This year two major sporting events will take place over the weekend of 5-6 April: the Grand National and the Boat Race. Both events traditionally attract large amounts of online betting, from both professional punters and new comers. Online betting sites highly depend upon business at peak times during popular sporting events and cyber criminals are well aware of this. Hence, in the build up to and during this weekend, the online betting community is likely to face increased threats from cyber criminals seeking to exploit the unusually abundant amount of online betting. The threat is not limited to businesses; consumers, especially those less experienced in online betting are also exposed to increasing levels of risk.

Threats to betting businesses  

In the run-up of highly popular and profitable events cyber criminals often attempt to hold betting websites to ransom by threatening to or launching DDoS attacks (which can cause a website to crash by flooding it with spoof traffic). To prevent business disruption at a critical period, the targeted company could potentially meet the criminal's demands, paying a relatively negligible sum compared to the potential losses a successful attack would incur1.

Criminals also create fraudulent betting sites offering appealing prizes for new users, or attract consumers to sites with names similar to well-known companies completing the deception by displaying fake industry accreditations. Once the cat is out of the bag, customers often discover that they are unable to withdraw any remaining money from the site. This can negatively impact the reputation of legitimate betting businesses as users falling victim to these frauds may assume the entire industry operates in this manner and immediately vent their frustration on social media.

Threats to sponsors

Sporting events with the media coverage surrounding them provide the ideal platform for protestors. In 2012, the Boat Race was famously interrupted live on TV and major horse races are targeted by animal rights groups rallying supporters through social media campaigns to join their protest around the events.

Those groups and individuals predominantly target the event itself. But, some activists may target the sponsors associated with the event and might use more radical methods, such as cyber attacks and defacement, to make their views known.

Threats to individual gamblers and other businesses

Many individuals now use mobile gaming apps to place their bets, exposing them to the theft of credit card information through mobile spear phishing attack. Cyber criminals also use 'spamverts' (spam emails including fake advertisements) to entice individuals to click on links embedded in seemingly genuine betting sites. By clicking on the link or registering an account, users can become victim of malware or data theft.

Many offices form betting syndicates for major events and might conduct the bets on the company network, increasing the likelihood of malware affecting corporate machines and the office network. This could lead to theft and resale of credentials and confidential corporate information. Businesses should consider blocking betting sites on their corporate network or issue guidance and warnings to staff members to reduce the risks.

What can be done?

Businesses within online betting industry should consider increasing their external threat monitoring to quickly identify fraudulent sites, review forums and social media sites to identify potential attack planning. Network based DDoS mitigation solutions can also be implemented to maximise uptime and increase response readiness to attacks (see our prior paper on progressive degradation).

Betting sites should use their homepages, apps and social media to warn customers of the increased dangers of cyber attacks and fraudulent activities. Advice and updates will not only increase customers' awareness, but also decrease risk exposure to both business and customer.   

From the customer side, punters should ensure that any website and app they use, and every email they receive, is genuine.

Footnotes

1. http://www.zdnet.com/are-online-firms-doing-secret-deals-with-ddos-attackers-3040147711/

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.