Closed screening: how hackers attack Russian cinemas and ticket sales sites

Hackers have become more likely to attack cinemas, concert venues, and ticket sales sites. As a result of work interference, resources can lose up to several million rubles, but risks also exist for buyers. Izvestia found out why cybercriminals are interested in selling tickets online and how exactly they attack sites.

Attacks on playgrounds

Hackers have become more likely to attack Russian cinemas, concert venues, and ticket sales sites for cultural events. Since the beginning of the year, more than 2.5 thousand attacks have been directed at web resources, RED Security told Izvestia.

According to the company, the number of DDoS attacks in Russia has increased significantly this year: from January to June, it increased fourfold compared to the same period in 2024 and reached 69 thousand. The key targets of criminals have traditionally been the telecommunications, IT and industrial sectors, but this year the entertainment sector has joined them.

Photo: IZVESTIA/Sergey Konkov

— This segment has become an unexpected target, demonstrating the expansion of the range of targets of intruders. Analysts attribute this to the high media effect that could be caused by the unavailability of resources. Hackers use DDoS attacks to extort or disrupt major cultural events that attract public attention," RED Security explained.

The increase in the number of attacks on the entertainment sector was also noted by StormWall. According to analysts, the number of such incidents in the second quarter of this year increased by 17% compared to the same period in 2024. The share of attacks is 9% of the total number of incidents.

— At the same time, DDoS has moved into the category of instruments of not only political, but also economic pressure. There are more and more cases when attackers demand a ransom from the company for stopping the attack and restoring the availability of its web resources. Therefore, we recommend that you take risks into account when using technical means of protection," said Mikhail Gorshilin, Head of Managed cybersecurity Services at RED Security.

Bot penalty: developers' resources have been subjected to active cyber attacks

Information about developers is downloaded by owners of profile chats in Telegram in order to sell it by subscription.

What are DDoS attacks?

DDoS attacks are a type of cyberattacks aimed at computer systems. Hackers send a huge volume of requests to the victim's available IP addresses, overloading the server. As a result, the website or application becomes inaccessible to ordinary users.

— The increased popularity of such attacks is due to the possibility of a simple organization and the complexity of finding a customer. These attacks may be carried out as part of unfair competition, common hooliganism, attempts to obtain a ransom for stopping DDoS, and may also constitute hacktivist activities, that is, the activities of politically motivated hackers. This is what is happening now," explains Mikhail Gorshilin.

Photo: Global Look Press/Wosunan Photostory

In his opinion, hacktivists have become more likely to attack the entertainment industry because of its vulnerability. For cinemas, concert venues, and ticket aggregators for cultural events, a website is a key element of activity. And if infrastructure hacking is required in other industries to stop an organization's activities, then entertainment companies can be seriously affected even by DDoS attacks.

— In addition, most companies operate at the federal level, meaning that the unavailability of their resources will be noticeable to users across Russia. This means that hackers can get a significant response from an attack, even without seriously investing in it," says the head of managed cybersecurity services at RED Security.

Why hackers are attacking the entertainment industry

DDoS attacks on cinemas and concert venues in Russia are carried out to disrupt ticket sales, damage the reputation of companies, or extort money. Attackers use botnets from infected devices that bring down websites with a stream of requests, or find vulnerabilities in online sales systems, for example, by attacking payment gateways, explains Dmitry Belyanin, head of StormWall's Pre-sale department.

— Such attacks began to occur in 2023-2024, when Russian online services became more dependent on domestic IT solutions. After the departure of international platforms, ticket systems switched to local counterparts, some of which turned out to be less secure — and they were the ones who were more likely to be hit," the expert says.

Photo: Global Look Press/Belkin Aleksey

According to him, experts noticed an increase in DDoS attacks in the entertainment sector this year in February and March. Legitimate traffic on streaming services and ticket sales sites traditionally grows during the holidays. This means that by launching attacks at this time, the attackers get the maximum effect — companies lose more profits, and user dissatisfaction grows faster and stronger.

If a DDoS attack on a cinema or ticket sales site cannot be repelled, the financial damage is proportional to the time during which the resource remained unavailable. According to analysts, one day of downtime usually costs tens of millions of rubles, depending on the size of the company's audience.

— Cinemas, concert venues, and streaming services live off instant transactions. If the website or web service of such a company "goes down" at the start of sales, the company loses money, and hackers can blackmail the owners. In addition, they get the opportunity to sow panic among buyers and users," he notes.

Types of attacks

Attackers can attack the entertainment industry in various ways — and this is not just DDoS attacks, explains Sargis Shmavonian, an expert at Cyberprotect. They can steal data, hack into internal systems (cash registers, access control, equipment of halls). For this purpose, software vulnerabilities and the human factor are usually used — they lure employees' credentials.

Photo: IZVESTIA/Sergey Konkov

Mikhail Gorshilin identifies several types of cyber threats that are relevant for cinemas and ticket sales sites.:

1) Attacks on web applications exploiting various vulnerabilities, for example, allowing access to user databases. Web Application Firewall solutions protect against such attacks, but not all entertainment companies are implementing these technologies, including due to the lack of staff.

2) Phishing against the organization's employees. This is a simple but still effective tactic, which in most cases gives hackers initial access to the victim company's infrastructure. Then the attackers can develop an attack, and if they manage to remain unnoticed for long enough, steal or encrypt the company's data (or both).

Why do this: record cyber attacks hit universities

Since the beginning of the university admission campaign, the "garbage" traffic has amounted to more than 50%

3) Hacking using uncovered vulnerabilities on the perimeter. Most often, uncovered vulnerabilities or simply errors in the configuration of a company's IT systems accessible from the Internet occur when the company's infrastructure grows rapidly and no one checks how secure its new elements are.

As a rule, vulnerabilities are caused by the fact that organizations do not have strong information security teams, and most functions are outsourced, explains Sergey Polunin, head of the IT infrastructure Solutions protection group at Gazinformservice. At the same time, the sites are attractive to hackers because they have huge user bases.

Photo: IZVESTIA/Eduard Kornienko

— Everyone buys tickets online and leaves an insane amount of personal information, from full names to phone numbers. Well, you need to keep in mind that this is a paying audience. Concerts and sporting events are not cheap, which means that potential attackers have someone to work with," the expert notes.

Thus, in addition to losing money and user trust due to DDoS attacks, companies run the risk of data leakage and all the resulting business consequences. And users, as well as as a result of any leak, face targeted phishing and cyber fraud, concludes Mikhail Gorshilin.

Methods of protection

In order to protect themselves from hacker attacks, experts recommend that business representatives take a serious approach to security issues. According to Sarkis Shmavonian, such measures should include three main conditions:

1. Creation of an information protection unit, strict access control to it.
2. Regular security audits of web applications and IT infrastructure.
3. System updates to applications and devices, network segmentation, strict control of employee privileges (the principle of minimum rights), the introduction of multi-factor authentication, the location of cloud infrastructure on trusted sites, and the involvement of experts in the field of DDOS protection to filter traffic wherever possible.

Photo: IZVESTIA

According to the expert, attacks on the entertainment industry today are not episodes of digital vandalism, but highly effective threats that exploit the emotional involvement of the audience and the financial vulnerability of businesses at peak times. The consequences are measured not only by direct losses from downtime or fines, but also by a long-term loss of customer trust.