Saturday, April 1, 2023

Online Sports Betting: How To Protect Yourself In The Metaverse

 


Now that the COVID-19 pandemic seems to have dissipated from the news headlines, one of the relics it has left has been the Remote Workforce.  As I have written before, this is something that many people thought would happen in a few years. 

But right when it hit, within a three-month timespan, everybody was pretty much WFH.  With this transition, many Americans now have taken up new hobbies, and one of them is online sports betting.

So what is this exactly?  Well, rather than going straight to the sporting venue to place a monetary as to which team will win, you can now do that all online, with a sports betting application.  You can do this directly from a web link on your device, or the more popular tool to use would be a mobile app. 

Do for example, if you wanted to bet on the March Madness basketball brackets, rather than doing at work, you can do it straight off the app.

It is actually quite convenient, as you get updates on your bets in real time, and once you have made enough money, you can transfer it in just a few seconds to your bank account.  But with all of these plusses, there comes downside as well. 

And this comes from the Cyber risks that come with it.  Since all betting transactions are done on the Internet, all of the platforms are just as prone (or maybe even more) to the Cyberattacker.

Take into account these hacking scenarios, which have actually happened:

*According to a recent survey from an organization called “Coda Labs” a survey of nearly 7,000 respondents showed that there is an almost 41% distrust in the security of online gaming platforms.

More information about this can be seen online here:

https://www.esports.net/news/fraudulent-web3-gaming-projects-what-they-mean-for-the-space/

*Back in 2021, Electronic Arts, a major online gaming vendor, there was a data security breach which resulted in well over 780Gb of information and data being heisted.  This was then sold by the Cyberattackers on the Dark Web.

More information abut this Cyberattack can be seen at the link below:

https://www.vice.com/en/article/wx5xpx/hackers-steal-data-electronic-arts-ea-fifa-source-code

But it’s also not the online gaming community that is being hit, but also the crypto trading platforms as well.  For example, Ronin Bridge a platform built for Ethereum trading was also hacked into, and from that, over $650 million was heisted. 

More details on this can be seen at the link below:

https://cointelegraph.com/news/the-aftermath-of-axie-infinity-s-650m-ronin-bridge-hack

So in the end, somebody has to take the lead in helping to protect these online betters.  And guess who it all comes down to?  You got, the CISO.  So what can they do?  Here are some steps that can be implemented fairly quickly;

1)     Find out where your betters hang out at:

Online gaming apps just do not exist on a smartphone app.  They also exist heavily in the social media world as well.  So, find out where your employees go to, and offer tips and advice as how your gamers can best protect themselves on that particular platform.  If needed, even offer specialized Security Awareness training in this regard.

2)     React immediately:

Although every Cyber threat variant should be taken very seriously, breaches when it comes to online betting should be taken more seriously.  The primary reason for this is that this is where real money is being transacted, and a lot of PII is being transmitted back forth between betters and the mobile apps.

3)     Be aware of BEC scams:

This is the type of Phishing attack where a CEO is impersonated, and very often, strikes a sense of fear into employees (or in this case the online betters) to act in a way that is not rational. For example, a scam like this could ask betters to place bets on phony sporting teams.  As a CISO, you need to be fully aware of this, and to have your IT Security monitor what is going on.  Also of need be here, even educate your betters about this particular threat variant as well.

4)     Ensure data protection:

This is a no brainer, and in fact is now mandated by the statutes and provisions of the GDPR and the CCPA.  As the CISO, you have primary responsibility to make sure that all of the PII datasets of your betters are as protected as much as possible, and that the appropriate alarms and warnings will go off once a threat variant is tracked aimed at your databases.

5)     Pay attention to the phony stuff:

At the height of the pandemic, phony websites became the norm.  Although this has dissipated somewhat, this trend is still there.  In fact, it has gotten so bad that it is even hard for a Cyber professional to discern what is real and not.  Make sure that your IT security is on top of this.  Also, be aware of typo squatting.  This is where a Cyberattacker will register a domain like yours, but instead, put an extra letter in it.  For example:

onlinegaming.com could very easily become:

onlinegamming.com

Notice the extra “m”?  It is from here that phony websites can launched.  You also have to be very mindful of this, and report any fictitious sites.

Also be aware of any phony ads or promotional codes that replicate your online betting site or app.

My Thoughts On This:

This blog has just provided some tips that a CISO can use to protect only their online betters but even their employees as well.  But keep in mind, that they have their part they need to do as well.  For example, these groups of people need to be aware of any Phishing based emails that they may receive, and report them.  But above all, they need to be able to detect what is normal activity and what is out of the norm, and report that immediately to your Cybersecurity team.

Some of these gaming platforms are now starting to exist in what is known as the Metaverse and the Web 3.0.  Eventually, these are the places where they will all exist. 

The downside of this is that not many people know about these newer kinds of online technologies, thus a strong level of trust will have to be built with your online betters if you are planning to take your platform into this direction.

 

No comments:

Post a Comment

How To Launch A Better Penetration Test In 2025: 4 Golden Tips

  In my past 16+ years as a tech writer, one of the themes that I have written a lot about is Penetration Testing.   I have written man blog...