One of the major benefactors of the rapid advances in Internet technology has been the online gaming and gambling industry. In the last decade, the online gaming and gambling industry has almost tripled and grown from $15 billion to $40 billion in size. However, like every other successful business in the world, the online gaming and betting industry is also not without its share of complications and issues.
On one hand, the website operators have to maneuver through complex Internet compliances, financial and business agreements to conduct daily operations. While on the other hand, they have to maintain a high security and availability status, 24×7. To add to their security woes, a new breed of threat has emerged that targets the largely unsecured non-HTTPS internet protocols, which is used by most of the online gaming and betting websites – DDoS Attacks.
What Are DDoS Attacks?
The growing popularity of the online gaming and betting industry has attracted a lot of attention worldwide, of which not all are favorable to say the least. In addition to the ever present threat of extortion over the Internet, the online gaming and gambling websites also have to tackle DDoS attacks from malicious hackers hired by their competitors.
Distributed Denial of Service or DDoS attacks are conducted to make a website or application unavailable for use, by overwhelming it with illegitimate traffic. As 60% of all the activities on the online gaming and gambling websites are conducted in real time, they are extremely sensitive to latency.
Anthony Khamsei (CEO, Gold Security) says, “E-commerce events are busy times. With online gambling sites in particular, it’s like experiencing Black Friday — several times a year. A half-second delay renders a site unusable, unlike shopping where the tolerance for imperceptible delays may not make or break a sale.” The threat as presented by Mr. Khamsei rings even truer for the online gaming sites, as because of their predictable rush hours during the weekends or major sporting events, they become easy targets for these DDoS attacks.
The Modus Operandi of DDoS Attackers
DDoS attacks have grown rapidly in frequency and number, leaving all the online gaming and gambling businesses searching for permanent solutions. It is imperative that in order to counter these attacks, these businesses completely understand the methods and capabilities of these malicious perpetrators.
Following an in-depth study of various attacks, the DDoS “thugs” seem to have adopted two contrasting methods to carry out their operations.
i) Advanced Persistent Threats (APT) tactics – Using this mode, the offenders’ co-ordinate DDoS assaults with other internet based attacks. Bypassing security measures using stealth techniques, the DDoS attackers orchestrate complex multiphase and multi-vector assaults. An early reconnaissance mission is conducted to expose the target’s weakness, which is then attacked persistently over days, weeks or even months at a time.
ii) Short, single vector attacks – These kind of attacks are of the more rudimentary, single-vector type and do not last more than 30 minutes on an average. While the APT tactics are clearly a work of professional cyber criminals, these single-vector attacks are carried out by users of botnet-for-hire services (called “booters” or “stressers”). Spending only a few dollars ($38 a month on an average), these botnets can be easily hired by anybody to launch several short-lived DDoS attacks as and when required.
Facts & Figures About DDoS Attacks
– 40% of Network Layer DDoS attacks are carried out by botnets-for-hire.
– 56% of the Network Layer attacks use UDP method, of which 8% are SSDP DDoS attacks launched from “Internet of Things” devices.
– Over 20% of all the Network Layer attacks usually last for longer than 5 days, with the longest attack stretching for 54 days.
– On an average, all the targets are hit by DDoS attacks at least once in a week.
– About 50% of all Application Layer attack targets are hit again within 60 days.
– The largest Application Layer attack reached a whopping 179,712 requests per second mark, whereas the biggest Network Layer attack consumed 253 Gbps.
Overall Impact of DDoS Attacks
DDoS attacks are much more prevalent and far-reaching than what online businesses presently care to surmise. According to a study, 9 out of 10 online companies have been hit by a DDoS attack in the last 12 months, and at least 1 out of 10 in last week itself. Major impacts of DDoS attacks include:
– Slow performance of websites, particularly those hosting sports betting and online poker
– Service outage of websites, leading to loss of consumer trust and consumer base
– Loss of sensitive and confidential data
– Loss of revenue
– High recovery costs resulting from an unmitigated DDoS attack (average $40,000 per hour)
The most effective way to counter the ever threatening onslaught of DDoS attacks, is by ensuring that all of the incoming network traffic is 100% secure. Using an infrastructure protection service, as such provided by Gold Security’s DDoS protection partner Incapsula, a blanket security layer is put in place across a network. As soon as a potential DDoS attack threat is detected by the Infrastructure Protection layer, all the incoming traffic to the server is re-routed via BGP announcements to a global network of scrubbing servers. After a thorough inspection and filtering of all scrupulous server requests, only legitimate traffic is forwarded to the main servers. This cancels out all the unwanted traffic and getting null-routed by the ISP.
As online gaming and gambling industry spreads its roots, the threat of DDoS attacks looms even larger and more threateningly than ever before. With odds stacked quite favorably with these malicious attackers, the only way out for online companies exists through deploying secure channels and infrastructure protection layers. As the findings suggest, if not tackled properly, the online gaming and gambling industry stands to lose hundreds of thousands, if not millions of dollars due to these attacks.