Fans around the world have been clamoring online, and even in person, over the past few weeks to enjoy the thrill of the competition. From the Tour de France and EURO 2020 tournament in June to the recent Summer Olympics in Tokyo, fans were eager to cheer on their nations and earn some extra cash in the process.
As fans place their bets on individual matches through online betting sites, Imperva Research Laboratories noticed a suspicious increase in bot activity on sports and betting sites, coinciding with these global sporting events. In addition to bot-driven comment spam and content scraping, Imperva has also monitored an increase in takeover account attacks (ATOs) – designed to break into accounts and gain access to players’ digital wallets – over the course of weeks before and during these events.
EURO 2020 (June 11 – July 11, 2021)
In the weeks leading up to the start of the EURO 2020 tournament in June, Imperva Research Laboratories Tracked a 96% year-over-year increase in bot traffic to global sports sites. In particular, UK gambling sites were heavily targeted by bot operators the week before the launch of their respective campaigns by England and Scotland. The days the England national team played were particularly risky, with takeover (ATO) attacks – designed to break into accounts and get players’ digital wallets – increased by 2 or more 3 times the daily average compared to the other days of the tournament.
As a great betting nation, Australia is also experiencing these spikes around major sporting events, including the AFL, NRL and the Melbourne Cup, according to Reinhart hansen, CTO, Imperva CTO’s office.
“Cybercriminals target these events because of the monetary gain they can derive from them, whether that is stealing personal data for identity theft or credit card information to conduct financial fraud. Gambling sites are a lucrative target for ATO attacks, as user profiles often contain financial information or even stored funds. Therefore, bettors should be extra vigilant when participating in online betting or gambling and practice good security, such as using strong passwords and using multi-factor authentication when doing so. is possible.
Tour de France (June 26 – July 18, 2021)
In June, robot activity on sports and gambling sites increased 52% as the race was due to begin. Bot commentary spammers were ubiquitous, with a 62% increase in traffic. Spammers took advantage of the interest in the event to post commentary in Russian on a range of topics, including adult sites, crypto, coupons / discounts, casino sites, and loan and credit opportunities. ‘investment.
Tokyo 2020 Summer Olympics (July 23 – August 8, 2021)
During the first week of the Olympics, Imperva Research Labs watched for a significant spike in search engine imitators. Inbound traffic to sports sites saw an unusual 48% increase in Yahoo copycats, a 66% increase in Baidu copycats, and an 88% increase in Google copycats.
As the Olympics concluded with the second week of competition, the volume of sailor impersonators rose 103% above average. Malicious bots typically masquerade as legitimate users by flagging their user agent as a web browser or mobile device to avoid detection. The increase may be related to bots crawling or scraping sites for real-time information.
More alarming has been the surge in web traffic across Japan from IP addresses known to perform account takeover attacks before and during the first week of the Olympics. ATO attacks increased by 43% the week before the start of the Olympics and reached 74% in the first week of competition.
Also during the Olympics, Imperva mitigated one of the biggest DDoS attacks to date in 2021. the Big Layer 7 DDoS attack targeted services hosting online gambling sites in Asia. The attack lasted 40 minutes and generated a massive throughput of 1.02 terabytes per second (Tbps) and 155 million packets per second (Mpps). In the days following this event, Imperva also mitigated a second major attack that peaked at 858 Gbps bandwidth and 225 million PPS. This time the attack was longer, lasted two hours, and targeted a specific network prefix (/ 24 Class C address) with the attack spanning the entire range of IP addresses.
“DDoS attacks are really just another form of bot-based attacks that are often associated with ransom demands from cybercriminal groups. The goal is to disrupt a business and prevent or prevent it from doing online transactions with its customers. Cybercriminal groups will typically demonstrate their DDoS capability by launching a small attack against a target that coincides with a ransom demand. If the target does not comply with the ransom demand, a larger and more impactful attack usually follows, often disabling an organization’s online presence altogether, ”said Hansen.
Learn more about cybersecurity on Which-50:
Ahead of the Brisbane 2032 Summer Olympics
“While it’s impossible to predict what the cyber threat landscape will look like in 11 years, what we do know is that it will be a lucrative target for cybercriminals. There will be a range of opportunities for them to exploit – from scalping tickets with bots, to using ATO to steal personal and financial information, to ransom-based attacks, ”said Hansen.
“Just think of the recent cyber attack on Channel Nine that effectively took them off the air. This is a very real scenario that could happen during the Olympics, which means a massive loss of revenue through advertising and broadcast rights. The continuous improvement of the global network infrastructure, providing higher bandwidth to the Internet network and easier access to it, as well as an increase in the computing power available to cybercriminals will only do the trick. fuel the already widespread and growing use of RDoS (ransom-based DDoS attacks).