This Online Gaming Company Didn t Want to Roll the Dice on Security That s Why it Worked with BlackBerry

Similar documents
Why This Major Automaker Decided BlackBerry Cybersecurity Consulting was the Right Road to Protecting its Connected Cars

How a Global Insurance Provider in Japan uses BlackBerry UEM to Secure, Protect and Connect its Mobile Workforce

BlackBerry Enterprise Identity

A Mobile Security Checklist: The Top Ten Threats to Your Enterprise Today. White Paper

Why This Major Energy Company Surged Back to BlackBerry After Trying AirWatch

BlackBerry WorkLife Persona. The Challenge. The Solution. Datasheet

BlackBerry 2FA. Datasheet. BlackBerry 2FA

BlackBerry UEM is a Wise Investment for ABANCA

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

with Advanced Protection

CYBER SOLUTIONS & THREAT INTELLIGENCE

falanx Cyber Falanx Phishing: Measure your resilience

How NSFOCUS Protected the G20 Summit. Guy Rosefelt on the Strategy, Staff and Tools Needed to Ensure Cybersecurity

Clearing the Path to PCI DSS Version 2.0 Compliance

2018 Edition. Security and Compliance for Office 365

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

Evolution of Spear Phishing. White Paper

Best Practices in Securing a Multicloud World

Security Awareness Training Courses

A HOLISTIC APPROACH TO IDENTITY AND AUTHENTICATION. Establish Create Use Manage

Avanade s Approach to Client Data Protection

Run the business. Not the risks.

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

BlackBerry UEM + Samsung Knox

Cyber Espionage A proactive approach to cyber security

How Breaches Really Happen

Incentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO

Service. Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution

Mike Spear, Ops Leader Greg Maciel, Cyber Director INDUSTRIAL CYBER SECURITY PROGRAMS

May the (IBM) X-Force Be With You

Wayward Wi-Fi. How Rogue Hotspots Can Hijack Your Data and Put Your Mobile Devices at Risk

Orange: Cisco & Orange: a human touch for a digital experience

A Government Health Agency Trusts Tenable to Protect Patient Data and Manage Expanding Attack Surface

Managed Enterprise Phishing Protection. Comprehensive protection delivered 24/7 by anti-phishing experts

CYBER SECURITY TAILORED FOR BUSINESS SUCCESS

Brochure. Security. Fortify on Demand Dynamic Application Security Testing

Cybersecurity Survey Results

Thanks for attending this session on April 6 th, 2016 If you have any question, please contact Jim at

Gujarat Forensic Sciences University

Evolution of Cyber Security. Nasser Kettani Chief Technology Officer Microsoft, Middle East and Africa

CYBER RESILIENCE & INCIDENT RESPONSE

RSA INCIDENT RESPONSE SERVICES

5 Trends That Will Impact Your IT Planning in Layered Security. Executive Brief

FOR FINANCIAL SERVICES ORGANIZATIONS

RSA INCIDENT RESPONSE SERVICES

Department of Management Services REQUEST FOR INFORMATION

BHConsulting. Your trusted cybersecurity partner

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited

The Next Generation of Credential Technology

Integrated Access Management Solutions. Access Televentures

Panelists. Moderator: Dr. John H. Saunders, MITRE Corporation

THE EVOLUTION OF SIEM

Are we breached? Deloitte's Cyber Threat Hunting

Red Hat Roi analysis. Red Hat JBoss fuse and Red Hat JBoss a-mq compared with apache community projects. Reduced time to market.

THE CYBERSECURITY LITERACY CONFIDENCE GAP

Threat Intelligence to enhance Cyber Resiliency KEVIN ALBANO GLOBAL THREAT INTELLIGENCE LEAD IBM X-FORCE INCIDENT RESPONSE AND INTELLIGENCE SERVICES

IBM Security Systems. IBM X-Force 2012 & CISO Survey. Cyber Security Threat Landscape IBM Corporation IBM Corporation

RSA NetWitness Suite Respond in Minutes, Not Months

Clearing the Path to PCI DSS Version 2.0 Compliance

Machine-Powered Learning for People-Centered Security

THE CRITICAL COMMUNICATIONS COMPANY CYBER SECURITY AS A SERVICE

CyberEdge. End-to-End Cyber Risk Management Solutions

Cyber Fraud What can you do about it?

