.jpg