Craig Lusher from our Secure team reveals the DDoS stats for the final quarter of 2023 and looks back at attack trends for the iGaming industry across the previous 12 months
The fourth quarter saw a total of 187 DDoS attacks launched against Continent 8 customers, a significant decrease from the 1,106 recorded in Q2 and the 359 in Q3. In fact, Q4 was the second-lowest month in terms of attacks, coming in just behind Q1 where 184 attacks were registered.
Before looking at how attack trends played out across the year, let’s first analyse the data from Q4 to understand attack characteristics over the three months.
In the fourth quarter, the intensity of attacks peaked in October with 84 separate incidents recorded with 44 in November and 59 in December. Over the period, a total of 27 customers were attacked making it a widespread issue rather than being isolated to a few organisations.
Malta was the most targeted location, suggesting a geographical focus of the attacks perhaps because of vulnerabilities that had been exploited.
Interestingly, there were no repeat attacks on the same day, indicating that each attack was a unique event. This implies that attacks were well-mitigated after the first occurrence or that attackers did not persist on the same targets within 24 hours.
The average number of attacks experienced by each customer was seven, but the most affected single customer experienced 49 attacks, significantly higher than the average. This suggests that some customers are at greater risk than others and may require additional protective measures.
The largest attack size was 412.9 Gbps but the average attack size throughout the quarter was 2.7Gbps. This is a significant disparity and suggests that while most attacks were relatively small, there were significant outliers that boosted the average.
Across the quarter, only one attack exceeded 100 Gbps which underscores the exceptional nature of the largest attack. The average attack duration was 42 minutes with the longest attack lasting just 3.3 hours, the shortest of the year – the longest attack came in Q2 and lasted a staggering 799.7 hours.
For the fourth quarter, the peak megapackets per second (MPPS) rate came in at 36, the second highest of the year behind the 316.9 recorded in Q2, providing insight into the intensity and potential impact of the attacks.
The Q4 stats show a need for targeted DDoS mitigation strategies, especially in high-risk months and for customers who are more frequently targeted. The data also helps enhance our DDoS Mitigation Solution, allocating more resources during peak attack periods and in regions such as Malta.
The fourth quarter of 2023 sits in stark contrast to 4Q22 where Continent 8 blocked a total of 3,367 separate DDoS events during a well-orchestrated campaign that coincided with the World Cup and the Christmas Holidays.
While the volume of attacks dipped significantly in 1Q23, the second quarter saw a significant resurgence in terms of the volume and size of attacks.
2023: A year in DDoS stats
Q2 would become the standout quarter during the year with a total of 1,106 separate attacks blocked between April and June. This compares with 184 attacks in Q1, 359 in Q3 and 187 in Q4.
The most attacked locations were Kahnawake (Q1), Paris (Q2), Isle of Man (Q3) and Malta (Q4) with January, May, July and October being the months with the most DDoS attacks recorded. The number of unique customer attacks was 83, 29, 24 and 27 respectively.
The highest number of attacks against a single customer came in Q2, with 669 recorded, followed by 98 in Q3, 49 in Q4 and 31 in Q1. The longest single attack lasted 799.7 hours (Q2) with the shortest coming in at 3.3 hours in Q4 – in Q1 it was 5 hours and in Q3, 20 hours.
In terms of trends, Q1 saw a relatively high number of customers attacked at 83 but with a modest number of total attacks and the largest attack size of 49.5 Gbps. This shows that while attacks were frequent, they were less severe.
But Q2 presents a stark contrast. Despite a smaller number of customers being attacked (29), the total number of attacks was incredibly high with a remarkably large attack size of 560.6 Gbps. The high number of attacks against a single customer and the unprecedented longest attack time indicated a period of sustained, severe attacks.
In Q3 the focus of attacks shifted to the Isle of Man in July. The frequency of attacks and the number of customers impacted dropped. So too did the size of the largest attack but at 149.7 Gbps it was still substantial, denoting a continued threat.
For Q4, the size of the largest attack was once again on the rise, coming in at 412.9 Gbps indicating a resurgence in attack severity. That said, the highest number of attacks on a single customer and the longest attack duration were both down, suggesting effective mitigation of attack efforts.
In summary, 2023 began with frequent but less severe attacks which peaked in intensity during Q2 and especially in Paris. As we moved into the second half of the year, we saw signs of decreasing frequency and severity.
That said, the large attack sizes in Q4 indicated that while attacks may have become less frequent, their potential impact remains high, and businesses absolutely must have the protections in place to defend their systems, networks and data against DDoS attacks.
Our data and analysis should also be used to inform cybersecurity strategies moving forward and for resource allocation for DDoS mitigation efforts.
Continent 8’s L3-7 cloud DDoS mitigation service and recent upgrades
Our service provides complete layer 3 through 7 DDoS mitigation with bespoke profiling. Over the past year, Continent 8 has significantly enhanced its DDoS protection service through major upgrades to its network, DDoS platform and customer systems. We have streamlined our Tier 1 provisions by optimising the number of providers and doubling capacity. This was achieved by optimising the number of tier 1 providers, allowing for more efficient global traffic management and engineering.
Additionally, the DDoS service improvements include the introduction of a new scrubbing centre in Denver, which utilises the A10 TPS model consistent with previous deployments and increases the overall DDoS scrubbing capacity available. The expansion of the network edge with Juniper devices across multiple global locations, including NWK1, LON1, and HKG1, enhances the network’s resilience and capacity. These devices offer a significant capacity upgrade, supporting up to 4.8 Tbps, which is a substantial increase over the legacy models.
Furthermore, enhancements to the internal systems and the Customer Portal & API have been made, including the addition of 21 new features, redesigning of six existing features, and the resolution of 29 bugs. These improvements aim to enhance customer experience by providing better notifications, visibility of real-time events, and access to downloadable reports, thereby improving the overall effectiveness and responsiveness of the DDoS protection service.
To learn more about how Continent 8 can help defend your organisation against DDoS attacks with its iGaming cybersecurity solutions, contact a member of the team or head here for more info.
