Hacking a casino through a smart aquarium and DDoS stock brokers: new attacks on finance

Hackers continue to attack finance, and attacks are becoming more sophisticated. For example, cybercriminals entered the network of one of the American casinos through a “smart” aquarium, and in early July, hackers first blackmailed and then attacked brokers in Malaysia.

Attack on aquarium

Smart appliances are becoming a greater source of danger. An unusual incident with such a device was reported in its report by the American company Darktrace, which specializes in cyber security.
')
Attack suffered one of the American casinos. The criminals were able to penetrate into its network through the “smart” aquarium, which the gambling establishment has established for the entertainment of guests. Aquarium with the help of special sensors regulates the temperature and salinity of the water, as well as feeds the fish in automatic mode.

Facility management has allocated a VPN connection for the aquarium's communications, isolated from the financial network. However, when the device was checked by Darktrace’s threat detection system, abnormal data transfers were detected.
In particular, it turned out that the aquarium transmits information to a device in Finland. None of the components of the casino network with it is reported anymore, which made it possible to detect a hacker attack.

Having attacked an atypical casino device, hackers found a loophole and thus bypassed the traditional security tools of a gambling establishment. Having gained control of the aquarium, cybercriminals began scanning the entire system and found other vulnerabilities in it. On the consequences of a hacker attack is not reported. But, apparently, the casino was not affected.

In Darktrace report that the work of hackers on the transfer of data was carried out much more skillfully than is the case with typical attempts to steal information. The invasion was prevented because automated tools were used for protection that do not make assumptions about where the threat may come from. They only analyzed the behavior of all devices, revealed an anomaly and thus helped the casinos to detect and eliminate vulnerabilities.

This incident demonstrates the need to monitor and protect each user and device, including aquariums connected to the Internet.

The Darktrace report describes another 8 cases of unusual attacks on institutions from various fields. But among those who hackers most often crack, one of the leading positions is occupied by the sphere of finance. Quite often, exchanges and brokers suffer from the actions of cybercriminals, as evidenced by recent events in Malaysia.

Attack on Malaysian brokers

Image: Rog b , CC BY-NC 2.0

The Malaysian Communications and Multimedia Commission (MCMC) is investigating cyberattacks that have broken online trading in a number of brokerage firms. Jupiter Securities Sdn Bhd suffered from the actions of hackers. Shortly before, N2N Connect Bhd, which provides trading solutions for brokerage firms, warned its customers about a possible DDoS attack.

On July 5, a coordinated attack was launched on the N2N Connect Bhd data centers. The first hit struck in the interval from 8 to 10.30 in the morning, and a little later the hackers attacked the second one. It is also known that those brokerage houses that did not cooperate with N2N Connect Bhd suffered from the actions of cybercriminals.

Affected brokers previously received emails from hackers blackmailers. The latter demanded to pay them in order to prevent an attack that could lead to the collapse of their trading systems. The Malaysian edition of The Star provides the text of one of these letters: "If the ransom is not paid within the allotted time, the amount will increase, and companies will face large-scale attacks."

Excel Force MSC Bhd also announced interruptions in the operation of its data center as a result of DDoS attacks. The attack lasted about an hour, the data were not injured and were not stolen. However, the company has introduced additional preventive measures.

In addition, one of the local brokers, whom the media do not call, took radical security measures due to the threat of cyber attacks and temporarily blocked access to its trading system for all foreigners.

Bursa Malaysia (Kuala Lumpur Stock Exchange) stated that hacker attacks did not cause any disruptions in the bidding, as measures were taken in a timely manner to ensure the protection of the infrastructure from any cyber attack.

In order to minimize possible damage from both hacker attacks and technical failures, brokerage companies are developing various systems to protect customers. How this protection is implemented in the ITinvest MatriX trading system can be found here .

Other materials on finance and stock market from ITinvest :

• ITinvest educational resources
• Analytics and market reviews
• Big Jackpot: Why hackers attack SWIFT financial transfer system
• Lazarus: Who is behind the attacks on the SWIFT bank transfer system
• How Russian hackers have robbed the Nasdaq
• Russian hackers hacked Dow Jones and seized insider information