Securing Casinos from Cybersecurity Threats: The Significance of Proactive Detection

The casino industry’s lucrative nature and high cash flow make it alluring to millions of patrons around the world. However, following the industry’s significant digital transformation in the past decade, these very qualities make it an opportunistic target for cyberattacks and adversaries.
In recent years, cybersecurity has grown into an even bigger issue, as beyond the casino floor, the casino industry has expanded to include online gaming platforms and cashless methods. As technology advances, the number of potential attack vectors for casinos continues to expand.
In this article, we dive into the risks that casinos today face as high-value targets, the implications of a cyberattack, and how casinos can boost their cybersecurity defences using intelligent AI, machine learning, and other preventative measures.
20190917 AdobeStock 400494158 opt

What Makes Casinos Attractive Targets?

1. Sensitive Client Data and Personally Identifiable Information (PII)
Casinos store a vast amount of valuable information, ranging from names and phone numbers to highly sensitive data such as financial data, social security numbers and passport information. This Personally Identifiable Information (PII) can be extremely valuable for competitors or even in the black market.
2. Willingness to Give in
Ransomware attackers see casinos as opportunistic targets due to their high cash flow. Moreover, adversaries are aware that such attacks can lead to prolonged downtime and loss of revenue – meaning an increased willingness of the casinos to comply with the attackers’ demands to avoid further damage.
3. Connected Devices and IoT
The casino industry is heavily regulated – requiring lots of interconnected technology like CCTV cameras for facial and object recognition, and alarms to monitor human activity and the movement of funds. There are also other publicly exposed devices and applications, like access card readers, ATMs, and slot machines. It is hard to secure every device in the network, leaving casinos vulnerable.
In 2017, for instance, it was reported that a casino fell victim to hackers via an internet-connected thermometer in a fish tank in the lobby, allowing them to send 10 gigabytes of data to a device in Finland. This incident demonstrates the out-of-the-box ways hackers are exploiting IoT devices.
4. Insider Threats
The casino industry employs many staff with access to critical infrastructure and sensitive information, increasing the risk of both malicious and negligent insider threats. Such threats can bypass traditional security measures, as they are carried out by credentialed or privileged users.
5. Large and Diverse Tech Stack
Casinos often have businesses like hotels, restaurants, and retail stores all under one roof. By integrating various types of technology and systems, vulnerabilities and blind spots are created. Additionally, casinos use diverse technology tools, such as loyalty programs, security systems, and gaming software, making monitoring a vast IT infrastructure challenging due to the large amount of data generated.
20240409 AdobeStock 452854587 opt

The Most Common Cyber Threats for Casinos

1. Data Breaches
Data breaches reveal sensitive information and can occur through various means, such as exploiting vulnerabilities in network infrastructure, malware attacks, or insider threats. Such information can then be used to directly exploit casinos and their patrons, be used for sale in the underground market, or be leveraged to launch phishing attacks.
2. Ransomware
Ransomware attacks involve harmful software that encrypts the casino’s critical assets and systems, making it inaccessible until the ransom is paid. For casinos, this could disrupt operations, compromise customer data, and result in significant financial losses.
3. IoT Vulnerabilities
Physical casinos have IoT devices like machines, smart mirrors, and surveillance cameras. Many of these devices, like CCTVs, are installed to bolster security and prevent cheating on the floors. Yet devices that are not secured give hackers a gateway to the network.
4. Third-Party Breaches
Casinos work with many third-party partners, such as payment and software vendors, to ensure a smooth client experience. Weak security measures or vulnerabilities in their IT infrastructure can expose casinos to cyber threats and cause sensitive client data to leak out.
5. Social Engineering
Social engineering tactics aim to exploit human vulnerabilities rather than IT systems.
Common tactics include phishing, which involves attackers tricking employees into revealing personal information using email, and its variant, vishing – ‘voice phishing’ – which involves the use of calls to steal information.
Multi-factor authentication fatigue attacks are another common attack method, which floods a user with repeated multi-factor authentication requests, exploiting their fatigue from receiving so many requests to grant access.
6. Credential Stuffing Attack
Credential stuffing attacks are a particular risk for online casinos. Hackers use automated tools to use stolen login information from one website to gain access to other websites – exploiting the tendency of users to use the same login information across platforms.
This allows attackers to access credit card numbers, gaming histories, and other personal details – which can be leveraged to launch phishing attacks or sell in the black market.
20170725 AdobeStock 294819750 opt

Notable Recent Cases

Brick and Mortar Casinos

MGM Resorts (2023)
A cyberattack was carried out on MGM Resorts, a company that owns casino hotels worldwide, by two groups, AlphV and Scattered Spiders.
The groups impersonated an employee during a call to the help desk and further launched a multi-factor authentication (MFA) fatigue attack. This allowed them to encrypt over a hundred ESXi hypervisors and move laterally across MGM’s network, causing system outages across its properties. MGM refused to pay the ransom, leading to costs of over $100 million.
Caesars Entertainment (2023)
Like MGM, sensitive customer data including driver’s licences and social security numbers was stolen from Caesars Entertainment’s IT system.
This was a result of a social engineering attack launched on one of its outsourced IT vendors, enabling the attackers to obtain a copy of the company’s loyalty program database. The incident culminated in a $15 million ransom payment by Caesars.

