A Breach at FireKeepers Michigan Continues Casino Attacks

Hackers are really gambling on casinos these days (see what we did there?). The latest in a spate of casino hits is Michigan’s Firekeepers Casino Hotel.

Firekeepers is in the process of investigating a possible data security incident involving its point of sale systems that may have impacted its payment processing system for the casino, hotel, restaurants and shops. Any information submitted through the website was not part of the breach, it said in a statement.

Given the high value customers casinos serve, stolen credit and debit cards from this sector are prized by attackers. According to Mark Bower, global director of product management for HP Security Voltage, high spend limits and top-tier cards with a proven rapid 'stolen data-to-cash' cycle make casinos a prime target for attacks.

“The truth is that there are rarely any investments in security, or process around cyber-defense; as well as little concern about the defense of their customers,” he said in a note. “The fault here could be laid at the door of the CEO and board of directors that failed to provide leadership and direction to protect the company and its customers.”

The casino said that it doesn’t yet know what information may have been impacted—but it’s taking a few, well-worn steps: hiring an IT forensics team and working with law enforcement. It’s also installing new PoS equipment and “encouraging” patrons to check for fraudulent transactions.

“Their breach of point of sale systems with no knowledge of scope or the event itself is typical of companies that have only concentrated on auditor satisfaction rather than operational cyber-defense capabilities,” said Philip Lieberman, CEO, Lieberman Software, in an email. “Each breach follows a typical pattern of hiring a forensic company and getting a report that the attack was beyond any reasonable care that the casino or other company could have provided.”

The incident follows other attacks, on the Hard Rock in Vegas and the Sands. And it was recently determined that the RAWPoS seven-year-old malware is still being used today, most recently to attack casinos and resort hotels.

“I would expect to hear about more casinos being hit. Usually criminal syndicates don't attack just a single organization, but an entire segment or industry, as they are able to identify common vulnerabilities across them,” said Ken Westin, senior security analyst at Tripwire, in a note. “The casinos themselves should identify any common denominator be it a payment or service provider, specific applications, or trusted business partners that might be the source of a key vulnerability. It can also simply be the case of the criminal syndicates going where the money is.”

What’s Hot on Infosecurity Magazine?