More than fifty sportsbooks powered by Malta-based SBTech were back online by March, 31, as the company continues to address a cyber-attack. That attack affected gaming sites worldwide to go down, and all of the gambling technology provider’s data centers to go offline. Fortunately, all customer data was securely encrypted and the cyberattack did not cause a data breach.
What we cover
What happened
More than 50 sportsbooks that rely on the SBTech platform were taken offline on the evening of March, 27. By the next morning, the SBTech monitoring systems confirmed a serious cyber attack. This prompted SBTech to turn off its worldwide data centers as a precaution, and third party specialists were immediately brought in to look into the matter.
Due to the attack, SBTech client gambling operators, including those in both the Americas and Europe, have shown a “site down for maintenance” message.
In the US, the Churchill Downs and BetAmerica brands, powered by SBTech, were affected, as well as the Oregon Lottery Scoreboard.
While the precise nature of the cyber threat wasn’t disclosed, tech experts thought that the length of the outage indicated the attack was not a DDoS (direct denial of service) attack.
Typically, hackers will attack an online gaming company with DDoS attacks, overwhelming the website with thousands of simultaneous hits that overload the site’s bandwidth. This takes the site offline. The cyber attackers then demand a ransom to stop the attack and restore normal service.
Moreover, hackers usually attack gaming websites just before a sporting event, or an online poker tournament, because the website operator is more likely to pay the ransom.
However, this cyber attack hit SBTech when there were hardly any sports events on at all, and very little revenue at risk.
How it’s being addressed
The threat, thus far, has been neutralized. Furthermore, SBTech has launched criminal investigations across several jurisdictions, including in the United States.
SBTech is continuing to relaunch with each of the affected client sites, and many are now in the final stages of quality assurance checks as well as a user acceptance test.
SBTech is also working closely with regulators in the affected jurisdictions; this is necessary as part of the relaunch, and the final approval to fully restore service to the affected sites.
Possible related cyber attack
Just one day before the SBTech attack, BetUS, a sportsbook incorporated in Curacao, was attacked by a ransomware hacker group known as Maze. However, it’s not known whether Maze was involved in the SBTech attack.
Maze held BetUS’ internal data for ransom, but the ransom amount has not been disclosed. The hacking group offered proof of the successful hack by releasing nearly one gigabyte of data from BetUS servers, including company files, such as the minutes of company board meetings Of more concern, Maze also obtained passport scans of the company’s executives.
While the hacker group has not yet released any customer data, Maze often publishes customer data if the ransom is not forthcoming.
According to the Maze website, the hackers also control three of BetUS’ contact emails, including newaccount@betus.com.pa, casino@betus.com.pa, and custhelp@betus.com.pa. Anyone who wants to contact BetUS should avoid using those emails.
Internet security experts also recommend that customers should change login details on other websites where they use the same password.
Where SBTech stands now
As it stands, no customer data has been breached, and the SBTech platform is not being held for ransom. Furthermore, SBTech is moving as quickly as it can to get everything secure, and up and running as soon as possible.
It remains to be seen whether or not the motive, or the attackers, of the SBTech cyberattack, will be revealed.
