David Brace, Senior Solutions Architect at Continent 8 Technologies explains that there has been a significant rise in DDoS events in the last year, and highlights the steps businesses can take to successfully fight them off.
The so-called ‘new normal’ of remote interactions has resulted in an estimated 30% increase in global internet traffic and a corresponding rise in cyber security incidents.
Throughout 2020 the number of Distributed Denial of Service (DDoS) attacks detected globally was doubling quarter on quarter, peaking in September before levelling off in Q4.
This trend looks set to continue in 2021 with attacks of varying size and sophistication targeting organisations of all types, from global internet giants to local governmental departments.
Worryingly, a second wave of ransom DDoS attacks retargeting companies previously hit in the summer of 2020 was recorded, with analysis of the ransom notes suggesting the same threat actors are behind this latest wave of attacks.
With the number of attacks being launched set to increase in volume and complexity, businesses on the Island must ensure they take the necessary steps to ensure they are as protected as can be.
Before looking at the products, systems and protocols businesses must have in place to fight off DDoS attacks, first we will look at what these attacks are, how they work and who is behind them.
A Distributed Denial of Service attack is when a website or application is inundated with so many requests – this can be thousands per second – that ultimately the service is rendered unusable.
DDoS attacks have the potential to take a business entirely offline, causing disruptions to products, services, revenues and reputations.
It is not uncommon for attackers to issue ransom notices to organisations prior to an attack, and if they don’t receive payment, they unleash the bots used to inundate the website with requests and take it offline.
It is a simple, effective way of doing incredible damage to a business.
One of the most difficult things about falling victim to a successful DDoS attack is that you are unlikely to ever know who is behind it. But in our experience, they tend to fall into the below groups:
Motivations for launching attacks can and do differ, but the most common are for financial gain, to take down a competitor or to cause reputational damage or embarrassment to an organisation.
A successful DDoS attack can be absolutely devastating for a business. It can take a service such as an online casino or ecommerce site entirely offline.
For other businesses, it can see their customer databases raided and stolen, or sensitive data breached and published online for the world to see.
This has many bad side effects for governments and businesses, from a bad customer experience to major damage to your reputation and a loss of revenue.
They can also hit internal processes hard and lead to a significant reduction in productivity and, most concerningly, risk incurring potential compliance breaches.
While any organisation can fall victim to a DDoS attack, Malta’s reliance on subsea infrastructure to deliver internet services, coupled with requirements around data sovereignty and residency, mean organisations on the Island can be more vulnerable to DDoS attacks.
Moving to a cloud-based solution undoubtedly helps limit the risks related to an attack, but it doesn’t remove the threat entirely, as any device, service or application that is connected to the internet can be the target of an attack.
With 96% of all IT functions operating outside of the cloud and a finite amount of bandwidth available between Malta and the rest of the internet, it could only take one well targeted attack to cause severe impact to your organisation.
During a recent webinar organised by Continent 8, John Coleman, CEO of Microgaming, used the analogy which is helpful to anyone who is not an IT specialist: “You can no longer rely on high walls to protect your house. It’s now essential to have bright lights, security patrols, bars on the windows, motion sensors, security patrols, alarms, and guard dogs.”
Whilst that may sound extreme, it is a good way to illustrate the heightened level of cybersecurity solutions required to protect your critical data and systems.
Businesses need a layered approach for protection, covering cloud-based services and those running on physical infrastructure: Web Application Firewall (WAF) services, Network level DDoS detection, and Network level DDoS protection all play a part in protecting your organisation and its services.
Continent 8s DDoS defence service is a mature, proven platform, built and developed over 16 years, using an optimised combination of technologies and our customised development layer.
This experience enables our team to design bespoke protection services tailored to fit any organisation’s needs. Local engineers, backed by a global team, work in partnership with our customers to evolve these services to meet the everchanging threat landscape.
With a resilient global network spanning 4 continents and over 60 connected locations, Continent 8 connects Malta to the global internet via 3 separate subsea cable systems using a blended approach to ensure our service is not reliant on any one provider.
All traffic entering the network is inspected and profiled at the point of ingress, this ensures any malicious traffic is stopped at the network edge and legitimate traffic can be delivered to the end destination with minimal disruption.
