Hacking a casino through a smart aquarium and DDoS exchange brokers: new attacks on the financial sector

Hackers continue to attack the realm of finance, and attacks are becoming more sophisticated. So, cybercriminals entered the network of one of the American casinos through a “smart” aquarium, and in early July, hackers first blackmailed and then attacked brokers in Malaysia.
Aquarium attack
Smart technology is becoming an increasing source of danger. An unusual incident with such a device was reported in its report by the American company Darktrace, specializing in cybersecurity.
The attack was one of the American casinos. The criminals were able to get into his network through the “smart” aquarium, which the gambling establishment installed for the entertainment of guests. The aquarium with the help of special sensors regulates the temperature and salinity of the water, and also feeds the fish in automatic mode.
The management of the institution allocated a VPN connection isolated from the financial network for communications of the aquarium. However, when the device checked the Darktrace threat detection system, abnormal data transfers were detected.
In particular, it turned out that the aquarium transmits information to a certain device in Finland. None of the components of the casino network communicate with him, which made it possible to detect a hacker attack.
Attacking an atypical casino device, hackers found a loophole and thus circumvented the traditional security tools of a gambling establishment. Having gained control of the aquarium, cybercriminals began scanning the entire system and discovered other vulnerabilities in it. The consequences of a hacker attack are not reported. But, apparently, the casino did not suffer.
Darktrace reports that the work of hackers in transmitting data was carried out much more skillfully than is the case with typical attempts to steal information. The intrusion was prevented because automated tools were used for protection that do not make assumptions about where the threat might come from. They only analyzed the behavior of all devices, revealed an anomaly, and thereby helped the casino detect and eliminate the vulnerability.
This incident demonstrates the need to control and protect each user and device, including aquariums connected to the Internet.
The Darktrace report talks about another 8 cases of unusual attacks on institutions from a wide variety of fields. But among those whom hackers crack most often, one of the leading positions is occupied by finance. Often, cybercriminals are affected by exchanges and brokers, as evidenced by recent events in Malaysia.
Attack on Malaysian brokers

Image: Rog b , CC BY-NC 2.0 The
Malaysian Communications and Multimedia Commission (MCMC) is investigating reports of cyber attacks that violate online trading at a number of brokerage firms. Jupiter Securities Sdn Bhd suffered from the actions of hackers. Shortly before this, N2N Connect Bhd, a company that provides trading solutions for brokerage firms, warned its customers about a possible DDoS attack.
On July 5, a coordinated attack was launched on N2N Connect Bhd data centers. The first hit hit in the interval from 8 to 10.30 in the morning, and a little later, hackers attacked the second. It is also known that brokerage houses that did not cooperate with N2N Connect Bhd suffered from the actions of cybercriminals.
Affected brokers previously received emails from blackmail hackers. The latter demanded to pay them to prevent an attack that could lead to the collapse of their trading systems. The Star’s Malaysian edition cites one of these letters: “If the ransom is not paid within the allotted time, the amount will increase and companies will face large-scale attacks.”
Excel Force MSC Bhd also reported disruptions to its data center as a result of DDoS attacks. The attack lasted about an hour, the data were not damaged and were not stolen. However, the company introduced additional preventative measures.
In addition, one of the local brokers, whom the media did not call, took radical security measures in connection with the threat of cyber attacks and temporarily blocked access to his trading system for all foreigners.
Bursa Malaysia (Kuala Lumpur Stock Exchange) said that hacker attacks did not cause any malfunctioning, since measures were taken in a timely manner to protect the infrastructure from any cyber attack.
Other financial and stock market related materials from ITI Capital :
- Analytics and market reviews
- Futures, Indices and IPOs: How Exchanges Are Actually Arranged and Why They Are Needed
- Top 10 books for understanding the structure of the stock market
- Futures, Indices and IPOs: How Exchanges Are Actually Arranged and Why They Are Needed
- Infrastructure of the Russian securities market (short educational program)
- How-to: robots and brokerage trading system API