Online Casinos

DraftKings (2022)
DraftKings, an online sports betting platform suffered from a credential stuffing attack in 2022.
Attackers leveraged automated tools to guess users’ passwords. Accounts were subsequently hijacked, and passwords were changed – allowing hackers to withdraw cash from linked bank accounts and access other personal information. This resulted in losses of up to $300,000, which affected 60,000 players.
Clubillion (2020)
The popular casino gaming app, Clubillion had its database breached, revealing information of millions of users around the world. There was over 50GB of exposed private records, containing various forms of Personally Identifiable Information (PII) data.
As past cases show, the stakes are high for casinos. Not only do casinos suffer financial losses, but also a loss of customer trust, large-scale operation disruption, reputational damage, and legal consequences due to the sensitive nature of customer data exposed. The exposed information can also be used maliciously by hackers to launch further social engineering attacks.
20190808 AdobeStock 320838320 opt

Where Casinos Are Falling Short

Despite cybersecurity controls, these attacks have revealed weaknesses in the digital security posture of casinos, namely:
  • Lack of Employee Awareness & Weak Help Desk Policies: Employees are often not adequately trained to recognise social engineering techniques, such as vishing and MFA fatigue attacks, as seen in the MGM case. Thus, despite investments in security tools, human vulnerability, and a general lack of awareness of the sophisticated, multi-stage tactics used by attackers remain a key weak link for casinos.
  • Lack of Network Segmentation: Due to casinos’ interconnected tools and devices, once attackers gain initial access to the system, they can move laterally across the environment, accessing critical systems without resistance.
  • Weak Password Policies: Weak password policies, like permitting easily guessable passwords expose casinos to credential-stuffing attacks. This is problematic given the sensitive information casinos possess.
20240115 AdobeStock 710441686 opt

How Can Casinos Protect their Infrastructure?

Recent attacks make one thing clear: all it takes is one tiny mistake or blind spot for large, irreversible consequences to take place.
This is especially true for attacks that begin with a human element before escalating into a bigger attack, like the recent MGM/Caesars attacks. Although MGM/Caesars had invested in top-notch security tools, all this effort was quickly undone through human error.
With so much on the line, and as criminals find new ways to attack casinos, casinos must adopt a multi-layered approach to cybersecurity. This means implementing both preventative measures, as well adopting more advanced security tools, such as an AI-powered, next-generation security operations platform to stay proactive as new threats emerge.

Preventative Measures

Tech Stack Upgrades
With so many connected technologies, casinos should conduct regular checks to determine what is outdated and needs to be updated or patched. Regular audits can help prevent vulnerabilities – reducing the risks of large-scale disasters down the line.
Staff Training
Employees need to undergo intensive training on acceptable technology and data use, as well as the most common threats to look out for such as phishing, social engineering, and ransomware. They should also be trained on the appropriate incident response procedure for each scenario.
Vendor Security Training and Due Diligence
The attack on Caesars brought to light a key weak link for casinos – their third-party vendors. Employees who are in contact with vendors should undergo training to understand vendor impersonation fraud risks. Vendors should also always have their security posture assessed to determine whether they are adhering to industry protocol.

Optimise Your Security Tools and Strategy

Use an AI-driven Security Operations Platform with Predictive Detection
While many casinos have legacy security operations platforms in their toolbox, legacy platforms do not have the advanced correlation capabilities needed to detect previously unknown scenarios and subtle movement patterns.
Advanced AI algorithms in next-generation security solutions, like Blacklight, use machine learning to continuously monitor activities across a network and correlate data to identify suspicious activity and generate high-confidence alerts. Blacklight also integrates contextual threat intelligence, cross-referencing internal data with known threat indicators to predict emerging threats and adapt as the threat landscape evolves.
To learn more about the critical role of AI in bolstering cybersecurity, download our latest e-book here.
Utilise a User and Entity Behaviour Analytics (UEBA) Tool
Casinos should also invest in UEBA software. Powered by machine learning, AI algorithms, and automation, UEBA tracks end-users and assets like IoT devices, firewalls, routers, and servers to monitor user behaviour across a network and identify deviations. UEBA is particularly useful for identifying insider threats and attempts by attackers to use compromised insider credentials to access a network.
Blacklight’s platform conveniently embeds UEBA, providing casinos with complete visibility of log, event, and user behaviour information, all from one platform. AI models and deep learning techniques are leveraged to conduct behavioural profiling across the network, flagging anomalous behaviour of compromised users, assets, and applications.
Proactive Threat Hunting
Casinos cannot afford to react to attacks after the fact, given how fast significant damage can take place. Casinos should implement proactive threat-hunting techniques to search for hidden threats or known adversaries to prevent escalation.
Blacklight AI offers a built-in threat-hunting feature, which leverages AI, data, and abnormal behaviour detection capabilities to predict an attack. By conducting a system-wide search for irregular activity and traffic, Blacklight enables you to conduct deeper investigations and catch threats before they escalate into disruptive attacks.
20230606 AdobeStock 621691491 opt

Secure Your Casino Business from Emerging Threats with Blacklight AI

Blacklight AI was built with the challenges of the casino industry in mind.
With advanced AI, machine learning, and UEBA functionalities, Blacklight connects your entire ecosystem and provides security teams with global visibility on operations and sensitive client data.
This reduces the risk of data exfiltration and the devastating implications that follow, so you can focus on what matters – keeping your operations running smoothly and clients satisfied.

About Blacklight AI Platform

Blacklight, our proprietary AI-based Security Operations Platform, helps you secure, monitor and detect beyond your traditional SIEM. Blacklight is architected, designed and built using industry best practices, offering the maximum level of flexibility and extensibility.
Combined with SOC services, we provide the highest level of visibility into your organisation’s security for proactive monitoring.
Learn more:
© 2024 Blacklight AI. All rights reserved. For permission to use the content on our website, please contact us at