Principais destaques:

No setor de iGaming e apostas esportivas on-line, em que as violações de segurança cibernética podem resultar em acesso não autorizado, roubo de identidade, aquisição de contas, interrupções operacionais e danos à reputação, a MFA é uma medida de segurança essencial. Ela também é obrigatória para o mercado regulamentado de iGaming no Brasil, onde as operadoras devem apresentar prova de conformidade.

Luana

Neste blog, Luana Monje, executiva de vendas da Continent 8 Technologies no Brasil, explora a importância da MFA no empolgante mercado brasileiro, destacando seu papel como requisito regulatório de segurança cibernética, delineando as principais considerações ao selecionar uma plataforma de autenticação eficaz e apresentando a solução MFA sem senha da Continent 8 projetada para fornecer a experiência de PIN de etapa única perfeita.

O que é autenticação multifatorial?

De acordo com a Secretaria de Prêmios e Apostas (SPA) e as diretrizes técnicas e de segurança cibernética do Ministério da Fazenda (MF) para os sistemas de apostas do Brasil (Portaria nº 722), a MFA é definida como:

Um tipo de autenticação que usa dois ou mais dos seguintes elementos para verificar a identidade de um usuário: informações conhecidas apenas pelo usuário, como uma senha, um padrão ou respostas a perguntas de desafio; um item possuído por um usuário, como um token eletrônico, um token físico ou um cartão de identificação; dados biométricos de um usuário, como impressões digitais, reconhecimento facial ou de voz.

Conformidade regulatória com os sistemas de apostas e jogos do Brasil

Em primeiro lugar, as regulamentações brasileiras exigem a implementação da MFA em vários requisitos técnicos e de segurança cibernética descritos na Portaria nº 722. Esses requisitos incluem:

Portaria 722, Anexo I, seções 12, 13 e 16 – Acesso ao sistema de apostas:

  1. Nos casos em que o apostador esqueça seu nome de usuário e/ou senha, o sistema deverá oferecer um processo de autenticação multifatorial para a recuperação ou redefinição do usuário e/ou senha, sendo um dos fatores o reconhecimento facial.
  2. Caso alguma atividade suspeita seja detectada, como por exemplo múltiplas tentativas malsucedidas de acesso, o sistema de apostas deverá bloquear a respectiva conta. Nesse caso, para que a conta seja desbloqueada, deverá ser realizado um processo de autenticação multifatorial, sendo um dos fatores o reconhecimento facial.
  1. O sistema de apostas deverá exigir do apostador uma autenticação multifatorial :

a) ao menos uma vez a cada 7 (sete) dias; ou

b) no primeiro acesso após um período de inatividade superior a 7 (sete) dias.

Portaria 722, Anexo IV, seções 25f – Controles técnicos, requisitos de DNS:

25 – Os seguintes requisitos se aplicam aos servidores usados para resolver consultas de Sistema de Nomes de Domínio (DNS) em associação com o sistema de apostas:

f) autenticação multifatorial deve estar em vigor

A MFA oferece uma camada de segurança cibernética que reduz significativamente o risco de acesso não autorizado, protegendo assim dados confidenciais e informações pessoais.

Avaliação da tecnologia MFA correta para operações de iGaming

Como a MFA é uma exigência regulatória no Brasil, as operadoras de iGaming e de apostas esportivas on-line precisam avaliar quais opções de MFA são mais adequadas para suas operações. Aqui estão algumas considerações importantes ao avaliar uma plataforma MFA e como a Continent 8 pode apoiar sua jornada MFA.

 

Principais considerações The Continent 8 MFA advantage
Experiência do usuário O mesmo login sem senha, de 2 segundos e em uma única etapa – em todos os dispositivos e navegadores

99,9% dos usuários fazem login com sucesso em dois segundos em qualquer dispositivo.

Nossa solução de MFA garante experiências de usuário consistentes nas plataformas de aplicativos e navegadores, além de oferecer a opção de autenticação biométrica local para aplicativos.

Compatibilidade/operabilidade 100% dos dispositivos, 100% dos navegadores

Nossa solução MFA garante total independência de hardware ou sistemas operacionais, permitindo a compatibilidade em todos os dispositivos e plataformas.

Fornecendo nossa solução por meio da mesma interface de navegador que o serviço da operadora ou incorporando a tecnologia diretamente no aplicativo nativo da operadora, oferecemos suporte a:

  • 100% dos dispositivos e navegadores
  • 100% dos usuários
  • 100% do tempo
Taxa de sucesso de login 99,93% de sucesso de login ou mais

Nossa plataforma MFA simplifica o processo de login para uma única etapa de usuário, sem senha. O sistema é capaz de operar com autenticação biométrica ou por PIN, oferecendo aos usuários flexibilidade e um recurso confiável em qualquer dispositivo ou navegador.

Cada etapa adicional aumenta a possibilidade de erro do usuário, e cada dependência (como downloads, instalações, telefones celulares, redes de celular ou entrada de nome de usuário) introduz um possível ponto de falha para os usuários e para o sistema.

