Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Analytics

2/28/2019
12:05 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Bots Plague Ticketing Industry

Bots now account for 39.9% of all ticketing traffic, mostly originating in North America.

While bad bots are a problem across many industries, the ticketing industry has experienced a dramatic increase in such traffic over the past couple of years. And much of that bad traffic occurs in our own backyard, with 85% of bad bots launched against ticketing companies originating in North America, according to a report released today by Distil Networks.

The report, "How Bots Affect Ticketing," also found the proportion of bad bots among ticketing companies has risen to 39.9% of all ticketing traffic. That's a notable increase from the 22.9% found in previous reports, and even that number was considered worse than the average for all industries.

Edward Roberts, director of product marketing at Distil Networks, says the number increased because of the greater number of ticketing companies included in this year's study, as well as the increase in volume of traffic analyzed.

"The sophistication of the bots and the ability of the organizations that propagate the bots to monetize them and survive as a business has also increased," Roberts says. "Whether it's brokers, scalpers, hospitality agencies, corporations, or criminals, they can lock down tickets, buy them at a cheaper price, and sell them at a premium on a secondary market."

Christopher Rodriguez, a research manager for cybersecurity products at IDC, says he has observed this kind of activity in many other industries, including retail, travel and hospitality, and financial services.

"That's why companies are looking at bot mitigation products such as from Distil, Akamai, PerimeterX, ShieldSquare, and Shape Security," Rodriguez says. "These products do device fingerprinting and tracking, looking how long a user dwells on a certain page, the movement of the mouse and how quickly they type, all in an effort to determine if the user is legitimate."

Criminals at Work
Though criminal elements are a much smaller share of the bad bot ticketing market compared with brokers, scalpers, and other companies, they seek to compromise customer accounts via credential stuffing, Distil's Roberts says.

By running stolen credentials against the login pages of ticketing platforms, bots identify the accounts where access was granted. Once inside the account, any stored tickets (usually two to four tickets at a time) can be stolen or transferred to another account. And once inside an account, any stored credit card and personal information could be stolen or used to commit fraud. The bots also steal customer loyalty points, a problem that has become prevalent with season ticket holders of European soccer teams.

"Ticketing companies need to pay attention to public data breaches because any time there's a major breach, the criminal will hit the names on that list," Roberts says. "Companies also need to consider blocking the known hosting providers for bot operators."

According to the report, ticketing has long experienced the evolution of the bot problem. As the ticketing industry moved online in the 1990s, it was the first industry to suffer from malicious bot operators using automated attacks to hold and scalp tickets. Following complaints by customers and increased pressure from artists, it was also the first industry to adopt legislation as an additional tool in the war on bad bots. In 2016, the US passed the Better Online Ticket Sales (BOTS) Act, which outlawed the resale of tickets purchased using bot technology and imposed fines. The UK, Australia, and parts of Canada have enacted similar legislation.

The latest report on the ticketing industry follows a report Distil issued last year on the airline industry, in which it found that 43.9% of all traffic on airlines websites came from bad bots, Roberts says.

Related Content:

 

 

Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry's most knowledgeable IT security experts. Check out the Interop agenda here.

Steve Zurier has more than 30 years of journalism and publishing experience, most of the last 24 of which were spent covering networking and security technology. Steve is based in Columbia, Md. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
2/28/2019 | 12:56:18 PM
External Requests
I would imagine this is prevalent for ticketing systems that allow external entities to submit requests. If you restrict ticketing to only internal entities and trusted clients you will see a downturn in this activity.

If you are seeing bot traffic originate internally then you have bigger problems.
schopj
50%
50%
schopj,
User Rank: Strategist
2/28/2019 | 1:06:57 PM
Re: External Requests
How exactly would Ticket Master restrict ticketing to only internal entities?  We're not talking about internal ticketing systems, we're talking about concert and airline ticket sales online getting hit with bots.  
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
3/7/2019 | 7:20:02 AM
Re: External Requests
For comparison, I remember when my father's company subscribed to the old Sabre system for reservations and had an ancient (by today's standards) Western Union terminal (keyboard, roll of paper) in the office.  It was totally secure not only because there were not threats back then but it was so basic.  As we have gotten more complex we have sacrificed speed and covenience for security.  There is alot to be said for DOS 6.22 in some ways.  i could build a machine and do most of my basic work sans internet and you can just TURN IT OFF without shutdown.  (Side note - remember parking the heads? )
US Turning Up the Heat on North Korea's Cyber Threat Operations
Jai Vijayan, Contributing Writer,  9/16/2019
MITRE Releases 2019 List of Top 25 Software Weaknesses
Kelly Sheridan, Staff Editor, Dark Reading,  9/17/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "He's too shy to invite me out face to face!"
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-16680
PUBLISHED: 2019-09-21
An issue was discovered in GNOME file-roller before 3.29.91. It allows a single ./../ path traversal via a filename contained in a TAR archive, possibly overwriting a file during extraction.
CVE-2019-16681
PUBLISHED: 2019-09-21
The Traveloka application 3.14.0 for Android exports com.traveloka.android.activity.common.WebViewActivity, leading to file disclosure and XSS.
CVE-2019-16677
PUBLISHED: 2019-09-21
An issue was discovered in idreamsoft iCMS V7.0. admincp.php?app=members&do=del allows CSRF.
CVE-2019-16678
PUBLISHED: 2019-09-21
admin/urlrule/add.html in YzmCMS 5.3 allows CSRF with a resultant denial of service by adding a superseding route.
CVE-2019-16679
PUBLISHED: 2019-09-21
Gila CMS before 1.11.1 allows admin/fm/?f=../ directory traversal, leading to Local File Inclusion.