The gambling industry is benefiting, in a huge way, from rapid developments in Internet technology.
Over the last decade, the online gaming and gambling industry has almost tripled in size and is now worth over $40 billion. However, like many other success stories, the betting industry has its fair share of challenges.
Website operators must adhere to complex Internet compliances, financial, and business agreements to conduct their daily operations. At the same time, they must sustain a high-security and availability status, 24/7.
To add to their woes, a new threat has emerged that targets mostly unsecured non-HTTPS internet protocols – DDoS Attacks.
Unfortunately, most online gaming and betting websites don’t use HTTPS. And herein lies the problem.
What Are DDoS Attacks?
The growing popularity of online gambling has attracted a lot of attention – not all of it welcome.
In addition to the threat of extortion, online gaming and gambling websites must tackle DDoS attacks from malicious hackers too. Often, these cybercrooks are hired by competitors.
Distributed Denial of Service, or DDoS, attacks make a website or application unavailable for use by overwhelming it with traffic. As 60% of all the activities on online gaming and gambling websites are conducted in real time, they are very susceptible to latency.
Anthony Khamsei, CEO of Gold Security, says;
“E-commerce events are busy times. With online gambling sites it’s like experiencing Black Friday several times a year. A half-second delay renders a site unusable, unlike shopping where the tolerance for slight delays may not make or break a sale.”
Because of their predictable rush hours over weekends, or during major sporting events, betting sites are easy targets for DDoS attacks.
The Modus Operandi of DDoS Attackers
With the rapid growth of DDoS attacks, the online gaming and gambling industry is desperately searching for a permanent solution. But to counter these attacks, businesses must first understand the methods and capabilities of hackers.
DDoS attackers have adopted two different methods to carry out their operations:
i) Advanced Persistent Threats (APT) tactics. Using this model, attackers co-ordinate DDoS assaults with other internet-based attacks. Bypassing security measures using stealth techniques, DDoS attackers devise complex multi-phase and multi-vector assaults. An early reconnaissance mission exposes the target’s weakness. Hackers then attack persistently over days, weeks or even months at a time.
ii) Short, single vector attacks. These attacks are the more basic, single-vector type and do not last more than around 30-minutes. While APT tactics are the work of professional cyber criminals, single-vector attacks are carried out by users of botnet-for-hire services (called “booters” or “stressers”). Costing an average of just $38 a month, these botnets can be quickly hired by anybody to launch several short-lived DDoS attacks.
Facts & Figures About DDoS Attacks
• 40% of Network Layer DDoS attacks are carried out by botnets-for-hire.
• 56% of Network Layer attacks use the UDP method, of which 8% are SSDP DDoS attacks launched from IoT devices.
• Over 20% of all the Network Layer attacks last for longer than five days, with the longest attack 54 days.
• On average, all targets are hit by DDoS attacks at least once a week.
• About 50% of all Application Layer attack targets are hit again within 60 days.
• The largest ever Application Layer attack reached 179,712 requests per second, while the most significant Network Layer attack consumed 253 Gbps.
Overall Impact of DDoS Attacks
DDoS attacks are much more prevalent and far-reaching than many online business owners think. According to one study, nine out of 10 online companies have been hit by a DDoS attack in the last year.
Significant impacts of DDoS attacks include:
• Slow performance of websites, particularly those hosting sports betting and online poker
• Service outage of sites, leading to loss of consumer trust and customer base
• Loss of sensitive and confidential data
• Loss of revenue
• High recovery costs resulting from an unmitigated DDoS attack (average $40,000 per hour)
The most effective way to counter the threat of DDoS attacks is to ensure that all incoming network traffic is 100% secure. Use an infrastructure protection service, like the one provided by Gold Security’s DDoS protection partner Incapsula, to put a blanket security layer across your network.
As soon as the Infrastructure Protection layer detects a potential DDoS attack threat, all incoming traffic to the server is re-routed via BGP announcements to a global network of scrubbing servers.
After a thorough inspection and filtering of all scrupulous server requests, only legitimate traffic is forwarded to the main servers. This cancels out all the unwanted traffic and a getting null-routed by the ISP.
As the online gaming and gambling industry spreads its roots, the threat of DDoS attacks looms ever larger. With the odds stacked in favor of malicious attackers, online companies must ensure secure channels and deploy infrastructure protection layers. If not appropriately tackled, the online betting industry stands to lose hundreds of thousands, if not millions of dollars every year.