Nossa plataforma atinge uma taxa de sucesso de login de 99,93% em aplicativos voltados para o consumidor, usando um PIN de 4 dígitos ou autenticação biométrica baseada em dispositivo, quando disponível.

Nossa plataforma também atinge uma taxa de sucesso de 99,997% na autenticação de ações (transações).

Não há diferença nas taxas de sucesso entre dispositivos móveis e tablets/laptops, pois o sistema não depende da presença de um dispositivo móvel.

Taxa de sucesso de registro +18% em registros de jogadores, 20% de aumento nos lucros

O processo de inscrição da nossa solução MFA exige apenas que os usuários selecionem um PIN de 4 dígitos. Esse procedimento não requer permissões, downloads, plug-ins, chaves importadas ou configurações, eliminando, assim, as falhas de registro. A inscrição pode ser totalmente invisível e ocorrer durante o registro do cliente.

Processo do usuário – em qualquer dispositivo ou navegador:

  1. Escolha um PIN
  2. SUCESSO

O resultado: Aumento de +18% nos registros de usuários, o que pode aumentar os lucros em até 20%.

Custos de suporte 90% de economia nos custos de suporte

Nossa solução MFA minimiza as despesas e os recursos relacionados ao suporte com um serviço autossuficiente. Por exemplo, essa plataforma elimina a necessidade de assistência para redefinição de senha – responsável por até 60% das consultas à central de suporte, com um custo estimado de US$ 15-70 por chamada – e validação do cliente.

Serviços do provedor de serviços gerenciados de segurança (MSSP) Suporte em 360 graus

Como um MSSP, oferecemos suporte abrangente de ponta a ponta para avaliação, implantação e assistência contínua:

  • Gerenciar o registro e a lista negra remota de dispositivos
  • Autenticar e assinar digitalmente qualquer ação/transação para segurança/garantia e atender aos padrões bancários modernos
  • Autenticação de chamadas recebidas nos balcões de suporte/ajuda
  • Autenticação de usuários em dispositivos secundários, como quiosques ou instalações de ponto de venda (PoS)
  • Permitir a instalação e o registro rápidos de um aplicativo móvel iniciado a partir do desktop
  • Combate a fraudes de bônus e indicações
Tecnologia Superfície de ataque mínima, sem ponto único de falha

Nossa solução de MFA emprega prova de identidade avançada com conhecimento zero, garantindo uma superfície de confiança mínima e eliminando qualquer ponto único de falha. Oferece autenticação robusta de dois fatores, com a opção de uma solução somente de software.

Privacidade dos dados Nenhuma informação necessária

Nossa solução MFA não exige nenhuma informação pessoal identificável (PII) do usuário final. Em vez disso, precisamos apenas de um identificador exclusivo, que pode ser um hash de um número de celular, endereço de e-mail ou nome de usuário, garantindo assim a adaptabilidade da solução a vários esquemas de identidade.

Preparando o mercado de iGaming do Brasil para o futuro com autenticação avançada e contínua

O setor de iGaming e de apostas on-line está em constante evolução, com o surgimento regular de novas tecnologias e ameaças. A autenticação multifatorial é um componente essencial das plataformas de apostas e jogos à prova de futuro contra esses riscos em evolução. Ao integrar métodos avançados de autenticação, as operadoras de iGaming e de apostas esportivas on-line podem ficar à frente das ameaças cibernéticas e proteger continuamente seus sistemas e os dados dos jogadores.

Como a Continent 8 pode ajudar sua empresa a implementar o MFA

A Continent 8 está comprometida em apoiar as empresas no setor de iGaming e apostas esportivas on-line com suas necessidades de segurança cibernética. Nossa equipe de especialistas trabalha em estreita colaboração com você para projetar e implementar soluções MFA personalizadas que se alinham com seus requisitos regulatórios e objetivos de negócios.

Para saber mais sobre a solução MFA da Continent 8, entre em contato com Luana em luana.monje@continent8.com.

Key highlights:

In the iGaming and online sports betting industry, where cybersecurity breaches can result in unauthorised access, identity theft, account takeovers, operational disruptions and reputational damage, MFA is an essential security measure. It’s also mandated for the regulated Brazilian iGaming market, where operators must submit proof of compliance.

Luana

In this blog, Luana Monje, Brazil-based Sales Executive at Continent 8 Technologies, explores the significance of MFA in Brazil’s exciting market, highlighting its role as both a regulatory cybersecurity requirement, outlining key considerations when selecting an effective authentication platform, and showcasing Continent 8’s passwordless MFA solution designed to deliver the most seamless single-step PIN experience.

What is multi-factor authentication?

According to the Secretariat of Prizes and Bets (SPA) and the Ministry of Finance’s (MF) technical and cybersecurity guidelines for Brazil’s betting systems (Ordinance No. 722, available in Portuguese), MFA is defined as:

A type of authentication that uses two or more of the following elements to verify a user’s identity: information known only to the user, such as a password, a pattern, or answers to challenge questions; an item owned by a user, such as an electronic token, a physical token, or an identification card; a user’s biometric data, such as fingerprints, facial or voice recognition.

