Hackers who targeted Canadian casinos “financially motivated”


canada-casino-hackersThe computer hackers who stole Canadian casinos’ customer data and posted it online will likely strike again, according to a new report by a cybersecurity company.

On Friday, the US-based FireEye security firm issued a report identifying a shadowy group it’s calling FIN10 as the culprits behind the cyber-targeting of at least 10 Canadian companies between 2013 and 2016.

FireEye didn’t identify any of the companies by name, but previous media reports have linked FireEye to an investigation into last year’s hacking of the River Cree Resort and Casino near Edmonton, Alberta. Two other Canadian casinos – Ontario’s Casino Rama Resort and the Cowboys Casino in Calgary – suffered similar attacks in 2016.

FireEye said it was unable to specify where the FIN10 group might be based, but noted that its members appear to be native English-speakers, despite efforts to claim that it was (alternately) a Russian or Serbian outfit by (apparently) running its communications through online translation tools. FireEye also doubts that FIN10 is a state-sponsored outfit, as it employs common and widely available tools and techniques.

The hacks of Casino Rama and Cowboys Casino were followed by threats to release the stolen customer and vendor data – which happened last year to Casino Rama and just this week to Cowboys Casino – and the hackers publicly claimed to have been motivated by a desire to force the casinos to improve their data security protocols.

However, FireEye claims the FIN10 group was “financially motivated” and said the hacks were accompanied by demands for payment ranging from 100 to 500 Bitcoins within 10 days in exchange for not releasing the stolen customer data and/or restoring a targeted company’s frozen systems.

FireEye’s report declined to specify how many of FIN10’s targets had complied with the ransom demands but noted that FIN10 had submitted fresh demands this year to the companies that did pay.

FireEye warned other Canadian companies to beef up their cyber-defenses as the watchdog suspects FIN10 – which it dubbed “the most destructive threat actor to hit Canada to date” – will likely strike again “in the coming weeks or months.”