Gamblers and dealers beware; whether in Vegas or Monte Carlo, it’s not strictly your wallet that’s at risk of running on empty.

What do gamblers, casinos, and the FBI have in common? If your answer is money, then try again. The digital age has arrived at brick-and-mortar casinos around the world, bringing with it its own flavor, including malice of a different kind than traditional card counters or chip dumping.

It’s true that casinos are highly regulated and well-protected against fraud of many kinds (often resembling or surpassing the security at hospitals and airports), but these days, it’s cybercriminals who have their eyes set on the grand prize. Casinos bank more than just their guests’ stakes. It’s the sensitive data they keep, such as financial records, personal details, and more, that make up the jackpot nowadays.

With ESET World 2025 taking place in the city of “lost wages” from March 24, 2025, perhaps it’s a good opportunity to raise cyber awareness in an area that might not be so obvious, as, increasingly, it is the data of the city’s guests, rather than the vaults, feed tables, and slot machines, that criminals are interested in.

The city of Las Vegas has many nicknames. Also known as the “gambling capital of the world,” the city is known for its lustrous casinos, luxurious hotels, and, of course, games. Within every casino, virtually hundreds of thousands of US dollars get exchanged daily. In 2023, this accounted for a collective $66.5 billion in casino revenue.

Not even George Clooney’s Ocean’s Eleven character, Danny Ocean, would scoff at such an amount, but even he would be shocked at the idea that there is more to a casino than the contents of its vaults.

Beyond the billions is the valuable data of a casino’s clientele, from people searching for lodging to event organizers, or regular, everyday casino-goers. From an even broader perspective, data on business partners (supply chains that provide the machines and security systems), employees, and even the top managers themselves, would be of great interest.

Why is all of this so interesting to threat actors? Let’s start with the sensitive data, like personal information. Anyone who’s ever checked in at a hotel knows the sort of details they have to provide to be given their rooms, such as:

1. Some form of an ID (state IDs, drivers’ licenses, passports, etc.)
2. Their name, address, preferences, email
3. Payment details

On top of that could be other specifics, such as further personal data (companions, dietary restrictions, accessibility requirements) or more. This much granular data can be very valuable on the black market, with stolen personal data from documents such as IDs or passports costing from hundreds to thousands of dollars per document.

Thus, threat actors roll the dice. In 2023, it came to light that the prominent casino chain MGM Resorts was targeted by a cyberattack, with hackers exfiltrating data such as names, contact information, gender, date of birth, IDs, and even Social Security numbers. The attack reportedly cost the chain around $100 million … certainly not chump change.

So, who’s responsible for the cybersecurity of the casino’s guests? From one point of view, it is the establishment itself, since, as it is providing a service, it needs to cover any liabilities. This is supported by regulations and guidelines recommending tight security, especially for sensitive data. Just off the top, PCI DSS would cover payment data, while the NIST Cybersecurity Framework would help a casino/hotel of any size to enact appropriate cyber measures.

For casinos in Las Vegas, the Nevada Gaming Commission (NGC) has a clear set of cybersecurity regulations for gaming operators to follow.

Perhaps this also places a bit too much of a burden on these places of entertainment. And, while guests don’t want such thoughts on their minds while hitting the jackpot, the reality is that personal awareness plays a big role when all the chips are down. Otherwise, man-in-the-middle attacks, in which cybercriminals create functional, but fake, Wi-Fi access points (aka “evil twin” networks), can gather sensitive data from victims’ devices.

Don’t bet the farm!

There are threats aplenty in the world of casinos. Scams with fake ads copying a well-known casino’s brand can present promising online gambling opportunities with great welcome bonuses. In fact, some of these scams use unauthorized photos of employees and properties to appear legitimate. What’s more, by pretending to be casino staff, bad actors could try to social engineer their way toward sensitive data, or even gain access to a casino’s systems.

