Cyber-Crime Leader Unmasked in a Big Win for Gambling Sector

The UK and Rest of the World gambling industry can breathe a sigh of relief following the capture and unmasking of the leader of one of the world’s most harmful cybercrime groups which was attacking casinos sites, among others.

Russian national Dmitry Yuryevich Khoroshev was sanctioned by the UK, US and Australia, following a National Crime Agency-led international disruption campaign.

Khoroshev, AKA LockBitSupp, who thrived on anonymity and offered a $10 million reward to anyone who could reveal his identity, will now be subject to a series of asset freezes and travel bans. (Image: NCA’s website)

What threats did LockBit pose to the gambling industry?

• Provided ransomware-as-a-service (RaaS) to a global network of hackers or ‘affiliates’ 
• Supplied the tools and infrastructure to carry out attacks 

Related Reads:

Although the full extent of LockBit’s criminal activity was previously unclear, information gleaned from their systems revealed that more than 7,000 attacks were constructed with their help between June 2022 and February 2024. 

The US, UK, France, Germany, and China were the top five nations affected.

The NCA took seized the group’s services, including its dark web leak site. (Image: )

What impact has the capture of the leader had? 

• Monthly LockBit attacks reduced by 73% in the UK since February’s action
• Other countries report reductions
• Attacks appear to have been carried out by less sophisticated affiliates with lower levels of impact

NCA’s operation Cronos listed affiliate IDs and usernames. (Image: NCA website)

NCA Director General Graeme Biggar said: “These sanctions are hugely significant and show that there is no hiding place for cyber criminals like Dmitry Khoroshev, who wreak havoc across the globe. He was certain he could remain anonymous, but he was wrong.”

“Today’s announcement puts another huge nail in the LockBit coffin and our investigation into them continues. We are also now targeting affiliates who have used LockBit services to inflict devastating ransomware attacks on schools, hospitals and major companies around the world. 

Working with our international partners, we will use all the tools at our disposal to target other groups like LockBit, expose their leadership and undermine their operations to protect the public.”

The UK has is part of the global gambling industry and as such generates a huge sum of money with a gross gambling yield (GGY) of £15.1 billion in the period between April 2022 and March 2023.

It is no wonder that the UK and rest of the world’s gambling industry has become such a coveted target for hackers and cyber-crime.   

It is estimated that the UK gambling industry alone is worth an incredible £14 billion and employs more than 46,000 people contributing £2.3 billion towards the UK GDP.

Some estimate that just over a quarter of the GGY some £4.7 billion comes from online platforms. It goes without saying that the criminals have a massive bullseye in their sights including Casinos, online platforms and customers for the theft of cash but also data.  

A survey in 2020 by The Department of Culture and Media Services  revealed over 50% of  UK gambling businesses suffered a cyber incident of some kind.  

The nature of cyber-attacks has changed since 2017. 

Over this period, there has been, among those identifying any breaches or attacks, a rise in businesses experiencing phishing attacks (from 72% to 86%), and a fall in viruses or other malware (from 33% to 16%).

Reports include:

• Attempted hacking 
•  Malicious users trying to take down websites, applications or online services.  
• Viruses 
• Spyware 
• Malware  
• Staff receiving fraudulent emails attempting breaches 

The FBI issued a warning in 2023 regarding the rise of Ransomware threat groups exploiting vulnerabilities in vendor-controlled remote access systems to intrude on casino servers and initiate attacks. 

The FBI issued a private industry notification in November 2023.  It followed a pair of high-profile ransomware attacks on casino and hotel giants MGM Resorts and Caesars Entertainment, as well as an attack against Marina Bay Sands in Singapore in the latter half of last year.   

Why Are Cyber Criminals Targeting the Gambling Industry?

The eSports and gaming industry is an attractive target for cybercriminals for several reasons   

• Massive revenue and target for financial gain 
• Huge numbers of global gamers offer target for personal information for identity theft and malicious purposes 
• Success at disrupting high profile gambling industry gives attackers fame and notoriety 

What can be done to mitigate risk and protect? 

Mitigating Risk – What Can You Do?

• Data protection 
• Regular risk assessment
• Website protection 
• Compliance reviews  

In order to help international law enforcement combat ransomware, public reporting is crucial. If you are in the UK, you should report your event to the appropriate agency as soon as possible by using the Government’s Cyber event Signposting Site.