SBTech was hit by a cyberattack late Friday, forcing the sports betting and lottery provider to shut down its global data centers, putting its B2B partners out of action, LegalSportsReport first reported.
As of 3 p.m. (P.T.) Monday, the sports betting operations of US partners like the Oregon Lottery and BetAmerica were still out for the count, as were those of European operator MansionBet.
Malta-based SBTech supplies tech to around 50 partners globally, although most operators are not solely reliant on the company for the entirety of their offerings, which means in most cases only certain areas of their sites are down.
But Churchill Downs’ BetAmerica, which offers regulated sports betting in New Jersey, Pennsylvania, and Indiana, is particularly exposed to this attack because it relies on SBTech’s service across its whole platform.
In early 2019, SBTech was granted a controversial and lucrative single-source contract to provide the Oregon Lottery’s “Scoreboard” sports betting app.
But attempts by The Oregonian newspaper to discover the precise financial details of the deal have been resisted by the gaming company, which has sued to protect their disclosure.
The online gambling industry has been living with ransomed cyberattacks since its earliest years. But the SBTech incident is intriguing.
Typically, hackers target online gaming companies with distributed denial of service (DDoS) attacks, which flood a website with hundreds or even thousands of simultaneous requests that overload bandwidth.
This renders the site non-operational while the attackers demand a payment to restore normal service. But the duration of the disruption and the apparent threat to SBTech’s data centers do not point to a DDoS attack.
Moreover, cyber criminals usually hit gaming companies prior to a major sporting event, or a flagship online poker tournament, for example — when they know the victim is more likely to pay out because they can’t afford to be out of action.
But the attackers chose to hit SBTech at a time when there are barely any sports going on at all.
Could it be that the attack is somehow linked to the company’s proposed merger with DraftKings, which it is expected to complete in the coming weeks? Or could it be related to the controversy with the Oregon Lottery?
An IT expert who spoke to LSR suggested it bore the hallmarks of a ransomware attack, in which hackers attempt to steal company data or coding.
The expected merger between DraftKings, SBTech and Los Angeles-based investment vehicle Diamond Eagle Acquisition Corp was announced last year. The plan is to launch an IPO once the merger is complete.
On March 15, a DraftKings representative told Casino.org that the deal would still go ahead, and the combined entity would become a public company, despite the shock to the stock market wrought by the coronavirus.