As John Chambers, former CEO of Cisco, said, “There are two types of companies: those that have been hacked and those that don't know they have been hacked.” This statement has never been stronger in Colombia than on September 12, 2023, when the country woke up to the digital chaos of an unprecedented cyberattack that left more than 70 digital services of the national government and several private entities offline.
What initially appeared to be a technical inconvenience quickly turned out to be a sophisticated and devastating cyber operation, exposing the vulnerability of our digital infrastructure.
The worrying issue for various people who work in cybersecurity was the poor communication of the incident by the provider IFX Networks, which published a statement that did not give many clues.
The government acted correctly by convening cybersecurity capabilities, including the support of the Colombian Cyber Emergency Response Group (COLCERT) and the Computer Emergency Response Team (CSIRT) associated with the Presidency, as the creation of a PMU (Unified Command Post), with different actors including MINTIC.
Identification of the adversary
Three days later, on September 15, COLCERT and CSIRT Presidency issued an official statement, called the context of the incident. The diagnosis: a ransomware known as MarioLocker. This threat was not unknown in the world of cybersecurity. With more than 459 incidents globally. «COLCERT, through its Cyber Threat Intelligence analysis, identified linked artifacts that indicate possible vulnerabilities that could be exploited by third parties. These vulnerabilities can affect devices and assets related to cloud resources, as Microsoft notes. The spread of the threat can impact services linked to information systems and remote connection tools in virtualized environments,” reads the report.
This already showed several issues: cybercriminals were able to take advantage of the vulnerabilities of virtualized environments, and strategically plan the cyberattack. Such as the lack of continuity strategy of public and private entities and the service provider. The damage is incalculable due to the lack of availability of information. This is the biggest 'scar' left by the crisis of recent weeks. All of this vital data is something that the government will have to identify, as many entities were unable to access the information for more than 8 days.
Establishing consequential damage and lost profits is presented as a monumental challenge, mainly because we do not have a precedent for an attack of this magnitude and nature.
Some causes behind the attack
Several factors contributed to the magnitude of this cyberattack. First, it is good to highlight something that has not been mentioned and that is that Colombia has had an MSPI model for years that includes documentation, standards and procedures on cybersecurity issues. Likewise, in the MSPI model, you can even find the incident report formats.
Saying that there are no processes and documents is false. The Colombian model is good in documentation, the problem is that controls failed in several processes.
Some of the causes of the attack can be reflected in topics such as:
1- Lack of backup copies and continuity strategy The resources were literally in the same place. This means that some entities do not have easy access to backup copies. The IFX Networks incident revealed a critical vulnerability in many entities' data backup strategy: all their data, including backups, was stored in the same cloud. This concentration of information at a single point of failure underscores the importance of diversifying storage and backup strategies to ensure business continuity in the face of attacks. The absence of simulation exercises was strongly manifested: the real attack became the crudest and most revealing simulation, evidencing failures in RPO (Recovery Point Objective) and RTO (Recovery Time Objective).
2- Prioritizing price over security In some cases the Colombia Compra Eficiente pricing framework clouds were purchased at a lower price, but not with better information security. It is worth reviewing the model in terms of cybersecurity; in the existing catalog, security should prevail rather than price.
3 –Vulnerability management Everything indicates that cybercriminals exploited a specific vulnerability related to virtualization in the IFX Networks infrastructure. This breach, apparently not properly managed, allowed unprecedented access to the systems, revealing a lack of proactive strategy in vulnerability management. Controls on cloud providers must be increasingly stricter and ethical hacking tests, vulnerability analysis and controls must be constantly demonstrated in all environments.
4 –Communication management During the incident, IFX Networks' communication processes left much to be desired. Despite the magnitude of the attack and the implications for numerous entities, the information provided was scarce and, at times, late. It was not until September 19 that clearer and more detailed statements about the situation began to emerge.
The lack of transparency and intermittency in the availability of its website in the previous days only intensified the uncertainty and concern among the affected entities and the general public. Timely and clear communication is essential in times of crisis, and in this case, a notable deficiency in that regard was evident. On September 21, 2023, the company reported that it had managed to restore services for 90% of its customers, with the expectation of a full recovery soon.
5 –The evolution of Ransomware Which has been evolving over the years, making its anatomy more and more specialized, cybercriminals could take advantage of vulnerabilities and achieve their objectives. According to reports from cybersecurity companies, such as Sophos, ransomware attacks are becoming increasingly specialized. In fact, in 76% of cases, cybercriminals manage to successfully encrypt their victims' data, evidencing a growing sophistication in their methods.
