Tasmania, an island state of Australia, famed for its beautiful flora and fauna with its mountain ranges and wide selection of national parks is facing a challenge that it seems ill-prepared for in the form of cyber-attacks.
The sole casino operator in the state, Federal Group, recently reported that it had been struck with ransomware attacks. The online barrage began on April 3rd and has affected pokies and hotel booking systems at the Country Club and Wrest Point casinos.
Ransomware you say?
Ransomware is a form of malware, software deliberately created to cause damage. Ransomware blocks access to a user’s data and often threatens to expose it if a ransom is not paid. In recent times, this practice most often involves cryptocurrency.
Ransomware attacks launched by amateurs are reasonably simple to repel, however, more intensified attempts can be impossible to thwart. As the attackers often demand payment in Bitcoin or Paysafecard, they can be very difficult to trace and prosecute.
The number of attacks has gradually increased over the last decade. A worrying 181.5 million reported ransomware attacks were reported in the first six months of 2018, an increase of 229% from the previous year.
CryptoLocker and CryptoWall count as two of the most successful attacks of this nature. The former snagged $3 million and the latter took $18 million before authorities could shut them down.
The Federal Group in the crosshairs
Dr Daniel Hanna, the executive director of Federal Group, stated that the attack occurred on April 3rd, but it has since been contained. He was, unfortunately, not able to confirm when hotel check-in services and pokies would be available again. The affected locations include the Henry Jones Art Hotel, MACq 01, Saffire Freycinet, Wrest Point, and the Country Club casino.
In an interview, Dr Hannah said, “The Australian Cyber Security Centre was notified and is coordinating relevant law enforcement agencies and continued forensic analysis. Federal Group has at all times complied with legal and regulatory requirements related to the incident.”
The rest of the iceberg
Former IT experts from Federal Group have made public their concerns that both credit card data and electronic gaming systems may have been compromised. Dr Hanna declined to elaborate on the allegation, saying that such sources “cannot be relied on to provide accurate information.”
The longer its pokies are inoperable, the more negative the effect on Federal Group’s bottom line will be. Over the past eight months, its gaming venues have accrued $53.7 million from punters, which translates to $6.7 million per month.
The Federal Group is bound by the Privacy Act, so it is compelled to inform both affected individuals and the Office of the Australian Information Commissioner of any incidents of this sort. This is particularly applicable when a data breach is “likely to result in serious harm to an individual whose personal information is involved.” At this time, there has been no announcement regarding whether the necessary parties have been contacted, with Federal Group maintaining a stony silence.
Cyber expert weighs in
Terry Aulich, who was once a Tasmanian politician and now serves as a security consultant, was not surprised that such an attack occurred. Aulich stated that any gambling operation would be “high on the list” of serious hackers.
“Young kids are not going to have a go at you if you’re a casino, but it’s groups of major crooks that are going to be your enemy,” he said.
Aulich revealed that he had previously alerted three Tasmanian organizations to the possibility of cyber-attacks. To their detriment, none of them responded with any particular level of concern. Aulich feels that this is down to the mindset that external issues would never befall “dear little old Tassie.”
“That’s entirely untrue. They will look for the weakest link in Australian society, in Australian business, and it may well be that Tasmania is one of those.” He concluded.
