A question repeated often at this week’s TribalNet Conference & Tradeshow in Reno was: What keeps tribal chief information officers up at night?
The tribal technology conference held six educational sessions related to cybersecurity and the tradeshow had several vendors promoting software that helps tribes defend against the kind of cyberattacks that have shuttered numerous casinos over the past two years.
While successful cyberattacks have dropped over the last 12 months, a lot of the credit is going to the diligence of tribes, taking the threats more seriously, conducting audits to test vulnerabilities, and upgrading their security software. Previously, many tribes didn’t think they were targets and hadn’t devoted the time and resources to deal with the problem.
“What keeps the CIOs up at night are ransomware attacks,” said Justin Raisor, the federal civilian regional sales manager with Vectra AI, a San Jose-based cybersecurity company. “It’s about their casino getting encrypted, locked down, and ransomed.”
Tribal casinos have been more attractive targets than commercial properties these days. The bigger operations addressed their vulnerabilities after several high-profile ransomware attacks over the last decade.
“Your MGMs, Bally’s, Wynns, and others have massive departments where this is their focus,” Raisor said. “Some tribes are mistaking their IT departments for their security departments, which can’t be further from the truth. The two focuses are completely different. The IT department is there to make sure day-to-day operations are running. The cybersecurity team is looking 10 miles out, trying to see what’s coming.”
Typically, hackers enter systems when an employee clicks on a link, perhaps as benign as an award for a $50 gift card. An attack might stand for months before it becomes evident that the property’s data has been encrypted, Raisor said.
“If all the data is encrypted, the casino doesn’t own the keys to that encryption,” Raisor explained. “The attacker does and that’s where ransomware becomes a problem. The attacker will supply the key that unlocks the data.”
Ransomware attacks are often a poke in the eye on the hackers’ way out, to cover their tracks, Raisor said.
Hackers break into databases full of credit card numbers, player details, and HR information that they can sell on the black market, then encrypt the databases to collect a ransom.
Casinos shut down for weeks, because most of their gaming systems are interconnected with the back of the house, Raisor said. For example, slot machines connected to back-end systems are fed by databases; surveillance cameras feed back to a centralized place.
“But if that data becomes encrypted, it’s not accessible, resulting in the slots, the tables, and potentially the security system going offline,” Raisor said. “The casino can’t operate; it can’t make money.”
Companies like Vectra AI offer software that detects hacks and helps isolate them before hackers can steal and encrypt the data.
Artificial intelligence is the best way to fight cyberattacks, Raisor said. Casinos get attacked all the time and that creates a lot of noise. Artificial intelligence sniffs out the nefarious actors, separating them from mere nonsense, he said.
Traditionally, analysts had to comb through tens of thousands of alerts on a daily basis. Today, “The AI software hangs a sensor off a network switch and we see all the traffic passing across that sensor,” Raisor said. “The sensor sends all the data to what we call a ‘brain,’ which identifies what’s important for the security analyst.”
That’s especially critical, given the current sophistication of cyberattacks. “They go from the point of inception and it can be six months before they do anything, or if they do, they make little movements to stay under the covers,” Raisor said.
The AI is looking for anything that operates outside of normal. It also keeps an eye on events that tie back to a specific host, such as a server, computer, or slot machine, Raisor said. It can pinpoint something that’s starting to look like an attack, alerting analysts to examine it further. One way to stop the attack is to isolate the host and sever its connection to the greater network. “That’s why you’re looking at behavior, so you can head problems off at the pass.”
Raisor said that cybersecurity is nuanced or even mislabeled. “There’s no silver-bullet vendor out there.” Instead, different components all play together, like an ecosystem.
Raisor’s product looks at network behavior to determine whether or not it’s a threat, but Vectra AI also works with Microsoft, a technology partner for Microsoft Defender.
“We contextualize information from their product and feed information into their product,” Raisor said. “We’re really good at playing together to detect a host that’s probably compromised, so we might want to create a policy that locks that host out.”
In many instances, however, it’s too late to do anything, Raisor said. For years, casinos and companies in other industries did a good job of building a “moat,” a security perimeter around a network. However, once a hacker got past the perimeter and into a system, that wasn’t monitored.
“Cybersecurity is now focused inward. It’s an inside-out type of approach,” Raisor said. “That allows us to determine if something is going to happen, as well as if we’ve been compromised.”