EGBA Announces Plans to Counter Cyber Security Threats
The European Gaming and Betting Association has set up a new expert group that will facilitate the sharing of information between its members in an attempt to reduce online security threats from cyber-attacks. The group will coordinate the efforts of its members to counter security threats against their websites and help them implement the latest best practices in cyber security. Participation in the group is open to all gambling operatives whether they are EGBA members or not.
EGBA take steps to reduce the huge increase in attempted cyber security attacks on online gambling sites
©VICKY GHARAT/PIXABY
Massive increase in Cyber-attacks
Gambling websites, including online casinos and sports betting sites and apps, are being targeted by organized hackers and professional cyber-criminal gangs according to security company Imperva’s Bad Bot Report. Automated cyber-attacks accounted for 28% of global traffic to gambling sites in 2020. The hackers use a range of sophisticated methods to access player accounts and steal customer data and funds stored within the sites. Cyber-attacks are particularly prevalent during major sporting events.
During the European Football Championships in 2021 there was a 96% increase year on year as well as large scale illegal gambling. The hackers targeted German and UK gambling websites in particular. Upwards of 35k bad bot requests per hour were recorded on one gambling site around certain matches. Another betting website saw 52k bad requests per hour. In 2019 EGBA members prevented around 550 major cyber-attacks on their websites, but this number has dramatically increased.
How will the new expert group work?
The group will allow members to share information regarding the latest cyber threats and attacks. It will help to support organizations to cooperate with each other. There will be a facility to track and resolve incidents as well identifying security vulnerabilities and provide solutions to these. The group will share the latest best practices in cyber security. The group has been established through a Memorandum of Understanding. An MoU is not a legally binding document, but it signals the willingness of the parties to move forward together.
The group is made up of cyber security experts from EGBA members. The scope and the kinds of data that will be shared have been agreed upon under the MoU. As this data is commercially sensitive, a high level of trust and cooperation is required to enable the members to work together. The plan is for the EGBA members to be able to detect and respond to cyber threats at an early stage. By sharing information, they can strengthen both individual and common security practices with a view to preventing malicious activities that can affect their customers.
The group is not only restricted to EGBA members but is open to all European gambling operators as long as they agree to comply with the principles of the group. This will ensure that the highest standards in cyber security and data protection are maintained.
“We have launched this expert group to encourage and establish a much-needed platform for cross-industry cooperation on cybersecurity issues. Cybercriminals are increasingly determined and sophisticated in their efforts to try to hack into gambling websites to steal customer data and money. Cyber threats tend to be cross-border in nature, affect operators in the same ways, and are a common threat to the industry. That’s why it is crucially important that operators work closer together to strengthen cyber security protocols and procedures, find common solutions to the latest threats and security vulnerabilities, and implement the highest security standards.”– Maarten Haiger, Secretary General, European Gaming and Betting Association (EGBA)EGBA.eu website
What are the most common cyber-attacks?
There are many different threats to gambling websites and apps that can affect their performance and leave their customer base open to attack. The new initiative will see the gambling industry across Europe coming together to work against these organized criminals. The most common problems that they face are listed below.
Distributed Denial-of-Service (DDos) Attack
DDoS attacks cause the website or the app to slow down or become unresponsive. This is done by flooding the website with artificial or bot traffic to the website. Gambling websites rely on speed and performance because sports betting happens in real-time. Website latency and an outage can result in loss of revenue, unsatisfactory customer experience, and brand damage. All these factors can ultimately lead to customers going elsewhere.
Account Take Over (ATO)
ATO is where bots mimic legitimate player login in an attempt to gain account access. They do this through credential stuffing and cracking. This type of attack can be very lucrative to the hacker as they can potentially see financial information like bank card details which are stored on a player’s account. ATO is the biggest cyber threat to the gambling sector as it can lead to the theft of both money and data. The gambling sector is not alone in facing this threat.
Odds / Price Scraping
Unlike ATO, scraping is a specific issue for gambling websites. Criminals use bots to scrape betting odds from multiple gambling websites. This allows them to obtain valuable insights that help them to predict betting results. With this accurate information, they decided where to place their own bets and maximize their profits. Operators have been known to use price scraping themselves and use the insights gained to advance their own market position.
Credit Card Fraud
Cybercriminals have also been known to try to access player accounts to test credit card numbers. They may be missing some data and will try and identify things like expiry date and CVV by sustained guesswork. This can lead to damage to the fraud score for the gambling operator. It also increases their customer service costs as they have to process fraudulent chargebacks.
Promotion Abuse
The hackers create large-scale fraudulent bot accounts to abuse a special promotion. If an operator is running something like a free bet for new customers, it will normally have strict terms and conditions limiting the offer to one bet per account. Mass creation of new accounts would allow the criminal organization behind them to capitalize unfairly on the promotion and abuse the terms of the offer.
It is clear to see why organized criminal attacks require robust, coordinated action and this is what this latest initiative by the EGBA sets out to achieve.