Regulatory compliance with Brazil’s betting and gaming systems

First and foremost, Brazilian regulations require the implementation of MFA across several technical and cybersecurity requirements outlined in Ordinance No. 722. These requirements include:

Ordinance 722, Annex I, sections 12, 13 and 16 – Access to the betting system:

  1. In cases where the bettor forgets his username and/or password, the system must offer a multi-factor authentication process for the recovery or reset of the user and/or password, one of the factors being facial recognition.
  2. If any suspicious activity is detected, such as multiple unsuccessful login attempts, the betting system shall block the respective account. In this case, for the account to be unlocked, a multi-factor authentication process must be carried out, one of the factors being facial recognition.
  1. The betting system must require the bettor to have a multi-factor authentication:

a) at least once every 7 (seven) days; or

b) on the first access after a period of inactivity of more than 7 (seven) days.

Ordinance 722, Annex IV, section 25f – Technical Controls, DNS requirements:

25 – The following requirements apply to servers used to resolve Domain Name System (DNS) queries in association with the betting system:

f) multi-factor authentication must be in place

MFA provides a layer of cybersecurity that significantly mitigates the risk of unauthorised access, thereby safeguarding sensitive data and personal information.

Evaluating the right MFA technology for iGaming operations

With MFA being a regulatory requirement in Brazil, iGaming and online sports betting operators need to evaluate which MFA options are most suitable for their operations. Here are some key considerations when assessing an MFA platform, and how Continent 8 can support your MFA journey.

Key Consideration The Continent 8 MFA Advantage
User experience Same passwordless, 2-second, single-step login – on all devices and browsers

99.9% of users log in within 2 seconds. Supports biometric auth in apps.

Our MFA solution ensures consistent user experiences across both app and browser platforms, while also offering the option of local biometric authentication for apps.

Compatibility / Operability 100% of devices, 100% of browsersOur MFA solution ensures complete independence from hardware or operating systems, enabling compatibility across all devices and platforms.

By providing our solution through the same browser interface as the operator’s service, or by embedding the technology directly into the operator’s native app, we support:

  • 100% of devices and browsers
  • 100% of users
  • 100% of the time
Login success rate 99.93% login success or higherOur MFA platform streamlines the login process to a passwordless, single user step. The system is capable of operating with either a PIN or biometric authentication, providing users with flexibility and a reliable fallback across any device or browser.

Each additional step increases the potential for user error, and every dependency (such as downloads, installations, mobile phones, cellular networks, or username entry) introduces a potential point of failure for both users and the system.

Our platform achieves a 99.93% login success rate in consumer-facing applications, using either a 4-digit PIN or device-based biometric authentication where available.

Our platform also attains a 99.997% success rate in action (transaction) authentication.

There is no difference in success rates between mobile and tablet/laptop devices, as the system does not rely on the presence of a mobile device.

Registration success rate +18% in player registrations, 20% boost in profitsOur MFA solution’s enrolment process simply requires users to select a 4-digit PIN. This procedure does not require any permissions, downloads, plug-ins, imported keys or configurations, thereby eliminating registration failures. The enrolment can be completely invisible and take place during customer registration.

User process – on any device or browser:

  1. Choose a PIN
  2. SUCCESS

The result: +18% increase in user registrations which can boost profits by up to 20%.

Support costs 90% savings in support costs

Our MFA solution minimises support-related expenses and resources with a self-sufficient service. For example, this platform eliminates the need for password reset assistance – accounting for up to 60% of support desk inquiries, costing an estimated $15-70 per call – and customer validation.

MSSP services 360-degree support

As an MSSP, we offer comprehensive end-to-end support for seamless evaluation, deployment, and ongoing assistance by:

  • Managing the enrolment and remote blacklisting of devices
  • Authenticating and digitally sign any action/transaction for security/assurance and meet modern banking standards
  • Authenticating inbound callers to support/help desks
  • Authenticating users on secondary devices such as kiosks or point-of-sales (PoS) installations
  • Enabling the rapid installation and enrolment of a mobile app initiated from the desktop
  • Combating bonus and referral fraud
Technology Minimal attack surface, no single point of failure

Our MFA solution employs advanced zero-knowledge proof of identity, ensuring a minimal trust surface and eliminating any single point of failure. Provides robust two-factor authentication, with the option of a software-only solution.

Data privacy Zero information required

Our MFA solution does not require any Personally Identifiable Information (PII) from the end user. Instead, we only need a unique identifier, which may be a hash of a mobile number, email address, or username, thereby ensuring the solution’s adaptability to various identity schemes.

 

Future-proofing Brazil’s iGaming market with advanced seamless authentication

The iGaming and online betting industry is constantly evolving, with new technologies and threats emerging regularly. Multi-factor authentication is an essential component of future-proofing betting and gaming platforms against these evolving risks. By integrating advanced authentication methods, iGaming and online sports betting operators can stay ahead of cyber threats and continuously protect their systems and players’ data.

