Application Security

Five ways the gaming and betting industry is under attack by bad bots

Five ways the gaming and betting industry is under attack by bad bots
Written by ga_dahmani
Five ways the gaming and betting industry is under attack by bad bots

Let’s play a game of chance: what are the chances that your gaming website is being attacked by malicious bots? Imperva’s research suggests they’re taller than you think. Imperva 2022 Bad Bots Report reveals that 53.9 percent of traffic to gaming and betting websites comes from malicious bots. With the sheer volume of transactions on these websites, it’s no wonder fraudsters and other cybercriminals take advantage of sophisticated automation to attack them. But how exactly do they target this industry and what are they trying to accomplish by doing so?

  1. Account Takeover Fraud (ATO): ATO attacks are an increasingly common and costly problem on gaming and betting websites. Fraudsters use bots to automate brute force login techniques, such as Credential Filling (OATS-008) and credential decryption (OATS-007), in an attempt to take over user accounts belonging to someone else. If successful, an attacker can fraudulently change account details, withdraw funds or loyalty benefits, make purchases online and, because many people reuse their passwords, even access other accounts on different websites. There is also great damage to the business: lost revenue from dissatisfied customers, loss of VIP customers, brand damage, stolen loyalty points, accounts being used for money laundering, higher customer service costs with fraud investigations 2-6 weeks, higher chargebacks, customer churn, and more.
  2. Oddscraping (OAT-011 Scraping): web scraping is the process of using bots to extract content and data from a website. There can be good use cases for web scraping, such as search engine crawlers that help build and maintain a searchable index of web pages. But in the gambling and betting industry, scammers use scrapers with malicious intent. Competitors and aggregators mine betting odds from multiple websites, then use the extracted data to manipulate the odds for their own benefit or deliberately promote bets that will be detrimental to a certain business. Another use case of odds scraping is arbitrage bets. There are bots specifically designed for this, called arbitrage betting bots. They take advantage of web scraping to identify and exploit odds imbalances between different bookmakers. They then make bets that cover all possible outcomes, guaranteeing a win. This activity increases the chances of the bookmaker being on the losing side and is detrimental to the overall gross winning percentage.
  3. Abuse of benefits for new users (OAT-019 Account Creation): Incentives for new users, such as registration bonuses or credits, are common in the gaming industry. These bonuses are effectively free money that can be used to maximize player winnings. Scammers target these offers: They use automation to create massive amounts of free accounts, allowing them to reap the rewards multiple times. without a proper bot management solutionOrganizations are challenged to prevent this large-scale account creation fraud, which ultimately hurts their bottom line.
  4. Game automation (OAT-006 Expedition): Expediting is the use of bots to speed up an application’s processes in a way that legitimate users cannot. This is also known as betting automation, gaming automation, or gaming bots. Game bots are programmed to run until the desired result is achieved. Depending on the game, this could be anything from getting large amounts of in-game currency to acquiring rare items or increasing your chances of winning in luck-based games. And because bots can play continuously without interruption, they create an unfair playing field for legitimate players, which in turn leads to player complaints that negatively affect the reputation of online gaming service providers. Additionally, game bots can impact the game economy by causing inflation, which shortens the life cycle of the game and causes a loss in subscription revenue. And it’s even worse if those hackers use fraudulent payments. In general, accelerating bot attacks causes significant brand damage, leading to a decrease in user appeal and ultimately driving legitimate players to competing gaming and betting providers.
  5. Denial of Service (DoS/DDoS) (OATS-015): DDoS attacks they are already high on the list of concerns for gaming and betting websites. But automated application-layer attacks are different from volumetric DDoS attacks that manipulate lower-level network protocols. Bot attacks target the application layer (layer 7 of the OSI model). These attacks are often a side effect of bots aggressively targeting websites, bombarding them with thousands, sometimes even millions of requests. This can lead to slow page load times or even outages and downtime, damaged brand reputation, customer churn and retention issues, lost future revenue, and more.

Protect your online gaming service from malicious automation with Imperva

Now more than ever, online gaming and betting services must remain vigilant in protecting user accounts and their balances from account takeovers and fraud. Bad bots are also being used by unscrupulous competitors and other nefarious actors. They mine betting data, which they then use to capitalize on unique content, conduct electronic arbitration, and create an unfair playing field. If that’s not bad enough, aggressive web scraping can also lead to application denial of service and poor user experience as a result.

DevOps Connection: DevSecOps @ RSAC 2022

A leader in The Forrester Wave™: Bot management, Q2 2022 – Imperva offers bot management that is as adaptable and vigilant as the threat itself. Our Advanced Bot Protection solution is capable of mitigating the most sophisticated automated attacks, including all OWASP automated threats. Leverage superior technology to protect all potential access points, including websites, mobile apps, and APIs, giving you multiple response options for bots. And more importantly, it does so without imposing unnecessary friction on legitimate users, keeping business-critical traffic flowing to your applications.

imperva Advanced bot protection it is part of the market-leading Imperva Web Application & API Protection (WAAP) solution. start your Free app security trial today to protect your assets from automated threats.

See how BETFRED, a leading UK bookmaker, used Imperva’s advanced bot protection to reduce traffic from 40 million page requests per day to 15-20 million on their digital platform, without impacting performance. site for legitimate users. Get the BETFRED case study here.

The charge Five ways the gaming and betting industry is under attack by bad bots first appeared in Blog.

*** This is a syndicated Security Bloggers Network blog from Blog written by Erez Hasson. Read the original post at:

About the author


Leave a Comment