“We are a few days out from the Australian online gambling industry’s Christmas-come-early, in the shape of the Melbourne Cup. Every year, Australians bet hundreds of millions of dollars on the race that stops the nation. As betting online becomes bigger and bigger business, virtual platforms are a cornerstone of the gambling industry, with tens of millions of dollars invested in the infrastructure and expertise needed to entice punters to their sites and cater to the thousands upon thousands of transactions that take place on a daily basis – with matters coming to a peak as race day approaches.
“As with any business that depends on internet-related business for its livelihood, the gambling houses have also heavily invested in security to keep their sites up and running. But the types of protection often in place aren’t always enough to stop ransomware, a fast-increasing threat that can be delivered in the shape of a simple phishing email and can easily evade anti-virus and firewall tools.
“Ransomware is software that, simply put, encrypts files and data on the victim’s infrastructure blocking any usage of such files and data until a sum of money is paid. It has been used to target individuals but is increasingly a problem for enterprises as hackers seek to maximise revenues. Here’s what you – and the gambling industry – need to know:
Ransomware and How To Combat It
- Most anti-malware and anti-ransomware solutions today focus on detecting and blocking malware at the point of inception. These solutions can be helpful when you know what you’re looking for – but when it comes to ransomware, there are new variants coming out every day.
- Standard ransomware just infects user machines; this is the same ransomware that would infect a regular consumer at home. These attacks will be opportunistic and less damaging to organisations.
- Advanced ransomware is far more dangerous. These ransomware attacks follow the same general attack pattern as targeted network attacks, but for a very different end goal. Instead of information theft, ransomware attackers seek to cause widespread havoc through mass infection and encryption of user data.
- Removing local privileges (the ability to access more sensitive parts of the network) from regular PCs can help defend against ransomware attacks.
- An effective approach is to protect the sensitive files in your organization from the damage that often results from ransomware attacks. Employing greylisting – an approach that allows unknown applications (e.g. the latest ransomware variant) to execute harmlessly – blocks ransomware from being able to access or encrypt your critical files.
- To effectively defend against such ransomware attacks, organisations must combine the principle of removing local privileges AND application control to reduce the attack surface and block their progression.”