How Continent 8 can help your business implement MFA

Continent 8 is committed to supporting businesses in the iGaming and online sports betting industry with their cybersecurity needs. Our team of experts works closely with you to design and implement tailored MFA solutions that align with your regulatory requirements and business objectives.

To learn more about Continent 8’s MFA solution, contact Luana at luana.monje@continent8.com.

Jerad Swimmer, Regional Sales Director at Continent 8 Technologies, explores the benefits of a cybersecurity checklist to safeguard your tribal gaming operations against emerging cyber threats and attacks.

Jerad

Safeguarding your business can be daunting, and you might be asking yourself ‘where do I begin?’ To address this, we have prepared a cybersecurity checklist to help you identify possible weaknesses.

First, let us set the scene with the current state of play and why you need to prioritize cybersecurity in today’s world.

Understanding the current cyber threat landscape in tribal gaming

The tribal gaming industry is a vibrant and vital part of many Native American communities, providing not only entertainment but also significant economic benefits. However, this industry is increasingly falling under the crosshairs of sophisticated cybercriminals. These bad actors aim to disrupt operations, steal sensitive patron data and extort ransom payments. The stakes are high, with the potential impact extending beyond the casino floors to tribal governments, health services and community trust.

Cyber threats in tribal gaming are diverse and evolving. For example, ransomware attacks have become more prevalent, demonstrating a devastating capacity to bring operations to a standstill. A recent notable incident involved a ransomware attack that compromised all internet servers and data, with the attackers demanding up to $500,000 to restore services. These incidents highlight the urgent need for comprehensive cybersecurity measures tailored to the unique environment of tribal casinos.

The impact of cyber attacks on tribal casinos and communities

The consequences of a cyber attack on a tribal casino can be far-reaching. Beyond the immediate financial losses and operational disruptions, there is a profound impact on the trust and confidence of the community. Patrons expect their personal and financial information to be secure, and any breach can lead to a significant erosion of trust.

Key elements of a robust cybersecurity strategy for tribal gaming

To effectively combat cyber threats, tribal casinos need to adopt a multi-faceted cybersecurity strategy. This involves not just technological solutions but also organizational practices and policies. The foundation of such a strategy includes:

How Continent 8 can help – “Assume breach. Plan resilience.”

Continent 8, supported by our dedicated cybersecurity company, C8 Secure, is a trusted partner for tribal nations and gaming enterprises. Our cybersecurity services are tailored to meet the unique needs of tribal governments, regulators and casino operators.

Our capabilities include:

We are trusted by a diverse array of tribal gaming casinos and organizations, including ShowNation, Tachi Palace Casino Resort, among others.

DOWNLOAD THE COMPREHENSIVE CYBERSECURITY CHECKLIST NOW

Don’t wait for an incident to discover whether you’re vulnerable. By taking these proactive steps, tribal casinos can fortify their defenses, ensuring uninterrupted operations and maintaining the trust of their communities.

Secure your tribal gaming operations by accessing this detailed checklist.

Cybersecurity solutions for a safer tomorrow

Continent 8 provides comprehensive, multi-layered threat prevention, detection and response solutions to secure your tribal organization’s digital assets in the face of evolving cyber threats. For more information on how Continent 8 can support your cybersecurity initiatives, email sales@continent.com or fill out our Contact Us page.

As an AWS Solution Provider, Continent 8 also offers managed services, including Managed AWS Outposts and Managed Hybrid Networking, available via the AWS Marketplace

Continent 8 Technologies, the leading provider of global cloud hosting, connectivity and cybersecurity solutions for the iGaming and online sports betting industry, announces enhanced AWS support to facilitate the deployment and management of the latest generation AWS Outposts racks, enabling secure, ultra-low-latency hybrid cloud infrastructures.

The second-generation AWS Outposts, announced at the end of April 2025, offer significant performance enhancements over their predecessors, including faster processing, higher memory capacity and increased network bandwidth for on-premises workloads. Continent 8 enables customers to capitalise on these advancements through the following offerings:

Continent 8 has extensive experience with AWS Outposts, having provided comprehensive support to operators and suppliers with the initial generation of rack platforms. Today, Continent 8 is responsible for over 90% of AWS Outposts deployments within the regulated betting and gaming industry.

Justin Cosnett, Chief Product Officer at Continent 8, stated, “Our strategic partnership with AWS, along with our deep experience with the first-generation AWS Outposts technology, enables us to provide the requisite expertise for delivering seamless AWS experiences. With the launch of the latest generation of AWS Outposts, we are well-positioned to manage the betting and gaming industry’s ‘business as usual’, day-to-day operations and IT infrastructure needs, allowing customers to swiftly benefit from the platform’s latency and performance enhancements for their most demanding gaming projects.”

Continent 8 is a Gold sponsor of the AWS Community Day Malta on 30 May and will be running a session on ‘Future-ready cloud solutions: winning in regulated markets’. Contact sales@continent8.com to arrange a meeting at the event.

In the latest chapter of our Cultiv8 Employee Series, Jordan Holmes, Vice President of Human Resources at Continent 8 Technologies, sat down with Jason Magsoy, a Network Security Engineer based out of the Philippines.

