Tribal casinos are becoming a major target for ransomware

There’s plenty of money in casinos, and we’re not talking about the coins rattling around in slot machines. Tribal casinos are becoming a new target for ransomware attacks, with bad actors holding systems for ransom and making away with some serious dough. This trend may be new to casinos, but it mirrors what we’ve seen across industries for a few years now — digital transformation, reliance on third-parties, and lack of proper cybersecurity architecture is leaving money on the table for hackers.

Why are tribal casinos targets for hackers?

In 2021, the FBI notified casinos that they should be on high alert, stating that these entities are easy targets for bad actors. Ransomware is increasing globally, with the estimated loss in the billions of dollars, and casinos are no exception. In fact, 2021 saw a 150% increase in ransomware attacks. The FBI listed two main reasons why hackers are targeting these organizations: limited cyber investigative capabilities and limited law enforcement resources. Both of these reasons are accurate, and a lack of proactive help (especially in terms of cybersecurity architecture) is a major problem when it comes to mitigating cyber threats. But those aren’t the only reasons; there are a few more including:

• The casino industry is growing exponentially, with revenue exceeding $44 billion in 2021. Hackers are always chasing money, and the casino industry has a lot of chips on the table.
• Like many organizations, casinos are no longer contained by four walls and a roof. The digital transformation has not only pushed the poker table online, it’s moved every measure of operations — from security to accounting to cloud-first files — online, increasing the risk of a breach.
• Third parties are everywhere, and they’re a major vulnerability point. Like many organizations these days, tribal casinos rely on a vast network of third parties to implement a variety of operations, and third parties carry extensive risk — lack of visibility, too much privileged access, and lack of access controls, to name a few.
• A segmented network that has to follow heavy compliance regulations means more time and money is needed to stay safe—two resources tribal casinos often lack.

How ransomware can take down a network of casinos

To put the hypothetical into the real word, we only need to look at Lucky Star Casinos. All six casinos in Oklahoma were taken offline after a ransomware attack on Lucky Star's IT operations. This attack resulted in operational downtime (with all six casinos having to close) and massive financial losses, not to mention the time and money spent to investigate and mitigate the ransomware attack on the casino. The Lucky Star ransomware attack is just one example of many in the past year alone. 

How tribal casinos can protect against ransomware

Proactive security is always better than reactive security, especially when talking about a billion-dollar industry. The truth is, tribal casinos need to bet on themselves and invest in better cybersecurity measures to mitigate the mounting risks they face. 

1. Create a decentralized, access-focused approach to cybersecurity. When an organization like a casino is dealing with third parties, segmented networks, and online operations, looking only externally for threats isn’t enough. Instead, these organizations need to be focused on securing individual access points, which not only protects critical assets, but prevents lateral movement if there is a breach. 

2. Focus on mitigating third-party threats. Third parties continue to be the most vulnerable point for all organizations, so looking at third-party access is absolutely critical when it comes to strong cybersecurity. Since tribal casinos lack resources to manually manage third parties, we recommend turning to software that handles that specifically, instead of relying on outdated techniques like VPNs or desktop sharing.

3. Educate employees, and implement control and monitoring measures to make sure all users are following access policies. Hackers looking to conduct ransomware attacks on casinos still rely on human error and old-school techniques like phishing to get in. These techniques work, so an organization needs to look at internal users as a source of insider threats. Educating employees on cybersecurity, and implementing access controls (like ZTNA) and monitoring for both internal and external users can stop a breach before it ever occurs.

To learn more about how SecureLink has helped tribal casinos, read our case study on Prairie Flower Casino.