Continent 8 has a long-standing presence in Malta providing technical services to local and global organisations. The team has recently expanded with the addition of Melissa Lamb as Sales Account Director. Working from Continent 8’s offices in Ta’ Xbiex as part of the worldwide sales team, Melissa is tasked with expanding our customer base in Malta and beyond, providing a personalised, bespoke offering to current and prospective clients.
Get in touch with Melissa to learn more about Continent 8’s Secure offering, email@example.com
This article featured in the Sunday Times of Malta on 28 March 2021.
Our Chief Product Officer Justin Cosnett discusses Continent 8’s commitment to the US and the connectivity and security solutions available to customers looking to capitalise on the fast growing market.
2021 is a pivotal year for sports betting in the USA with 19 states set to decide on legalising online sports betting.
Continent 8 (C8) has pursued a strategy of providing services to iGaming in every suitable US state. This considerable and challenging expansion has delivered a first-to-market capability for our customers with a single supplier they know can meet their needs. The table below shows where we are as of February 2021, and we anticipate a further 8-10 states or more coming online throughout 2021.
The table above doesn’t just show we have opened in each state, but also that we have obtained the necessary regulatory approval, and even brought multi-site options for customers to enable in-state DR or Primary and Secondary capabilities to meet operational or compliance requirements.
In every location, C8 ensures we have dual diverse connection back to the C8 global backbone mixed with a local in-state provision. This enables us to monitor and manage tier 1 blended internet peering as well as deliver private connectivity from production environments in-state; to corporate environments, or Hyperscale cloud providers (like AWS, Azure and GCP), or even to B2B partners, like sports data providers. This highly available and scalable connectivity means we can provide low latency, reduced hop, guaranteed point to point packet delivery. It’s not only central to our connect product portfolio, but also underpins our secure DDoS and WAF services.
C8 doesn’t build a facility in every location, in many we will partner with one or several providers, as there is no single provider with a truly total US owned facility coverage. We ensure internet connectivity is delivered to customers to guarantee an in-state service delivered in a standard method from a single supplier for contracting, operational support and commercial benefits.
Below is an illustrative C8 in-state facility topology showing the advantages, with highly resilient out of state private connectivity and tier 1 peering, as well as DDoS protected internet and even DR or secondary site capability:
Also shown in the above topology via this repeatable platform, are services to deliver different reference infrastructure models to support iGaming – whether Casino, Sportsbook or even Live dealer. In some states, as regulation requires, we bring a dual site capability to support active / active or backup service. This could be customer infrastructure in a co-location offering or C8 Private Cloud with a managed infrastructure as a service solution.
Additionally we support extension of hyperscale cloud service to an in-state edge via an AWS Outpost or potentially Azure Stack, delivered behind a network as a service (NEaaS) solution.
In summary, C8 is expanding rapidly in the US and has the experience and technologies to enable rapid growth for iGaming customers. Can C8 help you expand in the US? Get in touch via firstname.lastname@example.org
Justin Cosnett, Chief Product Officer at Continent 8 Technologies. With 20+ years’ experience in the hosting and SaaS sectors in a number of customer facing roles, Justin has a strong technical background. He joined Continent 8 in 2012 and was Head of Solution Architect before being promoted to Chief Product Officer.
The impact of the pandemic on the iGaming sector was one of the hottest topics at our recent ‘The Return of the Leaders and Legends’ webinar. The six panellists, from some of the biggest companies in the industry, spoke about the challenges and opportunities created during lockdowns, new security risks which emerged, and their views on the long term impacts of the Covid crisis. Our Chief Product Officer, Justin Cosnett, reflects on the discussion, how Continent 8 have handled challenges posed by the pandemic, and the lessons we can learn from this.
Despite all of the obvious challenges, from an iGaming industry perspective all of the panellists agreed that 2020 had been a valuable learning experience. Businesses had to find new ways of working, and to think even more creatively about how to engage with customers – so, out of adversity and necessity, the leaders agreed that positive developments emerged that are being taken forward. Scientific Games Digital CEO Jordan Levin and Playtech COO Shimon Akad both described it as a ‘year of learning’.