What both casino operators and guests have in common is an understanding that stacking the deck in their favor is important. To double down on their security, they should consider:

• Prevention-first security: Simple antiviruses aren’t enough to protect the myriad devices casinos, hotels, or their guests have. Also, as various IoT vulnerabilities and supply-chain breaches enter the mix, these businesses and consumers must be on a proactive lookout. Businesses should consider investing in a platform such as ESET PROTECT Elite, which can provide all-encompassing protection with vulnerability management and advanced threat defense.
• Active threat hunting: For those casinos that lack the right IT staff, it would be wise to invest in a managed security service, such as ESET PROTECT MDR Ultimate, which, on top of product security, also adds highly tailored 24/7 protection with experts acting as your wild card against would-be malice, ensuring business continuity.
• Security audits: This is especially useful for protecting against supply-chain threats. A security audit could highlight weaknesses in casino systems, enabling the defenders to patch them up on time.
• Zero-trust: Access management methods such as zero-trust can ensure proper controls to mitigate the chances of unverified access. For employees, having a solution capable of Secure Authentication is one way to achieve this.
• Integrate: Casinos with existing security solutions should consider diversifying their existing security stacks with additional solutions such as Threat Intelligence. Consider that the more details that are available to an operation, the better and faster their decisions could be, saving a business millions in minutes.
• Mobile Security: Visitors to Vegas are very likely to be on the move. Hopping on and off various networks, trying out new apps, and signing up to promotions for discounts all get safer with a security solution like ESET Mobile Security, which offers protection from viruses, ransomware, and other malware. Prevention First helps you stay safe, evade phishing scams, shop safely, browse, and download files.

Incidentally, advice like this will be discussed at ESET World 2025, at the Aria Resort & Casino in Las Vegas, where experts from all around the globe, from businesses, to analysts, to government actors, will present a path to achieving a secure future. Vegas will be the place to see where progress is protected, and to connect with CISOs, renowned threat hunters, and cybersecurity experts advising CISA, NATO, and Interpol.

There’s no reason not to implement powerful security measures to deter malicious actors from swooping in on one’s turf. This means that casinos, resorts, hotels, and even their guests, should realize that it’s not just everyone’s money they’re after – there are far more compelling reasons to be targeted.

Bratislava – February 4, 2025 —ESET, a global leader in cybersecurity, today announces its new chief corporate solutions officer (CCSO), Martin Talian, whose mandate is to drive growth in delivering bespoke ESET solutions and customer success.

Mr. Talian moves from his position as VP of corporate solutions at ESET, bringing 18 years of leadership experience across diverse industry verticals to his new role. With an enduring focus on delivering value to large organizations and leadership roles with utilities, large infrastructure companies, telecommunications, digitalization, banking, and now cybersecurity, Mr. Talian is well-positioned to accelerate growth in the ESET Corporate Solutions Division.

With globally relevant expertise and demonstrable project completion, Martin Talian is set to draw from the expansive ESET portfolio of technologies, products, and services. Utilizing his rich experiences, he is poised both to create and to deliver new custom security offerings.

“Martin has been a key engine for both success and growth in the Corporate Solutions Division at ESET since its launch in 2022. He brings a passion to closing deals and delivering value to high-touch customers, and his aptitude aligns with our need both to showcase our talents and to scale our offerings. I look forward to the continued success and the fresh perspective our new C-Level manager will bring to ESET,” said Richard Marko, chief executive officer at ESET.
With large deals closing in connection with ESET NetProtect in both the EU and the Asia Pacific region, Talian’s leadership has already been recognized. These successes reflect his achievements in building and managing Solution Delivery teams, his oversight of critical sales team maturation and management processes, and his command of both the go-to-market strategy and accounts management protocols needed to succeed globally, including in North America, Latin America the Middle East and Africa.

“I am grateful for the opportunity to lead this unique team, one that I had a direct hand in building, and one which can support the wider organization in its bid to raise the prominence of ESET globally,” said Talian.

Martin Talian joins ESET’s other C-Level business leaders: CEO Richard Marko, CBO Pavol Balaj, CMO Mária Trnková, and CSO Miroslav Mikuš.

The latest ESET APT Activity Report shows improved phishing techniques that threat actors currently utilize, highlighting the need for high-quality cybersecurity awareness training.

A general recommendation about phishing attacks is not to click on anything that looks suspicious. That’s easy to follow when employees receive an email full of grammatical errors and typos from an unknown source.

However, adversaries have been improving their tactics and experimenting with new ways to make their potential victims fall for phishing — tactics that may not be so easy to spot. And it’s not only about using AI to create grammatically correct or more convincing emails. Recently, ESET researchers noticed a new trend among North Korea-aligned groups trying to build relationships with their targets before sending them malicious content.

Statistically speaking, since human error is involved in most data breaches, it is logical that threat actors don’t hesitate to leverage this major attack vector. To address this, ESET created ESET Cybersecurity Awareness Training, a story-driven course available in English, French, Spanish, and Chinese languages informing employees about current cyber threats and helping businesses with compliance and insurance issues.

Verizon’s 2024 Data Breach Investigations Report shows that 68% of breaches involved a non-malicious human element, like a person falling victim to a social engineering attack or making an error.