Cybersecurity The Evolving Landscape

2014 NETWORK SECURITY & CYBER RISK MANAGEMENT:

The Cyber War on Small Business

The Credential Phishing Handbook. Why It Still Works and 4 Steps to Prevent It

Cyber Resilience. Think18. Felicity March IBM Corporation

AKAMAI CLOUD SECURITY SOLUTIONS

Automated Context and Incident Response

Express Monitoring 2019

Security and Compliance for Office 365

NERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS

Cybersecurity Risk Mitigation: Protect Your Member Data. Introduction

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

Cyber Security: It s all about TRUST

SIEM: Five Requirements that Solve the Bigger Business Issues

Cisco Collaboration Optimization Services: Tune-Up for Peak Performance

SOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM

Security-as-a-Service: The Future of Security Management

The security challenge in a mobile world

Governance Ideas Exchange

Protecting your next investment: The importance of cybersecurity due diligence

Retail Security in a World of Digital Touchpoint Complexity

BRING SPEAR PHISHING PROTECTION TO THE MASSES

TRAINING WEEK COURSE OUTLINE May RADISSON HOTEL TRINIDAD Port of Spain, Trinidad, W.I.

Machine Learning and Advanced Analytics to Address Today s Security Challenges

Steps to Take Now to be Ready if Your Organization is Breached Thursday, February 22 2:30 p.m. 3:30 p.m.

The Problem with Privileged Users

Cyber Security Technologies

WHITEPAPER. How to secure your Post-perimeter world

Cyber Attack: Is Your Business at Risk?

Entertaining & Effective Security Awareness Training

National Cyber Security Operations Center (N-CSOC) Stakeholders' Conference

ForeScout ControlFabric TM Architecture

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

Healthcare Independent Health Jeremy Walczak

9 Steps to Protect Against Ransomware

Cybersecurity, Trade, and Economic Development

A GUIDE TO CYBERSECURITY METRICS YOUR VENDORS (AND YOU) SHOULD BE WATCHING

Transcription:

This Online Gaming Company Didn t Want to Roll the Dice on Security That s Why it Worked with BlackBerry At a Glance With offices across the country, this gaming company has been in operation for decades. In recent years, it has expanded its business online. Concerned that some customers might use its new line of business to cheat for financial gain, the company approached BlackBerry Cybersecurity Consulting for help securing its gaming applications. A full-service cyber consultancy practice, BlackBerry Cybersecurity Consulting leverages BlackBerry s proven leadership in high-security organisations and use cases. Through extensive investigative experience and in-depth knowledge, BlackBerry s cybersecurity professionals assess the unique threat landscape and security challenges of each organisation they work with. Industry Online Gaming Services BlackBerry Cybersecurity Services

The Organisation With a history that spans decades, this gaming company brings in several billion pounds a year. Recently, the owner decided to bring the business online. Though this greatly increased its customer base, it also opened the organisation up to an unexpected problem: cyber criminals. When you re face-to-face in a betting shop, it s difficult to try to cheat them out of their money, explains James McDowell, Director of BlackBerry Cybersecurity Consulting. The Internet is a completely different ball game, and the owner of the company realised that. They approached us with the concern that people might be able to cheat them online. As it turns out, they were right and BlackBerry helped them address their concern. The Challenge Although it s certainly possible to steal from a business s physical office, it s far easier to defraud them online. Gaming companies are a prime target for this particular brand of attack, given the large volumes of money they frequently handle. This organisation was no different its website features a large selection of different gaming applications, all purchased from external vendors. A lot of the games on these online platforms are not developed by the company themselves they re brought in from a third party, says McDowell. Given the number of different apps used by the organisation, there was almost certain to be at least a few vulnerabilities. And each of those vulnerabilities could be used to commit fraud. What s more, because these apps are purchased and not developed internally, they carry additional risk. A hacker could examine the games on a website and research them online to uncover and exploit common vulnerabilities. And the victim would likely be none the wiser. There are a lot of unanswered questions where application vendors are concerned, McDowell continues. What validation are their applications going through before being distributed? What kind of code have they shipped to their clients? What are they doing about security? These were questions the firm s leadership recognised their cybersecurity posture as being too immature to answer. They knew they needed to bring in an expert, and BlackBerry fit the bill.

