Smart Fish Tank Leads to Casino Breach
Hackers attacked a casino's internet connected fish tank to gain access to the company network.
Internet connected devices are growing in popularity and as they do so does the risk of a breach occurring. A North American casino learned the risks associated with smart devices when something fishy seemed to be taking place within their smart aquarium.
In a recent report for Darktrace, hackers attempted to steal data via accessing a casino's smart fish tank. The reason for the casino needing such a tank was to be able to conduct maintenance for the fish remotely. Employees would connect to the tank's network to regulate the temperature, salinity, and feeding schedule. The connection was exploited which eventually led to a group of unnamed hackers to infiltrate the casino network and upload data to a server in Finland.
Justin Fier, director of cyber intelligence and analysis for Darktrace, says "Someone used the fish tank to get into the network, and once they were in the fish tank, they scanned and found other vulnerabilities and moved laterally to other places in the network."
The discovery took place once Darktrace's technology detection was installed and sensed anomalous behavior being admitted from the tank. Among the activity detected was the transfer of 10GB outside the network, no other company device had communicated with this external location, no other company device was sending a comparable amount of outbound data and communications took place on a protocol normally associated with audio and video.
"In the current cyber climate with political and corporate espionage, I think you're going to start to see attackers, whether nation state or criminal, having to get more creative in their attack vectors."
The casino (which remains unnamed at the moment) has since secured the rouge fish tank, however, many cyber security experts believe this is only the beginning of unconventional methods of gaining access to a network. "Phishing emails will be one-way hackers can get onto systems. But things like insecure fish tanks connected to the internet will be another" says Fier.
As internet connected devices and appliances are becoming common, more paths for cyber criminals are created to gain access to networks and take advantage of insecure devices.