Employee Engagement

Throughout the discussion, Jason shares insights into his professional journey, outlines his current networking responsibilities at Continent 8, discusses how he embodies the company’s culture and values and previews some of his forthcoming projects.

Hi Jason! Can you tell us a little but about yourself and your role as a Network Security Engineer at Continent 8?

I began my professional career in the IT industry in the Philippines and subsequently broadened my expertise while working in Saudi Arabia. I started from the ground up, initially running cables in ceilings, and progressively advanced to securing endpoints and networks.

At Continent 8, my responsibilities include configuring security solutions such as firewalls and maintaining a secure network for both Continent 8 and its customers. We consistently ensure that network security does not create bottlenecks by providing aggregated connections and redundant solutions.

How did you come to choose a career as a Network Security Engineer?

I was introduced to cybersecurity through firewalls, Network Detection and Response (NDR) and Endpoint Detection and Response (EDR) solutions without any prior experience, and I found network security to be incredibly fascinating. It ignited my passion for protecting devices from malicious entities. Achieving clear network traffic visibility and implementing the appropriate security solutions can significantly reduce the risk of intrusion by malicious actors.

What motivated you to join the Continent 8 team? What do you enjoy most about your job?

In my previous role, I was dedicated to configuring and safeguarding a single data centre and a limited network connection. The scope was quite narrow, and I felt my professional development was stalling. This realisation drove me to broaden my expertise in networking and security, ultimately leading me to Continent 8.

At Continent 8, I was introduced to an expansive network environment, secured by robust solutions and supported by a team of experts. I find my experience here highly rewarding, largely due to the team’s professionalism, expertise and approachability. Moreover, my time at Continent 8 has been marked by substantial personal and professional growth, which has been extremely gratifying.

Can you describe some of the challenges you face in your job position? How do you also stay up to date on the latest security/cybersecurity developments?

As a Network Security Engineer, I am part of a team dedicated to ensuring maximum network uptime for both Continent 8 and its customers. This is undoubtedly a significant responsibility, but one that I fully embrace, requiring constant vigilance and a meticulous approach.

To ensure I remain current, I am pursuing certifications related to the security solutions we employ and engaging in continuous education to stay informed about new and emerging features that could support our team’s objectives. Furthermore, I subscribe to Common Vulnerabilities and Exposures (CVE) sites to monitor new vulnerabilities pertinent to our solutions and implement necessary patches.

How do you align with Continent 8’s culture and values of Active Ownership, Purposeful Creativity and/or Genuine Care?

I align myself with Continent 8’s culture and values by actively fostering an environment of collaboration, mutual support and knowledge sharing to ensure everyone’s success. This is accomplished by upholding our team’s commitments, taking full responsibility of my role and caring for the people, company and our customers.

Any final thoughts? 

Continent 8 has provided me with an incredible opportunity to pursue the work that I genuinely enjoy, providing me with a deep sense of fulfillment.

I would also like to express my sincere gratitude to the Network Security Team: Bruce Craig, Michael Freitas, Rodrigo Suzuki and Christian Temporado. Your exceptional support and leadership are truly appreciated.

Continent 8 designed, planned and executed full-service VMware-to-Nutanix migration effort, helping Sportingtech avert 42% increase in virtualisation costs.
Continent 8 Sportingtech Partnership

Continent 8 Technologies, the leading provider of global managed hosting, connectivity, cloud and cybersecurity solutions to the iGaming and online sports betting industry, is pleased to announce an expanded partnership with multi-award-winning global betting and gaming provider, Sportingtech. In a strategic collaboration to optimise its virtualisation environment, Sportingtech entrusted Continent 8 to successfully oversee and implement their VMware-to-Nutanix cloud migration initiatives.

In the wake of Broadcom’s acquisition of VMware, Sportingtech encountered an unexpected increase in costs, rising by as much as 42% due to licensing changes. This development significantly impacted the cost structure of their VMware-based virtualised enterprise private cloud architecture. To mitigate against these cost fluctuations, Sportingtech chose Continent 8, a Nutanix Authorised Service Provider and their current cloud infrastructure and cybersecurity services partner, to provide professional and managed services for a VMware-to-Nutanix migration.

Continent 8 executed a comprehensive assessment, prioritisation plan and migration journey of hundreds of virtual appliances. The significant efforts led by Continent 8, in close collaboration with Sportingtech, ensured no disruptions in operations or to users and were completed well within the originally anticipated target date. As a result, Sportingtech now benefits from a more predictable, manageable and cost-efficient virtualisation platform and environment.

Michael Jack, Chief Technology Officer at Sportingtech, said: “We are always looking for ways to enhance the solution we build for our customers and to keep costs down. Working with Continent 8, who constantly push to provide efficiencies, cost reductions and value-added expertise, made good sense to us. They continue to be a valued partner and managed to deliver the project on time with no service interruption for us or our customers, which is critical.”

Justin Cosnett, Chief Product Officer at Continent 8, said: “Continent 8 is able to use its experience with VMware, Nutanix, private and public clouds to provide professional as well as managed services to customers, enabling them to focus on core revenue-generating operations. Being able to demonstrate such a significant saving and ROI will be of interest to many enterprises in today’s market.

