Increasing cyberattacks this year against American and international businesses have fueled speculation that Russian hackers may be trying to help fund the Russian Federation’s year-long invasion of Ukraine.
CDC Gaming Reports noted that last fall, National Indian Gaming Commission Chairman Sequoyah Simermeyer said successful hacker attacks against tribal casinos had fallen precipitously last year, compared to the year before when the tribal gaming industry was hard hit, which resulted in lost revenue, shut casinos and paid out ransomware demands.
CDC spoke to Howden Specialty insurance Executive Director and cyber expert David Rees while he attended the Cyber Security Summit. Rees said that in recent weeks ransomware attacks have increased.
Rees declared, “I have to be careful when I say this. I’m not saying all ransomware attacks come from Russia, but a lot of ransomware attacks come from Russia. Given what’s going on between Russia and the Ukraine, the drop in frequency was the Russian hackers, who at one point were sitting in an office carrying out ransomware attacks, were finding themselves on the front lines fighting in Ukraine. As for why that’s increasing again, if they’re from Russia, one of the things Russia needs at the moment is money to fund the war. That’s the thought process, but it’s shared among quite a few people.”
Kimberly C. Gordy, a partner of the law firm of BakerHostetler, who specializes in cybersecurity-breach response, told CDC, “ransomware has gotten crazy in the last three weeks” and noted seven such attacks against her clients. She continued, “This week, we actually had one of our clients, the CEO of the company, receive a money plant via a florist at the house, saying, ‘Hi, thinking of you, signed the threat actor.’ They’re getting creepier, scarier, and a little more personal.”
She noted that attacking tribal enterprises doesn’t just involve casinos, but also funding for health care and education. She said, “I think there’s a misunderstanding that hackers see a casino and think we’re now in ‘Oceans 11’ territory, where we have vaults of cash and an instant windfall.” She added, “They’re not seeing it’s more complicated and that it’s probably going to impact schools, government, and hospitals. Tribes have all the major businesses and target areas. That is a huge risk.”
Hackers often spy on cyber insurance policies to figure out how much tribes can afford to pay.
During the lull in cyberattacks last year, the severity didn’t go away, but frequency declined. That helped the insurance industry, which wasn’t required to jack up premiums as much. Some insurers that had dropped out of the market in 2021, the worst year for cyberattack losses, reentered it, said Rees.
Now, however, Rees is warning tribal executives that such attacks are on the rise—and are more dangerous. “What we’re starting to see is that these hackers are starting to not only lock down the data, but stealing it at the same time,” he said, per CDC. “They say if you don’t pay, we’re going to release that data into the dark web or in the public domain where you find yourself in a privacy breach.”