6 – The response and implications for the future Although the provider has announced the solution to the recent cyberattack, the outlook still presents uncertainty. Since September 18, the Ministry of Information and Communications Technologies (MinTIC) has expressed in different media its decision to take legal action, which predicts a period of analysis and possibly litigation. At the same time, authorities are increasing surveillance on the dark web, looking for signs of leaks that may be linked to the incident, but this is just beginning. Sometimes the information is leaked months later and the patience of a cybercriminal is their greatest virtue. It must be investigated with cyber intelligence and OSINT. This is what is coming in the next few days to establish if any type of information could have been exposed. It is good to establish whether IFX performed any computer forensics to establish all the context.
Likewise, it is not clear if the company had any type of insurance policy or what it is doing for the investigation process. Only IFX Networks and the cracker group truly know the depth of the access and what information was compromised. Time will undoubtedly reveal the truth.
At the end of the day, there are two types of companies: those that have been hacked and those that don't know it yet. But to this reality, we add a third type: those hacked that demonstrate capacity and resilience in their response.
I loved
I liked
I dont liked
Sports betting, suspended soccer players and teams, rigged championships, scandals the order of the day are the daily news lately. In Chile and other countries in the world, the sponsorship of teams by betting houses is distrusted, because it is not entirely unusual to think that some ally with each other and end up favoring a particular bet.
In Europe, especially in Spain, match-fixing is fought by small clubs that have been discovered and where one or two players have finally been personally punished, which is not a deterrent to prevent Premier League matches from being fixed. league.
For its part, the Bundesliga is doing everything in its power and knowledge to closely follow the matches, with a very restricted regulation of sports betting but which does not guarantee full transparency of the results.
But not only he soccer; A few weeks ago, tennis player Younes Rachidi was banned for life for allowing himself to be beaten at will and collecting betting dividends. Bárbara Gatica Avilés Chilean tennis player suspended 3 years; Premier League top scorer Ivan Toney is facing a ban for illegal betting… and the list goes on. In Colombia we are not the exception and Llaneros has been accused of a shameless arrangement to favor a result.
In a column published by Dr. Hernán Peláez, he commented: Thank goodness here, Coljuegos gives a license to betting houses. But I don't know if it monitors the exercise and the yields of these operations and health aid are publicly known —and should be— and education. Or does anyone know? to get out of my ignorance.
I answer: if Coljuegos does financial monitoring BUT it is time for Coljuegos to start a crusade in pursuit of Fair Play and be the guarantor of fair play and prevent soccer from being used to launder money through betting; His function, among others, is control, not just the collection of money; he has to see where he comes from, and that is the task he must take on.
The Brazilian Senate Agency reported that it will discuss draft regulation 2,234/2022 to legalize casinos and jogo do bicho (the popular national lottery) throughout the country. In the first instance, the project will be debated by the Constitution and Justice Commission (CCJ).
Bill (PL) 2,234/2022 was presented two years ago by the now former deputy Renato Vianna to authorize, among other modalities, the operation of casinos and bingos, horse racing and the aforementioned lottery.
The text authorizes the installation of casinos in tourist centers or integrated leisure complexes, under the limit of one casino in each state and Federal District, with the exception of São Paulo, which could have up to three casinos, and Minas Gerais, Rio de Janeiro .
In addition, gambling houses will also be able to operate on sea and river vessels, which will follow specific rules for this sector. On the other hand, operators must demonstrate a minimum paid-up share capital of at least 100 million reais and will be able to maintain their licenses for 30 years.
At the same time, the bingo sector would also be regulated, in person and online, allowing in each state the accreditation of one legal entity per 700 thousand inhabitants to install these halls. For bingos, licenses would be valid for 25 years, renewable for the same period. Likewise, rules would be added for horse racing, which could be operated by racecourses accredited by the Ministry of Agriculture, which could also operate, at the same time, bingo and video bingo games.
“The project seeks to transfer to state control a practice that today constitutes a minor crime,” argued Senator Irajá Abreu. And he cited statistics on the legal or illegal betting market, which demonstrate that “gambling already constitutes a relevant economic activity.”
The explosion of the Brazilian betting market and the possible opening of casinos is attracting global giants in the sector. According to a report by the newspaper O Globo, companies such as DraftKings, Hard Rock International and MGM Resorts International, as well as Caesars Entertainment, are considering entering this market.
These names are among the more than 130 companies that have expressed prior interest in a Brazilian license, as reported by the Ministry of Finance.
Unfortunate, if not infamous, was the intervention of Marco Emilio, president of Coljuegos, during the inauguration of the event, and the opening of the two assemblies of the associations, at the last GATexpo in Cartagena.
Considering that he is a person alien to the industry and especially to those located, he should demonstrate less servility towards permanent bets and respect, as in the army, the seniority of all of us. Many, if not all, of us feel offended by the derogatory comments and ignorance of the enormous effort of people like Elizabeth Maya and Evert Montero who have prioritized the implementation and good practices regarding money laundering. assets.
