Bot traffic on global sports sites almost doubled during the UEFA Euro 2020 soccer championships, which culminated last Sunday in Italy’s penalty win against England.
That’s according to California-based cyber-security expert Imperva Research Labs, which recorded a 96 percent increase, year on year, in bot activity during the tournament. Imperva said UK gambling sites were especially targeted in the week before England and Scotland kicked off their respective campaigns.
A bot is a software application that is programmed to do certain tasks, sometimes mimicking the behaviors of real internet users. Malicious bots can be used for anything from orchestrating spam campaigns to ransomware attacks.
Takeovers Taking Over at Euro 2020
The sports betting industry has long had to contend with distributed denial-of-service (DDoS) attacks during major sports events. These cripple an operator’s servers with thousands of requests for information and are typically accompanied by a ransom demand to restore normal services. Events like the Euros are so lucrative to operators that it may be cheaper to pay the ransom.
But according to Imperva, betting sites are increasingly being targeted with takeover attacks. These are designed to break into customer accounts to gain access to their funds.
They use techniques like “brute force attacks” and “credential stuffing,” where the attacker automates the logins for a large number (thousands to millions) of previously discovered credential pairs in the hope that some will yield results – and because many internet users reuse passwords, it usually does.
Takeover attacks on UK sports betting companies spiked by two or three times the daily average during the days England was playing.
Bot activity was also significantly higher on German gambling sites during the tournament, with an increase of 41 percent between the German team’s defeat of Portugal and their match against Hungary on June 23.
“This level of sustained bot activity is unprecedented for sports and gambling sites, and indicates that bot operators are evolving their tactics,” said Matthew Hathaway, vice president of Imperva, in a statement.
“Euro 2020 is the first major international tournament where, thanks to COVID-19, typical revenue sources, such as ticket scalping, have disappeared,” he added. “As a result, bot operators have re-engineered their tactics to target the rest of us watching at home instead. With so many people loading up their accounts with hefty sums, gaining access is an easy money source for criminals – especially VIP customers, who tend to stake huge wagers.”
Imperva said in April that bad bot activity had increased across all areas of the internet, accounting for an unprecedented quarter of all web traffic in 2020.