Cybercriminals are using bots to deploy DDoS attacks on gambling sites
Imperva releases data showing that 25% of all gambling sites were hit with DDoS attacks executed by botnets in June.
As the Wimbledon tennis tournament began at the end of June, DDoS attacks increased and impacted 10% of gambling sites. This continues a damaging pattern for the industry with 40% of gambling sites suffering attacks in the last 12 months, 80% of whom were hit multiple times.
Overall, the number of application layer DDoS attacks against all businesses was 3x higher in Q2 than Q1 of this year, with 55% hit multiple times over the three month period.
DDoS attacks can be hugely disruptive for any online site. For gambling sites it can result in downtime, leading to lost revenue and consumer trust. DDoS attacks are launched during major sporting events, such as Wimbledon, in order to drive customers away from their preferred platforms and towards competitor sites, which can compound the lost revenue.
“For gambling firms, even an hour of downtime can equate to significant amounts of lost revenue,” says Yuriy Arbitman, Data Scientist, Imperva. “If a company generates, say, £1 billion in revenue per year then a sustained DDoS attack means they’re losing approximately £115K per hour – more if it comes during a particularly popular event like Wimbledon.”
The growth in DDoS attacks targeting gambling sites comes on the heels of another major threat – bad bots. Last year, during the delayed Euro 2020 tournament, Imperva Threat Research found attacks by bots spiked 96% compared to the month before the tournament, and account takeover (ATO) attempts were 2-3 times higher than normal on days when England Men’s team played.
“Businesses need to be able to identify and mitigate a DDoS attack in seconds,” continued Arbitman. “If one is hit during a major event like Wimbledon or an international tournament like the Euros or World Cup, even if they’re only down for twenty or thirty minutes, the revenue loss could be substantial. Online businesses need always-on DDoS protection, not just for website domains but across all APIs, applications, and across the entire network infrastructure.”
Beyond investing in ‘always-on’ protection, gambling businesses should investigate how machine learning can help improve their DDoS defences. Machine learning can not only use traffic patterns to more accurately predict when attack volumes are likely to peak, but reduce the number of false alerts – both positive and negative – to the security team.
Alert accuracy is essential because a false positive can result in legitimate customers being blocked while a false negative can let through harmful traffic. Either of which can result in significant amounts of lost revenue.