“It’s thanks to the experienced and highly qualified project and cloud engineering staff at Continent 8 that we were able to successfully complete this project, while earning Sportingtech’s trust to manage their critical operational infrastructure.”

Read the full Sportingtech virutalisation migration case study here.

Craig Lusher from our Secure team provides a comprehensive analysis of the latest Distributed Denial of Service (DDoS) statistics from the first quarter of the year and their implications for cybersecurity trends.

Executive summary

The first quarter of 2025 has revealed significant changes in the DDoS threat landscape, characterised by a substantial increase in attack frequency, the emergence of ‘carpet bombing’ techniques and growing trends targeting the iGaming sector. With attack methodologies evolving and becoming more sophisticated, this report provides critical insights for cybersecurity planning and threat mitigation.

Overview of 1Q 2025

The first quarter of 2025 has shown a noticeable increase in DDoS attack activity, with 161 attacks recorded. This represents a rise from 4Q 2024’s 138 attacks and a dramatic increase from 1Q 2024’s 58 attacks. The most active month was February, which continues to show vulnerability during winter months.

Attack intensity and scale

1Q 2025 showed the following patterns in attack intensity:

While individual attack sizes appear smaller compared to historical peaks (2Q 2023’s 560.6 Gbps), this represents a strategic shift rather than reduced threat capability. Intelligence indicates that attackers now possess capabilities exceeding 500 Gbps but are employing more targeted and distributed approaches that can bypass traditional detection mechanisms.

Industry targeting analysis

1Q 2025 has shown a marked increase in attacks specifically targeting the online gambling and casino sector, with intelligence indicating a 400% rise in attacks against these entities since February. This industry-specific targeting represents a prominent trend that requires specialised attention and defence mechanisms.

Customer report analysis

Key statistics for 1Q 2025:

On 26 February, a carpet-bombing incident targeted 53 networks within a short 6-minute window (03:41-03:47 UTC). While this attack peaked at 150 Gbps with 120 Mpps, its distributed nature allows it to circumvent traditional defence systems, potentially resulting in a significant customer impact.

Quarterly comparison and trends

Comparing 1Q 2025 with recent quarters reveals several trends:

  1. Attack volume escalation

This shows a clear trend of increasing attack volumes over the past three quarters, with a 372% increase from 3Q 2024 to 1Q 2025.

  1. Attack methodology evolution

While individual attack volume metrics appear to show decreasing intensity, this is misleading as attacks are now distributed across multiple targets simultaneously, making traditional detection mechanisms less effective.

  1. Customer report patterns

The number of affected customers has increased dramatically in 1Q 2025, indicating a broader targeting strategy. Of particular note is the observed ‘spray’ technique that targets entire network Classless Inter-Domain Routing (CIDR) blocks rather than individual IPs, affecting multiple customers simultaneously.

  1. Emerging threat: DDoS carpet bombing

1Q 2025 has seen the emergence of carpet bombing or spray attacks that distribute traffic across multiple hosts within targeted IP ranges. These attacks:

Year-over-year analysis

Comparing 1Q 2025 to 1Q 2024 shows significant changes in the threat landscape:

Data breach correlation analysis

Intelligence indicates a notable correlation between DDoS attacks and subsequent data breaches in the iGaming sector. 1Q 2025 has seen examples of multiple organisations experiencing what appears to be a new attack pattern:

  1. Initial DDoS attacks serving as diversionary tactics
  2. Followed by sophisticated data exfiltration operations
  3. Resulting in large-scale data leaks (reaching hundreds of gigabytes)

Unlike traditional ransomware operations, these attacks show no ransom demands prior to data release, indicating a potential shift in threat actor motivations from financial gain to maximum disruption or competitive advantage.

Implications and insights

  1. Attack methodology evolution

The transition to carpet-bombing techniques represents a significant evolution in DDoS tactics. These attacks distribute traffic across multiple targets within a network range, using traffic volumes per target that stay below conventional detection thresholds.

  1. Industry targeting

Intelligence indicates a targeted campaign against the iGaming sector, with a 400% increase in attacks since February 2025.

  1. Attack duration and reconnaissance

The average attack duration has increased dramatically to 4.3 hours, with the longest attack lasting 54 hours. Short, intense attacks (3-6 minutes) are now frequently observed as reconnaissance to test defence capabilities before launching larger campaigns.

