Publish: 06.09.2017

New DDoS Attack Poses Serious Threat To Online Casino Operators

This time, the hackers found a way to insert malware into otherwise innocent looking applications in the Google Play store to create powerful DDoS attacks.

It’s nothing new for internet hackers and thieves to put online casinos squarely in their crosshairs.

One of their favorite tactics is the DDoS — a Denial of Service Attack — that allows them to shut down an online casino until an extortion fee is paid to reopen it:

This unfortunate reality has led to a constant cat-and-mouse game between hackers and operators. The former constantly innovating new DDoS methods, and the latter innovating ways to stop them. Recently, the hackers found a way to get the upper hand, forcing Google itself to step-in and limit the damage.

300 Android Apps Removed From Google Play

This time, the hackers found a way to insert malware into otherwise standard looking applications in the Google Play store to create powerful DDoS attacks.

The scheme worked when unsuspecting users downloaded various apps offering run-of-the-mill things like ringtones. But in the background, these apps worked as conduits for the powerful WireXo botnet. Once enough devices had been infected, the hackers behind WireXo were able to use the devices running the apps to unleash a DDoS attack — without the device owner being aware of what was happening.

Once the attack became clear, Google was forced to remove 300 applications from the Google Play store that had been identified as shells for the WireXo malware.

Ransom Demands Quickly Follow

Once WireXo was large enough, the ransom demands started, and many online gambling sites were targets. Although the sites don’t like to make it known they were the target of a DDoS attack for obvious reasons, it’s widely speculated that large sites such as William Hill — targeted by an attack just last November — were hit.

Of course, operators are constantly updating their security measures to make sure they are able to offer players the games they love without having to pay extortion money for the privilege. However, in a never ending game of cat-and-mouse, it’s always more difficult to play defense than offense.

Until we live in a world free of cyber-criminals and thieves, online casino operators will just have to continue being diligent about constantly updating their security to meet new and changing threats.