Operators rocked by new wave of cyberattacks on customer chat services
So-called Ice Breaker APT targets operators via chatbots to install a Trojan horse in firms' back-end software
Through an investigation carried out by Security Joes, the Israeli firm established that at least four operators have been targeted in the new wave of attack, most recently as September 2022.
The info security firm has been tracking the attacks for several months and noted that the attackers attempted to lure employees and BPOs (business process outsourcing) into executing a backdoor entry that has not been documented before.
This new attack has been dubbed Ice Breaker APT as it occurred in the months leading to igaming tradeshow ICE London.
The location of the attackers is currently unknown but Security Joes has determined that English isn’t their first language due to the perpetrators using French and Spanish chat services to install these hacks.
Attackers aim to get staff to unwittingly install the malicious software by posing as players and then engaging customer service chat agents by claiming they are having problems registering an account.
Instead of including a standard image screenshot of the problem, the hackers are sending a link which clicks through to a download, which in theory would contain the image.
However, once the file is download, support staff are asked to unzip a file, and instead of seeing a screenshot, it installs a Trojan horse which allows the hacker access to the network and allows them to carry out any action that a legitimate user could perform, such as exporting files, modifying data, deleting files or otherwise altering the contents of the device.
This is the latest cyberattack on the industry and is the most high-profile one made public since the BlackCat Group attacked Nigerian bookmaker Bet9ja last April.
The ransomware group, believed to be from Russia, demanded 141bn naira (£260m) in order for Bet9ja to regain control of its hijacked site.