Imperva discloses 3x jump in bot traffic threats during Euro 2020 matches

Data Privacy and Cybersecurity solutions provider Imperva Inc has revealed the level of security threats faced by bookmakers from bot traffic and account takeover attacks during the UEFA Euro 2020 tournament.

New data from Imperva’s Research Labs finds that in the build-up to England team matches, UK sportsbooks recorded a two-to-three-fold increase in bot-related traffic. It underlined concerns as bot-traffic can be used for account takeover (AT) attacks, whereby cybercriminals use a botnet to gain illegal access to accounts belonging to someone else.

The agency underlined concerns as bot-traffic can be used for account takeover (AT) attacks, whereby cybercriminals use a botnet to gain illegal access to accounts belonging to someone else.

The days when England played were deemed as of particular high-risk, as Imperva recorded a rise in ‘account takeover attacks’ where audiences are duped into providing their personal data for criminals to hack their accounts or digital wallets.   

Nor was the UK the only target: bot traffic on gambling sites in Germany spiked 41% in the week following the country’s defeat of Portugal and leading up to their match with Hungary on 23 June.

The research further revealed the pattern of attacks enlarging as the tournament progressed with a notable peak occurring on 26 June, which marked the start of the Round of 16.  

 “Euro 2020 is the first major international tournament where, thanks to COVID-19, typical revenue sources such as ticket scalping have disappeared.” Commented Edward Roberts, Director of Strategy, Application Security, Imperva.

“As a result, bot operators have re-engineered their tactics to target the rest of us watching at home instead. With so many people loading up their accounts with hefty sums, gaining access is an easy money source for criminals – especially VIP customers who tend to stake huge wagers”

The explosive growth of bot activity in the sporting and gambling markets mirrors similar activity in industries such as e-commerce and healthcare, as revealed earlier this year in the Imperva Bad Bot Report 2021.

The report shows bad bot activity in 2020 accounted for more than a quarter of all web traffic, an unprecedented record, while human traffic on websites decreased by 5.7%.

Last year, 27.7% of all web traffic on gaming and gambling sites was associated with advanced persistent bots (APBs) — traffic that closely mimics human behaviour and is harder to detect and stop.

Meanwhile, 33.7% of web traffic to sporting sites was made up of bad bots that were associated with everything from account takeover attacks to promotion abuse and odds scraping.

Nearly a third of Brits gamble every week in some form,” continues Roberts. “That’s a gigantic pool of victims for hackers to target. They only need a tiny percentage of their attacks to be successful to make a profit.

“The increased level of bot traffic around the Euros tournament shows an advanced, concerted campaign to trick consumers and damage businesses which is unlikely to stop, especially with the Summer Olympics upcoming. Consumers need to watch out for any suspicious forms and URLs on sporting and gaming sites, while businesses need to put in place protections that can identify bad bot traffic and siphon it off without interrupting genuine customers.”