BLOG

GambleForce: A new cyberthreat in online gambling

Craig Lusher, Product Principal [Secure Solutions]

As identified by Group-IB’s Threat Intelligence unit, the recent discovery of GambleForce, a cybercriminal group targeting gambling websites globally, has underscored the urgent need to bolster cyber defenses, especially across Asia. Unlike their Western counterparts, many Asian companies operate with differing business attitudes and cybersecurity practices that render them more vulnerable to attacks.

Rapid expansion and innovation are often prioritized over cybersecurity by Asian corporations. Also, the range of regulatory standards in Asian countries can result in inconsistent cyber readiness. According to a 2023 IBM report, APAC was the most attacked region in 2022, with 31% of attacks globally. A 2023 Check Point report indicates that the weekly average number of attacks in APAC in Q2 2023 increased by 22% year-on-year.

GambleForce employs common yet dangerous techniques, namely SQL injection – injecting malicious SQL code into public web pages – exploiting vulnerabilities in content management systems. While simple, these methods let them bypass authentication and access sensitive data.

Between September and December 2023, it is understood that GambleForce targeted 24 companies across 8 Asian countries, stealing user credentials and database contents. This demonstrates why strong web security is non-negotiable today. SQL injection and related injection attacks have remained highly popular vectors because they take advantage of insecure coding, misconfigurations, and outdated platforms. According to the 2022 Web application vulnerabilities report by Statista, SQL injection attacks constitute approximately 33% of all web application attacks. This statistic highlights the prevalence of such attacks and the necessity for robust defence mechanisms like those provided by C8 Secure.

C8 Secure’s WAAP (Web Application & API Protection) is a specialized web application firewall (WAF) designed specifically for the gambling sector’s regulatory and threat context. It actively blocks attacks like SQL injection by analyzing web traffic for anomalies indicating malicious behavior. Technically, WAAP works by only allowing pre-defined, legitimately formed and permitted code to run. It analyses all input/output data and database queries to detect and block anomalous activity indicating an attack. For example, WAAP would prevent the GambleForce group’s SQL injection attempts by identifying the malicious inputs and stopping them from reaching the database layer.

In addition to WAAP, C8 Secure offers a full suite of managed security services tailored to the online gambling industry’s regulatory and threat landscape:

MSOC & SIEM: Managed SIEM and 24/7 security monitoring provide early attack detection and rapid response by our cybersecurity experts.
EDR/ MDR: Managed Endpoint detection and response catches compromises on end-user devices, preventing threats from spreading laterally.
VAPT: Regular vulnerability scans and penetration testing proactively uncover configuration issues or software flaws before attackers can exploit them.
IDPS: Intrusion Detection and Prevention Systems block known malware, suspicious network activity, and other threats at the network perimeter.

These capabilities work together to lock down security posture, maintain compliance, provide awareness and empower rapid response – giving operators the protection they need against threat groups like GambleForce.

For more information on how we can protect your online gambling platform from sophisticated threats like GambleForce, contact info@c8secure.com

ChattyGoblin: A new threat to iGaming and how C8 Secure can help

19 Jul, 2023

The iGaming industry is under a new threat. A malicious campaign, dubbed “ChattyGoblin,” has been targeting Southeast Asian gambling operations since October 2021.