<
>

2024 Press Releases

June 12, 2024

Euro 2024 & Olympics: Imperva Warns of Heightened Cyber Threats

Imperva, a Thales company (@Imperva), the cybersecurity leader who protects critical applications, APIs, and data, anywhere at scale, is urging organisations in the sporting, gaming, and travel sectors to be on high alert for potential cyber threats as Euro 2024 and Paris Olympics approach. These major international events are prime targets for cybercriminals, who seek to exploit the widespread attention they command.

Vast amounts of personal and financial data attractive to cybercriminals are collected during ticket sales. Increased betting activity around these events also makes them targets for odds scraping and arbitrage. At the same time, the surge in travel bookings presents opportunities for reservation bots and DDoS attacks to disrupt services.

The Imperva Threat Research Team has already detected a 59% increase in attacks targeting European sporting websites in January this year and another 66% increase in March.

The number of attacks on the ecosystem of organisations involved with these events, which includes travel, airlines, and betting websites, has also steadily increased over the past 12 months, with notable peaks of 55% in January 2024 and 33% again in March.
Attacks sporting, gaming, and travel organisations face include:

  • Ticket Scalping and Reservation Bots: Bots are being deployed to buy up large quantities of tickets when they become available, preventing genuine fans from purchasing tickets at face value. Scalpers then resell these tickets at inflated prices, frustrating fans.

  • Account Takeover (ATO) Attacks: Bots use techniques like credential stuffing and credential cracking to hijack user accounts on sports websites. Attackers exploit these accounts to purchase tickets, sell fraudulent merchandise, or steal personal information, causing financial and reputational damage to the account holders and the event organisers.

  • Odds Scraping and Arbitrage: Betting bots scrape odds from multiple sports betting websites to identify discrepancies and place bets that guarantee profits through arbitrage. Such activities undermine bookmakers' odds and can manipulate the betting market, leading to unfair advantages and significant financial losses for legitimate users.

  • Fraudulent Account Creation: Bots create massive numbers of fake accounts to exploit online betting and gaming platforms' sign-up bonuses and promotional offers. These fraudulent accounts can skew user data, lead to unfair bonus distribution, and result in significant financial losses for companies.

  • Content Scraping and IP Theft: Bots scrape valuable content, such as live scores, statistics, and exclusive articles, from official websites and republish it without authorisation. This infringes on intellectual property rights and diverts traffic and revenue away from legitimate sources.

  • Layer 7 DDoS Attack Targeting Travel, Sporting, and Gambling sites: These attacks can target critical infrastructure and services, leading to widespread issues. They may overwhelm ticket sales websites, authentication systems, and official event websites, resulting in lost sales, logistical challenges, and exasperated fans.

“Organisations supporting Euro 2024 and the Paris Olympics must stay vigilant during this season, as cybercriminals will be out in full force to take advantage of the global attention,” said Reinhart Hansen, Director of Technology, Office of the CTO, Imperva.
Hansen recommends the following steps for organisations to take:

  • Marketing and eCommerce campaigns are likely to become targeted by bots. Bad actors will likely employ bots to buy up as much inventory from highly anticipated product drops as possible. Prepare to handle increases in traffic volume that are likely to include a high proportion of bots.

  • Protect critical paths and website functionalities from bots seeking to abuse business logic. Some website functionalities are highly exploitable. For example, login functionality opens up the possibility of credential stuffing and credential cracking attacks. Adding a checkout form increases the chances of carding or card cracking. Employ a stricter ruleset and ensure a bot mitigation solution adequately protects your pages.

  • Encourage good account credential hygiene and safety. Ensure that user passwords require a minimum number of characters and use capital letters, numbers, symbols, etc. Implementing multi-factor authentication (MFA) and encouraging its use is highly recommended. It’s essential also to have a bot mitigation solution with dedicated account takeover prevention capabilities.

  • Stay ahead of the scammers. Stay apprised of any phishing campaigns, and make sure to alert your customers of any suspicious campaigns making use of your brand.

  • Prioritise the security of the client side. Magecart-style attacks are notorious for using compromised first or third-party JavaScript to exfiltrate sensitive information from website forms such as login and checkout. To mitigate this risk, perform continuous monitoring and inventorying of all services on the client side, review them, and ensure that only authorised ones can run.

  • Prepare for a high volume of traffic, as well as DDoS attacks. Retailers should consider implementing a waiting room queueing system that can ensure site performance and maintain a positive customer experience. They should also stress-test their infrastructure regularly, especially before high traffic is anticipated. Engaging in real-time monitoring and conducting public awareness campaigns to educate event attendees about recognising official communication channels will also help.

Organisations must improve their cyber defence and resilience as attacks gain sophistication and intensity.