Emerging AI-enhanced threats

Intelligence suggests a rising trend of AI technology adoption by threat actors. Self-hosted AI tools are enabling more sophisticated and unpredictable attack patterns that traditional defence mechanisms struggle to detect. These AI-enhanced attacks show several characteristics:

  1. Dynamic adaptation to defence mechanisms
  2. Improved ability to bypass detection thresholds
  3. More convincing social engineering components in blended attacks
  4. Enhanced coordination between DDoS attacks and subsequent breach attempts

Recommended defence strategies

Based on 1Q 2025 attack patterns, particularly the emergence of carpet-bombing techniques, the following defence strategies are recommended:

  1. Dynamic threshold configuration

  2. Advanced rate limiting

  3. Enhanced monitoring

  4. Automated response

Looking ahead

The increase in attack volumes and sophistication in 1Q 2025 indicates a significant evolution in the threat landscape. Organisations should prepare for:

  1. Continued sophisticated carpet-bombing attacks targeting multiple hosts simultaneously
  2. Increased targeting of online gambling and casino operations
  3. Short ‘test’ attacks followed by larger, more sustained campaigns
  4. Blended attacks where DDoS serves as a distraction for data breach attempts

The 26 February incident, which affected 53 networks within a 6-minute window, demonstrates the effectiveness of these new attack methodologies and highlights the need for enhanced detection and mitigation capabilities.

Continent 8’s DDoS mitigation solution

Our best-in-class DDoS solution continues to evolve and in recent months we have amplified our scrubbing capacity to 5+ Tbps, as well as increased our scrubbing centres geographically deployed across multiple continents. Locations include Los Angeles, Chicago, New York, Miami, London, Amsterdam, Frankfurt, Singapore, Hong Kong and Sao Paulo.

Key features of our mitigation solution:

DDoS protection should also form part of a wider, multi-layered approach to cybersecurity. A 360-degree, end-to-end protection strategy should include DDoS mitigation solution as well as WAF/WAAP protectionMDR/EDR servicesSIEM and SOC resourcesVAPT assessmentsbackup solutions, and mobile devicephishing defence and MFA services.

This is the only way to have multiple protections in place for each attack type and to ensure the greatest level of resilience.

To learn more about how Continent 8 can help protect your organisation, contact a member of the team via sales@continent8.com or our Contact Us form.

Global games developer deploys Continent 8’s Compliance Audit, Vulnerability Assessment and Penetration Testing (VAPT) and Vulnerability Scan (V-Scan) services to swiftly meet multi-state regulatory compliance requirements.

Continent 8 Rising Digital Partnership

Continent 8 Technologies, the leading provider of global managed hosting, connectivity, cloud and cybersecurity solutions to the iGaming and online sports betting industry, is pleased to announce an expanded partnership with global leading Asian game developer, Rising Digital Corporation. Through this enhanced collaboration, Rising Digital has selected Continent 8 as its dedicated cybersecurity services provider.

Rising Digital, a current infrastructure partner leveraging Continent 8’s cloud solution for high-performance connectivity, high availability and uninterrupted uptime of gaming platforms, has established a strategic alliance with Continent 8 to enhance its cybersecurity program and standards. This initiative allows Rising Digital to utilize Continent 8’s complete suite of regulatory cybersecurity services, ensuring full compliance within each US state it operates in.

Rising Digital has successfully launched its cybersecurity program across multiple states, including Connecticut, Delaware, Michigan, New Jersey, Pennsylvania and West Virginia, as well as the Canadian province of Ontario, to comply with the specific regulatory requirements of each jurisdiction. In collaboration with Continent 8 and its cybersecurity specialist division, C8 Secure, Rising Digital has successfully completed a Compliance Audit and Vulnerability Assessment and Penetration Testing (VAPT) and Vulnerability Scan (V-Scan) services. These comprehensive regulatory cybersecurity services ensure compliance with local regulatory standards and identify potential vulnerabilities, providing actionable insights to strengthen the organization’s overall cybersecurity posture.

Aimin Cong, CEO of Rising Digital, said: “We are delighted to formalize our relationship with Continent 8 for our growing iGaming operations business. With the utmost importance being placed upon compliance, performance and security, we believe Continent 8 is an excellent infrastructure and cybersecurity services partner.”

Patrick Gardner, Chief Security Officer at Continent 8, said: “We are honored that Rising Digital has placed its trust in Continent 8 as its infrastructure and cybersecurity partner as they expand their operations across the United States.

“At Continent 8, we pride ourselves as being a one-stop-shop provider of infrastructure, cloud, regulatory and cybersecurity solutions. Our services enable iGaming companies like Rising Digital to swiftly meet multi-state regulatory requirements, safeguarding their operations while providing peace of mind.  We stand committed to setting the highest standards and value for cybersecurity and compliance services within the ever-growing iGaming and online sports betting sector.”

Continent 8 will be at SBC Summit Americas, from May 13-15 at Booth D750. Schedule a show meeting to learn more about the best practices and strategies for your organization’s regulatory cybersecurity requirements.

 

Tachi-Yokut Tribe of Santa Rosa Rancheria-owned and operated casino now equipped with world-leading 24/7/365 monitoring, proactive threat prevention and rapid response capabilities to safeguard its tribal gaming operations

Continent 8 Technologies, the leading provider of managed hosting, connectivity, cloud and cybersecurity solutions for the tribal gaming industry, is pleased to announce a new cybersecurity agreement with Tachi Palace Casino Resort to oversee and optimize their Security Operations Center (SOC) and Security Incident and Event Management (SIEM) cybersecurity operations.