In the best style of the old policy - which is understandable - it has turned Coljuegos into another state institution where the “aja” is already a reference to accelerate the permits that have been held up for months, most likely to soften the (the) sorry businessman who will end up leaving the envelope under the trash can there and come pick it up on Monday...
When asked about Coljuegos, he only limits himself to reading the speech that has been passed to him from the office of his advisors and that is where the verbiage about lotteries, chances and bets comes to the surface of his lips and there is nothing else on the page From Coljuegos there are only approvals for draws, perks, new regulations, facilities, opening of markets for permanent bets and for a permit from an operator, there is no time... of course sorry, as he said at the Fair: the illegals and thugs from the locals and casinos who have earned that reputation through their own fault should go to the prosecutor's office to report because I don't know anything.
It's embarrassing when he starts talking about technology and the trip to Las Vegas - sponsored of course - and that on an important news network he said that by seeing the machines he knew how they paid, oh no! So, he dedicates himself to gambling and makes more money... or he writes a book and becomes a millionaire, and at the same time destroys all the casinos in the world because he is going to reveal the secret.
Since his arrival, Coljuegos has gone from more to less and it is not necessary to be a fortune teller to know that he came to the entity to do what he had to do regardless of the cost, in the end he is not the one who pays, it is us and they pay him for that.
What else to expect from the very corrupt, very old school.
Gambling Ins.
A gavel, a gong, a bell; the three symbols of a fresh day of trading at the New York Stock Exchange (NYSE). Although the tool itself has changed over the years, the act of the ‘opening bell’ has been solidified across public trading houses - even though Nasdaq doesn’t have a physical trading floor, the house still has an opening bell ceremony each day. That’s how strong it is.
However, more companies, with some high-profile examples within gaming, are pulling away from this iconic morning routine and instead favoring the quiet life of private equity.
But why are companies going private?
There are a few reasons why some big gambling companies are going private.
First of all, when a company goes public, there is a far greater level of administration and bureaucracy. A private company therefore has more control over its business, without having to please multiple shareholders.
Once a company goes private, the business is in the hands of a few select people; either the private equity firm or the family controlling the company. This makes it infinitely easier to make decisions and act on them.
There’s also less volatility from being on the publicly traded stock market, too. The stock market has quite infamous ups and downs, but unless you’ve been living under a rock for the past five years, you’ve probably noticed some global events that affected the economy quite severely.
If anything, this proves that there’s no set path to success for companies; going public is no longer a symbol of ‘making it’ but should instead be analysed as a viable strategy, rather than the only strategy
One of the biggest positives of being publicly traded, however, is access to capital. It used to be one of the only ways companies could get funding for projects, which is why going public was historically seen as the end goal for many businesses in the past.
But this isn’t the case anymore. Even as far back as 2018, IPOs brought in $50.3bn in the tech sector, while private equity firms invested $130.9bn.
Some companies never went public in the first place.
Once a company goes private, the business is in the hands of a few select people; either the private equity firm or the family controlling the company. This makes it infinitely easier to make decisions and act on them. The biggest example in gambling is bet365, which has been private since it launched in 2000, owned and operated by the Coates family. On the supplier side, Interblock is a huge firm one would assume is NYSE-listed but has remained private, in 2022 being acquired by (you guessed it, private equity) funds managed by Oaktree Capital Management.
So perhaps we’ll see a new era of company ownership going forward, where gaming companies won’t be afraid to rely on private equity, rather than face the public eye on the stock market. Is it time for more casino and sports betting companies to take a gamble on their products and boot out the shareholders and their opinions for good?
A report conducted by YieldSec and commissioned by the Campaign for Fairer Gambling (CFG) suggests the illegal sports betting and online casino markets are far outpacing the legal betting market.
The report says 103 legal operators (both online casino and sports betting apps) target U.S. customers, while there are 860 illegal operators targeting U.S. customers. The report says those illegal operators generated $40.9 billion in gross gaming revenue in 2023 compared to $16.9 billion for legal operators.
The report even estimates the amount wagered on the 2024 Super Bowl via illegal operators was $500 million more than the amount wagered through illegal operators in 2023.
“The black market is alive and well in America. Legalizing iGambling was never going to adequately weaken the illegals,” CFG founder Derek Webb said in a press release. “But the presence of the black market has served as a useful foil — the legal gambling sector’s main rationalization for expansion.”
“Substitution from illegals to legals is simply not happening at the pace it should – illegals are used as brands of choice and convenience, with some substitution to legals for offers and account opening incentives, when available, as with the Super Bowl,” the report concludes.
(571) 7568829 - 3606414 - 3606415 FAX (57 1) 3605027
Bogotá / Medellín / Cali / Pereira / Barranquilla
