Connect with us
SIS

Industry News

Online gambling in Finland: value of Finnish casino players reaching new Highs

Zoltan Tundik

Published

on

Reading Time: 2 minutes

 

Despite there only being a small amount of land-based casinos in Finland, this does not indicate a lack of desire on the part of Finnish gamblers and the country’s population of 5.5 million.

In fact, if recent industry trends are anything to go by, the casino industry is undergoing something of a mini-boom given the increased revenues casinos have been posting.

This bodes well for the casino industry as a whole in Finland — the growth of which has been stunted in recent years due to long-standing restrictions on access to gambling providers.

Despite the relatively small footprint of land-based casinos in Finland, the Finns have nevertheless proven themselves to be committed casino-goers. The majority of punters prefer to do their gambling online, and in recent years online casino usage has boomed. When speaking about online casinos, a spokesperson at kasinonetti.com said these are “currently the hottest trend in the casino world”.

It should be noted, however, that land-based casino gaming is currently run under a state-owned monopoly system, meaning there is a limit on what operators can actually enter into and set up in the Finnish market. The three local government gambling monopolies are the Raha-automaattiyhdistys

(RAY), which controls slot machine games, Fintoto Oy, which oversees horse racing, and Veikkaus, which is responsible for lotteries and gambling. These three entities have full control over all gambling activities undertaken in the state.

However, in recent years more and more Finns have been accessing online casinos, which has created a massive spike in gambling activities amongst the population. Due to the restrictions on gambling entities in the state, all of these online casinos are based outside Finland.

Access to these casinos is relatively simple for Finnish players, however. While no international operators are allowed to set up inside the state, players can nevertheless access them if they are based outside Finland. There are currently no restrictions put in place by the Finnish state to prevent individual players from accessing these websites, which has helped these international operators to increase their market share of players within Finland. It should be noted, however, that while the Finnish government won’t actively block access to these sites, they are still unable to advertise directly to consumers based in Finland.

In response to the increased presence of international operators servicing Finnish customers, the Finnish casinos have begun to increase their online presence. Most recently, the Veikkaus casino entity has announced plans to significantly invest in its online offerings, which could present a challenge to these international operators.

Although the increase in competition might be potentially bad business for the local monopolies, it is ultimately good news for Finnish gamblers. The Finns now find themselves with more options than ever before when it comes to online casino gaming. With that said, the next few years will be a key tipping point in the growth of the industry in Finland as the local operators look to respond to these developments.

Industry News

MMO game Street Mobster leaking data of 1.9 million users due to critical vulnerability

George Miller

Published

on

MMO game Street Mobster leaking data of 1.9 million users due to critical vulnerability
Reading Time: 3 minutes

Attackers could exploit the SQL Injection flaw to compromise the game’s database and steal user data.

The CyberNews.com Investigation team discovered a critical vulnerability in Street Mobster, a browser-based massively multiplayer online game created by Bulgarian development company BigMage Studios.

Street Mobster is a free to play, browser-based online game in the mafia empire genre where players manage a fictional criminal enterprise. The game boasts a 1.9+ million player base and stores a user record database that can be accessed by threat actors by committing an SQL Injection (SQLi) attack on the game’s website.

Other games created by BigMage Studios are also potentially vulnerable to the same type of attack, which means that there is a possibility that even more users might be at risk.

The records that can be compromised by exploiting the SQLi vulnerability in Street Mobster potentially include the players’ usernames, email addresses, and passwords, as well as other game-related data that is stored on the database.

Fortunately, after we reported the vulnerability to BigMage Studios, CERT Bulgaria, and the Bulgarian data protection authority, the issue has been fixed by the developers and the user database is no longer accessible to potential attackers.

What is SQL Injection?

First found back in 1998, SQLi is deemed by the Open Web Application Security Project (OWASP) as the number one web application security risk.

Even though this vulnerability is relatively easy to fix, researchers found that 8% of websites and web applications are still vulnerable to SQLi attacks in 2020. Which, from a security perspective, is inexcusable. So much so, in fact, that UK internet service provider TalkTalk was hit with a record £400,000 fine over succumbing to a cyberattack that involved SQLi.

The vulnerability works by injecting an unexpected payload (a piece of code) into the input box on the website or in its URL address. Instead of reading the text as part of the URL, the website’s server reads the attacker’s payload as code and then proceeds to execute the attacker’s command or output data that would otherwise be inaccessible to unauthorized parties. Attackers can exploit SQLi even further by uploading pieces of code or even malware to the vulnerable server.

The fact that Street Mobster is susceptible to SQLi attacks clearly shows the disappointing and dangerous neglect of basic security practices on the part of the developers at BigMage Studios.