Levin went on to explain some of the challenges that were also faced across the industry, and the improvisation that was required to resolve problems such as how to bring in new employees, and open new offices while everyone was working remotely. He said: “For me it was an extremely enriching year from a learning perspective in terms of how the business evolved. From a business perspective, how do we form solid partnerships with our customers, in a world where we are used to going traveling and seeing them in person, how do we do that virtually? We established lots of new tools from a communications perspective, we launched 25 new sportsbook and iGaming platforms for our customers around the globe in 2020. Being able to do that amidst new ways of working, changing teams, it was a chaotic yet exciting and enriching year.”
Yaniv Sherman, Senior VP, US, 888 Holdings PLC, said that in 2020 it was easier to keep things in motion, rather than initiate new projects – and there was a general consensus amongst the panellists that a ‘hybrid’ model (based on a balance of working in the office and from home) will become part of the ‘new normal’ for the industry.
That view is shared by Continent 8. Before the pandemic and lockdowns began, we already had a substantial number of people working remotely, so we were very familiar with using online collaboration, messaging and meeting tools. Of course, lockdowns gave us no choice but to work that way and, like all of the panellists, we have learned a great deal from the experience. We’ve adapted to a new way of communicating. Our global sales team would usually be on the road and travelling, attending expos, networking events and meeting with existing and prospective customers face-to-face. That ended overnight and while the sales team are keen to travel and meet people once again, it’s certainly changed the way we interact with our customers. We’ve had to adapt, and while this has its challenges, it also creates opportunities.
A great example of that is The Return of the Leaders and Legends webinar. Following the success of the panel event we held at ICE London 2020, we wanted to bring it back at ICE 2021. Of course, the event at ExCeL didn’t go ahead, so we had to move to a digital platform – but that meant more people could watch it live than could physically have attended to watch it on our stand, if ICE 2021 had gone ahead.
Increased cybersecurity risks
The leaders and legends acknowledged that the pandemic had been exploited by bad actors to launch more cyberattacks. In Q2 2020 Continent 8 saw cyber-attacks increase by 55% compared with the same period in 2019, and we mitigated the longest sustained DDoS attack in our history (36.4 hours in Q4 2020). Compared to previous years, there was also a rise in the volume, complexity and frequency of DDoS attacks.
Phishing attacks and other scams – cynically targeted to exploit natural human anxieties and fears – also increased significantly, for example email scams that were based on hoax vaccination appointment invitations. At the other end of the scale were sophisticated phishing attacks that fall into the category of ‘cyber espionage’ – one example being the targeting of the international vaccine supply chain (believed by IBM to have been carried out by a nation state, according to this BBC report in December).
Examples like this go to show what a significant year 2020 was from a cybersecurity threat perspective. Even before the COVID-19 pandemic began, DDoS and web application attacks were rising year on year. That was largely due to three factors – the price of generating an attack continuing to fall, more devices becoming available to use to make an attack (e.g., Internet of Things devices), and the fact that there is so much cheap bandwidth capacity available to distribute the attack. When lockdowns resulted in millions more people working from home it created a perfect storm – and that opened up many more attack verticals for bad actors looking to exploit individuals or attack unsecured remote devices.
Ensuring business as usual
Despite the pandemic, as the leaders explained, the iGaming industry was as busy as ever. The industry never slows down – and neither do we. We continued to invest in people and products, entered new markets, partnered with new clients, and continued to expand our global network which now spans more than 60 locations.
The pandemic led to significant growth in legitimate traffic to iGaming providers on our own network. Due to the dynamic nature of our industry, we already had plenty of scalability and resilience engineered in, so we have been able to easily cope with any peaks of traffic – whether that’s from our customer networks as more end users turn to iGaming to pass the time in lockdown, or from the increased number our own people now needing regular access to our networks from home.
The most important lesson that the iGaming industry can learn from the impact of the pandemic is that while cyber threats are always evolving, the Covid crisis has caused a seismic shift in the cybersecurity landscape. That means world class cybersecurity solutions are more essential than ever before to ensure business continuity, and stay ahead in the constant battle to protect mission-critical data and end users.
To find out how we can help your business, contact our Sales Team, or learn more about our secure solutions here.
Hear Jordan’s summary on the pandemic below.
Please check our ‘News & Blogs’ section soon for the next blog in this series.
You can find the full recording of our ‘The Return of the Leaders and Legends’ webinar here