Rankiteo Logo
Rankiteo
Leader in Cyber Underwriting
Loading...
NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop
WindowsmacOSLinux
Download
Analyze » MERKUR GAMING » MER1774614662

Incident Score: Analysis & Impact (MER1774614662)

The details regarding individual company incidents & reports gives you full view from every side.

Rankiteo Score Impact Analysis

Rankiteo Incident Impact-98
Company Score Before Incident768 / 1000
Company Score After Incident670 / 1000
INCIDENT NUMBERMER1774614662
Type of Cyber IncidentBreach
ATTACK VECTORPhishing, Stolen Credentials, Insecure APIs, Overprivileged Access, Unpatched Software
DATA EXPOSEDIdentity Documents, Payment Credentials, Behavioral...
INCIDENT DATE31/01/2025
STATUSpublished

Key Highlights From The Incident Analysis

  • Timeline of MERKUR GAMING's Breach and lateral movement inside company's environment.
  • Overview of affected data sets, including SSNs and PHI, and why they materially increase incident severity.
  • How Rankiteo’s incident engine converts technical details into a normalized incident score.
  • How this cyber incident impacts MERKUR GAMING Rankiteo cyber scoring and cyber rating.
  • Rankiteo’s MITRE ATT&CK correlation analysis for this incident, with associated confidence level.

Full Incident Analysis Transcript

In this Rankiteo incident briefing, we review the MERKUR GAMING breach identified under incident ID MER1774614662.

The analysis begins with a detailed overview of MERKUR GAMING's information like the linkedin page: https://www.linkedin.com/company/merkur-gaming, the number of followers: 15802, the industry type: Gambling Facilities and Casinos and the number of employees: 410 employees

After the initial compromise, the video explains how Rankiteo's incident engine converts technical details into a normalized incident score. The incident score before the incident was 768 and after the incident was 670 with a difference of -98 which is could be a good indicator of the severity and impact of the incident.

In the next step of the video, we will analyze in more details the incident and the impact it had on MERKUR GAMING and their customers.

Merkur recently reported "Surge in Cyberattacks Targeting iGaming Industry", a noteworthy cybersecurity incident.

The iGaming sector is grappling with a surge in cyberattacks, exposing vulnerabilities in an industry that handles vast amounts of sensitive player data.

The disruption is felt across the environment, and exposing Identity Documents, Payment Credentials and Behavioral Patterns, with nearly 800,000 (Merkur breach) records at risk.

In response, and stakeholders are being briefed through Transparency and timely communication critical, but often treated as PR crises.

The case underscores how teams are taking away lessons such as Cybersecurity maturity has not kept pace with industry expansion. Smaller operators treat security as a regulatory checkbox, creating weak links. Third-party risks and insecure APIs are recurring vulnerabilities. Credential-based attacks remain persistent due to inconsistent MFA adoption. Detection delays worsen breaches. Regulatory frameworks like GDPR improve response but fall short in prevention. AI-driven threats amplify existing weaknesses, and recommending next steps like Treat cybersecurity as a core operational risk, Implement multi-factor authentication (MFA) consistently and Enhance third-party security assessments, with advisories going out to stakeholders covering Regulators emphasize clear disclosure of breaches, even when not legally required, to help users mitigate risks.

Finally, we try to match the incident with the MITRE ATT&CK framework to see if there is any correlation between the incident and the MITRE ATT&CK framework.

The MITRE ATT&CK framework is a knowledge base of techniques and sub-techniques that are used to describe the tactics and procedures of cyber adversaries. It is a powerful tool for understanding the threat landscape and for developing effective defense strategies.

MITRE ATT&CK® Correlation Analysis

Rankiteo's analysis has identified several MITRE ATT&CK tactics and techniques associated with this incident, each with varying levels of confidence based on available evidence. Under the Initial Access tactic, the analysis identified Valid Accounts (T1078) with high confidence (90%), with evidence including credential-based attacks remain a persistent threat, and phishing, password reuse, and stolen credentials, Exploit Public-Facing Application (T1190) with moderate to high confidence (80%), supported by evidence indicating insecure APIs, overprivileged access, and unpatched software, and Trusted Relationship (T1199) with moderate to high confidence (80%), supported by evidence indicating third-party risks...each representing a potential entry point. Under the Credential Access tactic, the analysis identified Brute Force (T1110) with moderate to high confidence (70%), supported by evidence indicating phishing, password reuse, and stolen credentials and Credentials from Password Stores (T1555) with moderate to high confidence (70%), supported by evidence indicating payment credentials, behavioral patterns stored in single platforms. Under the Privilege Escalation tactic, the analysis identified Valid Accounts (T1078) with moderate to high confidence (80%), supported by evidence indicating prolonged undetected access enabling attackers to escalate privileges and Exploitation for Privilege Escalation (T1068) with moderate to high confidence (70%), supported by evidence indicating overprivileged access...enabling deeper infiltration. Under the Defense Evasion tactic, the analysis identified Use Alternate Authentication Material (T1550) with moderate to high confidence (80%), supported by evidence indicating stolen credentials allow attackers to bypass defenses, Valid Accounts (T1078) with moderate to high confidence (80%), supported by evidence indicating credential-based attacks...without needing to break in, and Impair Defenses: Disable or Modify Tools (T1562.001) with moderate confidence (60%), supported by evidence indicating lack of MFA and inconsistent monitoring adoption. Under the Collection tactic, the analysis identified Data from Local System (T1005) with high confidence (90%), supported by evidence indicating identity documents, payment credentials, behavioral patterns stored and Data from Information Repositories (T1213) with moderate to high confidence (80%), supported by evidence indicating centralized data troves...single breach yields complete digital profile. Under the Exfiltration tactic, the analysis identified Exfiltration Over C2 Channel (T1041) with moderate to high confidence (80%), supported by evidence indicating data exfiltration enabled by prolonged undetected access and Transfer Data to Cloud Account (T1537) with moderate confidence (60%), supported by evidence indicating behavioral patterns and geolocation data stored in platforms. Under the Impact tactic, the analysis identified Data Destruction (T1485) with moderate confidence (50%), supported by evidence indicating erosion of trust, treated as PR crises rather than failures and Data Manipulation: Stored Data Manipulation (T1565.001) with lower confidence (40%), supported by evidence indicating identity theft and financial fraud beyond the platform. These correlations help security teams understand the attack chain and develop appropriate defensive measures based on the observed tactics and techniques.

Initial Access
Valid Accounts (90%)
Exploit Public-Facing Application (80%)
Trusted Relationship (80%)
Credential Access
Brute Force (70%)
Credentials from Password Stores (70%)
Privilege Escalation
Valid Accounts (80%)
Exploitation for Privilege Escalation (70%)
Defense Evasion
Use Alternate Authentication Material (80%)
Valid Accounts (80%)
Impair Defenses: Disable or Modify Tools (60%)
Collection
Data from Local System (90%)
Data from Information Repositories (80%)
Exfiltration
Exfiltration Over C2 Channel (80%)
Transfer Data to Cloud Account (60%)
Impact
Data Destruction (50%)
Data Manipulation: Stored Data Manipulation (40%)

Sources & References