 

How we found this vulnerability

Our security team identified an SQL Injection vulnerability on the Street Mobster website and were able to confirm the vulnerability by performing a simple command injection test on the website URL. The CyberNews team did not extract any data from the vulnerable Street Mobster database.

What’s the impact of the vulnerability?

The data in the vulnerable Street Mobster database can be used in a variety of ways against the players whose information was exposed:

By injecting malicious payloads on Street Mobster’s server, attackers can potentially gain access to said server, where they can install malware on the game’s website and cause harm to the visitors – from using the players’ devices to mine cryptocurrency to redirecting them to other malicious websites, installing malware, and more.

The 1.9 million user credentials stored on the database can net the attackers user email addresses and passwords, which they can potentially use for credential stuffing attacks to hack the players’ accounts on other gaming platforms like Steam or other online services.

Because Street Mobster is a free-to-play game that incorporates microtransactions, bad actors could also make a lot of money from selling hacked player accounts on gray market websites.

What to do if you’ve been affected?

If you have a Street Mobster account, make sure to change your password immediately and make it as complex as possible. If you’ve been using your Street Mobster password on any other websites or services, change that password as well. This will prevent potential attackers from accessing your accounts on these websites in case they try to reuse your password for credential stuffing attacks.

However, it’s ultimately up to BigMage Studios to completely secure your Street Mobster account against attacks like SQLi.

Disclosure and lack of communication from BigMage Studios

Following our vulnerability disclosure guidelines, we notified the BigMage Studios about the leak on August 31, 2020. However, we received no reply. Our follow-up emails were left unanswered as well.

We then reached out to CERT Bulgaria on September 11 in order to help secure the website. CERT contacted the BigMage Studios and informed the company about the misconfiguration.

Throughout the disclosure process, BigMage Studios stayed radio silent and refused to get in touch with CyberNews.com. Due to this reason, we also notified the Bulgarian data protection agency about the incident on October 9 in the hopes that the agency would be able to pressure the company into fixing the issue.

Eventually, however, BigMage Studios appear to have fixed the SLQi vulnerability on streetmobster.com, without informing either CyberNews.com or CERT Bulgaria about that fact.

 

Source

Continue Reading

Industry News

Spelinspektionen Signs MoU with Kansspelautoriteit

Niji Narayan

Published

on

Spelinspektionen Signs MoU with Kansspelautoriteit
Reading Time: < 1 minute

 

Swedish Gambling Authority Spelinspektionen has signed a memorandum of understanding with Kansspelautoriteit. The strengthened partnership has been designed to facilitate the ongoing exchange of information and streamline supervision between the two European regulators.

René Jansen, chairman of Kansspelautoriteit, stated that he is “delighted that agreements with international regulators are formalised and captured in memorandums of understanding.”

He added: “On the one hand because of the solid basis they provide for cooperation and on the other hand because of the clear signal that will be given towards the gambling and gaming industry.”

“By opening the communication channels between the authorities we become stronger in our supervisory activities. This is the fourth MoU we sign with European gambling authorities since the new Swedish regulation came into force in 2019,” Camilla Rosenberg, director-general of Spelinspektionen, said.

Continue Reading

Industry News

AretoNet Integrates with Dragonfish

Niji Narayan

Published

on

AretoNet Integrates with Dragonfish
Reading Time: < 1 minute

 

AretoNet has integrated with igaming platform provider Dragonfish to sell its products and launch its platform with 10 Inter Group Partner Holding operator brands. IGP serves as a white label affiliate for DragonFish.

“We’re excited to launch AretoNet for all our BI, CRM and marketing needs. We wanted a cost-effective solution giving us in-depth and meaningful insights into our player data but keeping functionality easy-to-use. AretoNet is the perfect fit,” Urban Håden, CEO of IGP, said.

AretoNet is a technology platform that enables operators to evaluate their player database and, with complete lifecycle analytics, launch automated multi-channel and multi-level marketing campaigns.

“We’re delighted to launch IGP’s ten brands on our platform to support its aggressive growth plans over the next few years. We’re also pleased that through this partnership, we have been able to integrate with one of the leading igaming platforms, meaning, it is now seamless for all Dragonfish operators to partner with us and launch our platform. We’re looking forward to onboarding more operators in the coming months,” Justin Farrugia, co-founder of AretoNet, said.

Continue Reading
Advertisement
NSoft

Subscribe to our News via Email

Enter your email address to subscribe to our news and receive notifications of new posts by email.

Trending

Notice for AdBlock users

We are constantly showing banners about important news regarding events and product launches. Please turn AdBlock off in order to see these areas.

Kasynos.Online