Gambling Sites under Threat from New Hacker Group
A new threat group called GambleForce has been uncovered by cybersecurity firm Group-IB, targeting websites in various industries across at least eight countries. GambleForce, of unknown origin, employs basic but effective techniques, such as SQL injections and exploiting vulnerable website content management systems, to steal sensitive information like user credentials.
Online Gaming Under Attack
The threat posed by GambleForce is significant due to its ability to target a wide range of industries and its use of basic but effective techniques that are difficult to defend against. It joins the ranks of other hacking groups that have been active lately, including Scattered Spider, the group behind the recent attacks on MGM Resorts International and Caesars Entertainment.
GambleForce's initial focus was on gambling websites, but it has since expanded its attacks to include government, retail, and travel websites. Group-IB's threat intelligence team first identified GambleForce's command and control server, which houses the group's hacking tools, in September. The files include sqlmap, a popular open-source penetration testing tool for identifying and exploiting vulnerable database servers through SQL injections.
GambleForce relies solely on freely available open-source tools for initial access, reconnaissance and data exfiltration, along with Cobalt Strike, a penetration testing software commonly used by hackers. The group's use of Chinese language commands in its Cobalt Strike client suggests that the group may have Chinese origins, but this is not definitive.
Indiscriminate Attacks
Over the past four months, GambleForce has targeted 24 organizations. Among these were a gambling site in South Korea, a government website in the Philippines and more. The group used various attack vectors, including exploiting known vulnerabilities in the Joomla CMS (content management system) and extracting data from website contact form submissions.
GambleForce's indiscriminate data theft approach is alarming, as it does not target specific information. Instead, the group attempts to extract all possible data from compromised databases, including both hashed and plain-text user credentials. Group-IB is still investigating how GambleForce utilizes or monetizes the stolen data.
In some instances, GambleForce was only able to make a connection to the target without gaining entrance to its servers. This could be either by design or due to a flaw in the group's code. If the former, it could indicate that the group is compiling a list of potential targets to hit later. If it's the latter, GambleForce's hackers are likely working on a fix to avoid detection in future attacks.
More Business News
RELATED TOPICS: Business
Review this New Post
Leave a Comment
User Comments
Comments for Gambling Sites under Threat from New Hacker Group