Whenever we approach security, we ask the question of how a company makes money. That s how we formulate our security assessment and it s how we patched several major vulnerabilities that would have cost our client a great deal of money. James McDowell Director, BlackBerry Cybersecurity Consulting

The Services The organisation gave BlackBerry full rights to perform any tests necessary to evaluate its security posture, including probing its website for vulnerabilities and evaluating the physical security of its retail outlets - BlackBerry thus carried out a full assessment of its infrastructure, both online and off. The Cybersecurity Consulting team examined the code of the company s applications for vulnerabilities, and attempted to test if those vulnerabilities could be used to commit fraud. The assessment revealed several major gaps in the company s security. One of the applications we tested was a trivia game hosted on the company s website, says McDowell. After analyzing the app, we discovered a flaw in how the questions were transmitted from the server to the user they were encrypted until the moment before they reached the user s computer. This allowed for a window of opportunity to intercept each question. BlackBerry s team developed code that would take the question in plaintext, search it on Google, and automatically input the search results into the game. They then used the code to win 50,000 pounds in less than an hour. After returning the money to the gaming company, they walked the company through the exploit including how to defend against it. They did this for several applications on the company s website, but also tested its overall security posture. We weren t just looking for technical vulnerabilities in the apps, explains McDowell. We were looking for exploitable, vulnerable business processes. For example, were we able to open an account without address verification? Are there measures in place to detect and mitigate unusual activity? Our tests were about showing our client where their blind spots were, and helping eliminate them, he adds. The team also carried out a test phishing campaign. They created an email address that looked like that of the IT Director, and used it to send an email with a link to a dummy program meant to represent malware. They then chose the emails of one hundred people at random to receive that email. In addition to testing their systems and processes, BlackBerry probed the organisation s retail outlets to determine defenses against social engineering attacks. In one test, the team printed off false lanyards and polo shirts embroidered with the company s logo. They then walked into an outlet and informed the staff they were from central IT and had an update that needed to be installed on the till system. A lot of what we did is what s called open-source intelligence, says McDowell. We looked around the web to see if anyone was talking about the company, to see if anyone had highlighted vulnerabilities within the organisation or its game it was really an extension of the original groundwork we did. After locating the gaming company s vulnerabilities, BlackBerry then took it through the processes necessary to fix potential exploits. Finally, the team walked the business through other steps it could take to improve its security posture.

The Results Working with BlackBerry Cybersecurity Consulting, the company has made itself more secure in two core areas. Improved Security Awareness Assessment of the organisation s physical outlets and staff behavior allowed it to develop better security awareness programs for its employees. Workers now understand the different ways a criminal might attempt to use them to defraud the organisation. There are also concrete security processes for the workers to follow in the event of an incident. Elimination of Vulnerabilities and a Better Response Plan With BlackBerry s help, the organisation now has a better incident response plan. It has also implemented monitoring solutions to detect behavior that might indicate fraud. Lastly, by taking the organisation through the vulnerabilities in its applications, BlackBerry was able to help it eliminate them, fostering a better organisational understanding of security in the process. About BlackBerry BlackBerry is securing a connected world, delivering innovative solutions across the entire mobile ecosystem and beyond. We secure the world s most sensitive data across all end points from cars to smartphones making the mobile-first enterprise vision a reality. Founded in 1984 and based in Waterloo, Ontario, BlackBerry operates offices in North America, Europe, Middle East and Africa, Asia Pacific and Latin America. The Company trades under the ticker symbol BB on both the Toronto Stock Exchange and the NYSE. For more information, visit global.blackberry.com. 2018 BlackBerry Limited. Trademarks, including but not limited to BLACKBERRY, BLACKBERRY UEM, and EMBLEM Design are the trademarks or registered trademarks of BlackBerry Limited, its subsidiaries and/or affiliates, used under license, and the exclusive rights to such trademarks are expressly reserved. All other trademarks are the property of their respective owners.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback