Hackers in China are starting to look at their domestic online gambling firms. But with a twist, they have a new malware tool. Depending on the success of the attacks, how long until they start to look at the U.K./America gambling businesses?
The malware names BIOPASS RAT by Trend Micro primarily goes after Chinese gambling companies with a watering hole attack, where hackers try to infect websites commonly used by its targets.
"Notably, a large number of features were implemented to target and steal the private data of popular web browsers and instant messengers that are primarily used in Mainland China," Trend Micro said in a report on Friday.
Trend Micro has initially identified the Chinese hacking outfit as the Winnti Group, although time will tell how accurate this is. Their actions and activities overlap with the Chinese government hackers known as APT41. The marriage of hacking groups and government entities has become a thing of normality now. This marriage is not a good thing for the business community.
The Winnti group are well known for targetting the gambling industry in Asia, although they are better known for targeting the video game industry. What is unusual is that this time, the Asian gambling targets are within China's borders. Could the group now be targetting foreign operators within China's domestic market?
Trend Micro found the attack's techniques noteworthy as well.
"What makes BIOPASS RAT particularly interesting is that it can sniff its victim's screen by abusing the framework of Open Broadcaster Software (OBS) Studio, a popular live streaming and video recording app, to establish live streaming to a cloud service," the company wrote.
So what can be done?
"The key thing is awareness," says Peter, CEO of Hedgehog Security. "Being aware that the malware is out there and staying alert to the fact hackers will eventually use it on our markets is vital. By the time this post is out, there will be signatures in various Anti-Malware solutions. Make sure your endpoint protection is up to date. Prevention is always better than cure."
As with all of these attacks, the prevention is down to good solid Cyber Security measures.
- Make sure your endpoint protection is up to date;
- Awareness training for you staff, keep them ahead of the phishes and malicious downloads;
- Communication with your gamers/players is key, help them stay safe;
- Regular scans of your internal systems with high quality vulnerability scanning tools helps identify any internal security weaknesses; and
- Real world penetration testing by qualified testers to run through attack simulations to identify your weak points.
By ensuring that you have the above in place, you will be a step ahead and well placed to keep your business running when the attacks start to happen. If you need any help or guidance, feel free to give us a call or an email. We are always happy to discuss issues. We may be able to help and where we cant help we will point you in the right direction.