Most of those attacks started with phishing (tricking a user into giving sensitive information or downloading malicious content) and pretexting (use of a fabricated story, or pretext, to gain a victim’s trust) via email, accounting for 73% of breaches.

In 2024, the number of detected breaches involving pretexting surpassed the number of breaches involving traditional phishing attacks, according to Verizon’s data. This could be one indicator that threat actors feel the need to use more sophisticated techniques against their targets, according to the report.

Breaches involving a human element are not only prevalent but also costly, according to IBM’s Cost of a Data Breach Report 2024 conducted by Ponemon Institute. Ponemon’s researchers looked at 604 organizations in 16 countries and regions, finding that an average business loss due to phishing has now reached USD4.88 million per breach. This makes phishing attacks the second costliest type of attack, right after impacts from malicious insiders, which account for an average of USD4.99 million.

Recent ESET findings confirm this trend of threat actors utilizing improved social engineering techniques.

In Q2 2024–Q3 2024, ESET researchers saw the North Korea-aligned activity cluster Deceptive Development and North Korea-aligned group Kimsuky enhancing their phishing attacks with pretexting methods. For example, both tried to use fake job offers to approach the targeted individuals, and only after the victim responded and a relationship was established did threat actors send a malicious package to the victim.

Another group, Lazarus, distributed fake job offers for desirable positions at large companies like Airbus or BAE Systems and delivered trojanized PDF viewers along with decoy PDF documents. This group also impersonated recruiters on professional networks and work platforms, distributing trojanized codebases under the guise of job assignments and hiring challenges with the aim of cryptocurrency theft.

Kimsuky targeted North Korea experts working for NGOs and researchers in academic circles with fake requests to grant a media interview or give a presentation. They tried to establish a relationship with a good old apple-polishing ― sending amiable emails that praised the target’s expertise and asked for help. Once the attackers gained the trust of their victim, Kimsuky delivered a malicious package, usually disguised as a list of questions that should be answered before the event.

The BlackBasta ransomware gang also adopted this relationship-oriented method when targeting businesses, according to the recent discovery of the ReliaQuest threat research team.

First, they send mass email spam targeting employees, provoking them to create a legitimate help-desk ticket to resolve the issue. Then, attackers posing as IT support or help desk staff contact employees via Microsoft Teams chat and send them a malicious QR code, likely for downloading a remote monitoring and management (RMM) tool that BlackBasta can exploit.

Seeing the above-mentioned cases, it is clear that employees are a critical component of any business’s security that needs to be taken care of. In general, cybersecurity awareness training not only helps businesses to deflect user-oriented cyberattacks and fulfill compliance/insurance requirements but also decreases losses in case of a successful breach by around 5.2%.

ESET acknowledges this threat vector with the global launch of ESET Cybersecurity Awareness Training, which complements ESET PROTECT, a multilayered AI-powered solution for businesses.

Both employee training and multilayered security are integral parts of what ESET calls a prevention-first approach designed to completely evade cyber threats or mitigate them with no or only minimal disruptions in the business flow. It is a complex strategy of shrinking the attack surface while effectively reducing the complexity of cyber defense.

ESET Cybersecurity Awareness Training aims for both of these goals. First, it helps employees to recognize standard and novel cybersecurity threats abusing human factors. Second, it is easy to deploy and operate thanks to deep integration possibilities with various systems, a customizable training portal, and an easy-to-use dashboard. Thus, businesses don’t need to spend more precious IT staff time on it than necessary.

ESET Cybersecurity Awareness Training offers an engaging and story-driven experience that helps employees understand which common bad user habits of can endanger the whole company. It also explains how threat actors think — for example, how they search potential victims’ social network profiles to guess their passwords or impersonate them.

The training is based on three decades of ESET expertise in this area and is designed to change employee behavior, rather than merely to check a box for compliance or cyber insurance.

To keep employees vigilant in the long term, ESET Cybersecurity Awareness Training comes with phishing test simulations that businesses can run an unlimited number of times.

Benefits of Premium Cybersecurity Awareness Training

• Comprehensive online cybersecurity awareness training courses
• Multiple course options ranging from full 90-minute-long training to short courses taking from 5 to 15 minutes
• Best practices for remote employees
• Gamification that engages and changes behavior
• Helps meet HIPAA, PCI, SOX, GDPR, CCPA compliance requirements
• Helps meet cyber insurance requirements
• Certification & LinkedIn badge
• Unlimited phishing test simulations to test employees
• Admin console allowing users to manage customizable groups of employees, track learners’ status, and run phishing simulation campaigns
• School platform where employees can take their enrolled training
• Automatic email reminders to learners
• Deep integration with various popular third-party cloud-based services

Even the best and most expensive cybersecurity solution in the world can be powerless against one fooled employee who shares their password or downloads a malicious file.

