The gambling industry remains a ‘lucrative target’ for cybercriminals, partly due to continued growth and tech advancement, according to cybersecurity firm Imperva.

Investigating the prevalence of distributed denial of service (DDoS) attacks in Q1 2022, Imperva found that attacks against multiple sectors are ‘reaching new records in rates’, partly fueled by geopolitical unrest due to events such as the Russo-Ukraine War.

In the case of gambling, the firm cited the growth of the industry to around $81bn in 2022, as well as increasing use of technologies such as blockchain – as shown by the rise of crypto sportsbooks and casinos – as reasons for increased targeting, with Asia the most prominent regional sector. 

A DDoS attack seeks to disrupt or shut down an online service. With regards to gambling, it is likely used as a tool to redirect customers from one web page to another, potentially for channelling bettors towards black market firms. 

“Odds are, if you’re in the gambling industry, your online business will experience DDoS attacks. Asia-Pacific was the largest region in this market in 2021. In 2022, five out of 10 accounts that were attacked were from Asia,” Imperva’s report detailed.

Attacks often occur during key events in the betting schedule, such as popular sports events – in Europe, this could be football tournaments such as the Premier League, Bundesliga, LaLiga and recently concluded women’s EURO 2022 Championship, or major horse racing fixtures.

Over the past 12 months, Imperva found that 40% of gambling sites were attacked and 80% were attacked more than once, with 25% of online operators attacked in the last month of Q2 and 10% in the final week. 

Imperva explained: “To put this in perspective, if an online gambling company generates $1 billion in revenue per year, a sustained DDoS attack would put them at risk of losing approximately $115K per hour. 

“With 80% of gambling sites attacked more than once that is a substantial amount of lost revenue, making DDoS attacks a significant challenge for this industry.”

Across the board, banking and finance was the primary target of DDoS attacks, accounting for 36.2% of incidents, followed by communications (28.2%), entertainment (19.4%), manufacturing (10.9%) and technology (2.4%).

The increased cybersecurity threat has not gone unnoticed by regional gambling sectors, however, as the European Gaming and Betting Association (EGBA) moved to address risks earlier this year. 

An ‘expert group’ was put together by the trade body to facilitate information sharing, cooperation, tracking and resolution of cybersecurity threats between its operator members.

“Cyber criminals are increasingly determined and sophisticated in their efforts to try to hack into gambling websites to steal customer data and money,” Maarten Haijer, EGBA Secretary General, stated at the time.

“Cyber threats tend to be cross-border in nature, affect operators in the same ways, and are a common threat to the industry.”