Southeast Asian Gambling Sites Reportedly Targeted by Online Espionage Plots

Posted on: February 19, 2020, 01:44h. 

Last updated on: February 19, 2020, 02:24h.

Southeast Asian companies that provide online betting and gaming were apparently hacked to steal source code and data via malware, according to a report released Tuesday.

Paul Hastings’ Attorney Behnam Dayanim said recent online attacks against Southeast Asian-based gaming sites reinforce concerns by gaming companies over cybersecurity threats. (Image: YouTube}

Trend Micro — a cloud security firm — warned about the online attack achieved through an advanced persistent threat (APT) it called “DRBControl.” The hack reportedly involved close to 300 computers.

There were also suspicions that companies in Europe and the Middle East were targeted. But Trend Micro could not confirm these additional allegations.

The attack traces its origins to Talent-Jump Technologies, whose staff noticed new backdoors when responding to an incident last year. Backdoors allow access to a computer or data and circumvent typical security.

Talent-Jump online security staff notified Trend Micro about their concerns. Trend Micro investigated and issued the report, which it provided to Casino.org.

“The campaign uses two previously unidentified backdoors,” Trend Micro said in the report. “Known malware families such as PlugX and the HyperBro backdoor, as well as custom post-exploitation tools, were also found in the attacker’s arsenal.”

One of the backdoors also allegedly used Dropbox to carry out its nefarious plot. Trend Micro reported the situation to Dropbox. That company has joined the inquiry, too.

It now appears the attacks involved some 200 computers through one Dropbox account, and 80 more via a second account, ZDNet reported Wednesday.

Based on its inquiry, Trend Micro concluded that DRBControl’s “malware and operational tactics overlap with similar tools and tactics used by Winnti and Emissary Panda.” These two groups undertook “attacks over the past decade in the interests of the Chinese government,” ZDNet said.

Chinese Government Likely Not Involved in Recent Hack

But it is unlikely the Chinese government was responsible for the recent DRBControl attacks, ZDNet added. Security firm FireEye reported last August how several alleged Chinese state-sponsored hackers undertook their own cyber-attacks out of self-interest, rather than for governmental operations.

Three years ago, there was suspicion over whether the Chinese government was responsible for Hong Kong-based gambling sites getting battered by a wave of distributed denial of service (DDoS) attacks. In 2018, claims also were made that North Koreans were involved in a government-related hacking plot.

A defector from North Korea claimed gambling sites were hacked to steal money and sell information to cheating players. Other alleged nefarious activities included pirating commercial software and using bots to build up expensive characters in massive multi-player online role-playing games.

Paul Hastings’ Legal Expert Recommends Prepare for Risks

The attacks provide a reminder to gaming companies to be prepared for such activity. When asked about the incidents, Washington, DC-based attorney Behnam Dayanim, a partner and chair of Paul Hastings’ global Gaming and Privacy & Cybersecurity practice groups, advised that “every gaming company should have a written information security program that complies with industry best practices and legal requirements, and implements appropriate administrative, technical and physical safeguards.”

Some gaming regulators impose those types of requirements on their licensees, Dayanim told Casino.org. He notes that gaming companies are at increasing risk for a few reasons, such as cybertheft “generally is increasing, and gaming companies are not immune from that trend.”

Second, gaming has proliferated, leading to a larger number of market participants, some of which are relatively young, fast-growing, and consequently immature companies that may not have sufficiently robust safeguards in place,” Dayanim added.

Concurrently, Dayanim said there has been “increasing prevalence and awareness of gaming” — which has likely “led some bad actors to target gaming companies as a potentially softer target than banks.”

He further explained that gaming companies often store sensitive details on players. These include bank account, credit card and other financial information.

Also, covert access to gaming software could lead to manipulation of game outcomes, Dayanim said. He adds that access to player history could expose information that some might view as potentially compromising or embarrassing, particularly for those in public life.

“There is no question that cybersecurity has become an increasing focus of gaming companies, both online and retail,” Dayanim added. “Indeed, even retail casinos rely heavily on software and internet-based systems, rendering them also potentially vulnerable to cyberhacks.

“The industry generally is alert to these concerns,” he noted. “Some regulators have focused on licensees’ cybersecurity preparations, and regulated gaming companies often identify cybersecurity as one of their top two or three enterprise risks.  The recent stories will only reinforce that concern.”