Help your employees to navigate through a maze of the evolving world of cyber threats and improve your defenses with ESET Cybersecurity Awareness Training.

The world of smartphones is full of automation and requires reputable Android protection.

Most smartphone users probably know that connecting to any random Wi-Fi hotspot available is not the best idea. But sometimes, an Android device can autonomously connect to a malicious Wi-Fi network without your awareness.

Imagine that you are at your favorite restaurant, your order is complete, and now you want to check your smartphone before the meal comes. However, without your knowledge, someone else is already monitoring everything you do on your device, including the websites you browse, the applications you use, and the credentials you enter.

An attack like this is possible. For example, if ESET malware researcher Lukáš Štefanko used his Cheap Yellow Display (CYD) tool running Evil M5 firmware for malicious purposes. Luckily, acting as an ethical pen tester, he just published a video showing how easy it can be to obtain Wi-Fi networks that smartphones want to reconnect to automatically. With this information, he could create a fake Wi-Fi access point, or an “evil twin” network, to gather sensitive data from a victim’s device.

Let’s dive a little deeper into these kinds of attacks, and what lessons we can learn from them.

When creating software, developers always think about usability, user comfort, and user experience. So, it’s only natural that smartphones have an incorporated function to reconnect automatically to previously used and trusted networks.

However, cybercriminals love to exploit situations in which users feel safe and enjoy ever-present automation. The attack displayed by Lukáš Štefanko does the same — this technique preys on the fact that Android smartphones constantly and transparently tell nearby devices which Wi-Fi networks they have connected to, and want to reconnect to, automatically.

As you can see, connecting and reconnecting to publicly available Wi-Fi networks can pose a danger. And the list of possible threats doesn’t end with rogue hotspots:

Man-In-The-Middle (MITM) attack — In such attacks, cybercriminals intercept communications between a device and the Wi-Fi network, allowing them to access sensitive unencrypted information like passwords, credit card numbers, and personal messages.

Exploitation of vulnerabilities — Cybercriminals can exploit vulnerabilities in less-secure public networks, or vulnerabilities of a targeted mobile device (especially if it doesn’t have updated software), to distribute malware to connected devices. This malware can then be used to steal data, monitor users’ activities, or even take control of users’ devices.

Packet Sniffing — Public Wi-Fi networks often lack proper encryption, making it easier for hackers to eavesdrop on users’ online activities.

Obviously, the basic security recommendation for Wi-Fi users is to disable automatic connections to Wi-Fi networks, and not use free publicly accessible Wi-Fi networks at all. If this is not possible for any reason, here are a few more tips:

Use a Virtual Private Network (VPN) —VPN creates a secure and encrypted connection between a user’s device and the internet.

Do not share sensitive data — Avoid websites and applications requesting sensitive information such as online banking or shopping sites while on public Wi-Fi.

Stay on top of updates — Keep your software and apps updated. Regular updates often include security patches that protect against known vulnerabilities.

When it comes to cybersecurity, ESET goes far beyond just simple antivirus — and this also applies to smartphones and mobile devices. ESET Mobile Security is built around the ESET prevention-first approach, stopping attacks before they can do any harm. This goal can be met by securing cybercriminals’ most common points of entry to devices while keeping the security solution simple to use.

ESET Mobile Security is well-prepared for attacks coming from malicious websites, thanks to multilayered protection against phishing, smishing, and scams. For example, Anti-Phishing enhanced by Link Scanner protects users against malicious websites, and Payment Protection delivers a new layer of security for sensitive payment and financial applications.

And the best part? The premium version of ESET Mobile Security utilizing all these features and more is 50% off between March 3 and March 9, 2025!

Most would agree that people love comfort, and, in fact, the entire technology industry is driven by users pursuing faster, easier, and more user-friendly solutions for their daily activities. And there is nothing bad about living in the lap of technological luxury; but don’t ignore the threats out there.

Luckily, with a pinch of cybersecurity awareness and a reputable security solution installed on your Android smartphone, you should be fine. Wi-Fi network attacks are well-known, and acclaimed cybersecurity companies such as ESET taking advantage of more than 30 years of experience have you covered.