In collaboration with Continent 8 and its cybersecurity division, C8 Secure, Tachi Palace Casino Resort will implement their managed SOC and SIEM services. The customer will gain instant access to a comprehensive SOC and SIEM solution featuring round-the-clock monitoring, sophisticated threat detection to pinpoint anomalies and potential risks, integrated threat intelligence to anticipate evolving threats and an advanced SIEM architecture designed for high-performance analytics and streamlined incident management.

Patrick Gardner, Chief Security Officer at Continent 8 said: “We are honored that Tachi Palace Casino Resort selected Continent 8 through a rigorous selection process as their trusted Managed Security Operations Center partner. As a leading Managed Security Services Provider (MSSP) specializing in the gaming industry, we have deep insight into the unique cybersecurity threats and vulnerabilities facing our customers today. Tachi Palace Casino Resort’s proactive commitment to safeguarding their infrastructure demonstrates exceptional leadership and a clear understanding that robust, continuous security is vital for protecting their customers, data and gaming operations.”

Jerad Swimmer, Regional Sales Director at Continent 8 added: “It’s inspiring to see an increasing number of tribal gaming and casino organizations such as Tachi Palace Casino Resort making cybersecurity a core component of their strategic initiatives and organizational culture.

“We are delighted to support Tachi Palace Casino Resort as their trusted MSSP, ensuring a secure and strategic cybersecurity journey.”

David Clark, Information System Director at Tachi Palace Casino Resort said: “I am looking forward to our new partnership with Continent 8 and what the future brings for us.”

Join Continent 8 at the SBC Summit Americas from May 13-15 at Booth D750. Book a meeting to explore top cybersecurity practices and strategies tailored for the tribal gaming community.

Continent 8 Technologies’ Regional Sales Director, Jerad Swimmer, and Principal Solutions Architect, Anthony Engel, recently attended the Indian Gaming Convention and Tradeshow (IGA) in San Diego, California.

At the event, they were showcasing Continent 8’s multi-layered cybersecurity solutions designed to support tribal casinos and their cybersecurity programs.

Tribal Gaming- IGA

Anthony and Jerad at Indian Gaming Convention and Tradeshow 2025. 

Here, Jerad and Anthony share their key takeaways from the show.

What were your impressions of IGA 2025?

Anthony Engel (AE): Attending my first IGA event was an eye-opener; the scale of the venue and the number of attendees far exceeded my expectations. There was a lot of foot traffic, great content and engaging panel sessions. Overall, I was thoroughly impressed with the show.  

Jerad Swimmer (JS): I’ve been going to this show for about 20-25 years, and it gets bigger and better every year. The event attracts the right mix of attendees, including tribal leaders, executives, GMs, CIOs, CEOs, CFOs, as well as vendors, manufacturers, lawyers and gaming commissions – essentially everyone involved in tribal gaming. It’s undoubtedly a must-attend event, and it’s always a privilege to be part of it.

Continent 8 had a booth at the show. What were the most common trends or themes from the event?

AE: Cybersecurity remains a primary focus for most attendees. Similar to the TribalHub Cybersecurity Summit (see the show’s top takeaways blog here), participants were interested not only in Vulnerability Assessment and Penetration Testing (VAPT) but also in more advanced cybersecurity services. These included managed Security Operations Centers (MSOC) and Security Incident and Event Management (SIEM), Endpoint and Managed Detection and Response (EDR & MDR) and mobile threat prevention solutions. We actually had several customers visit our booth throughout the event, sharing their experiences with our cybersecurity services, which provided valuable real-world insights that were well received by attendees.

JS: From an engagement perspective, we noticed that attendees were more interactive, not just with Continent 8 but also with each other at our booth. It was rewarding to witness the exchange of ideas, lessons learned and future outlooks. We frequently hosted impromptu group discussions on the most pressing cybersecurity threats and the best strategies and approaches to address them.

Jerad, you were part of a panel session, titled, “Creating and maintaining a healthy culture in a new era of cybersecurity.” How did that session go?

JS: The session was well attended and highly interactive. While there were tribal leaders and operators present, the majority of attendees were directors, executive directors and IT decision-makers from tribal gaming commissions. They were keen on gathering best practices and insights on how best to implement a cybersecurity culture within their own operations and tribal governments.

A special thank you to Emra Arkansas Executive Director of the Cherokee Nation Tribal Gaming Commission, Jason Nichols, Executive Director of the Forest County Potawatomi Gaming Commission and Scott Riley, Executive Director of the Pueblo of Tesuque Gaming Commission, for making the panel session possible.

Indian Gaming Tradeshow & Convention

Jerad alongside Emra Arkansas, Jason Nichols and Scott Riley ahead of their cybersecurity panel session.

What are some things that we should keep an eye on in the future? Do you have any final thoughts?

AE: As cyber threats continue to evolve, tribal gaming organizations must, as highlighted in Jerad’s panel session, foster a culture of cybersecurity to protect their casino and land-based operations. This ensures that all employees are working towards the same goals when it comes to cybersecurity.

For final thoughts on the IGA event, it was a fantastic experience, and I look forward to attending the event next year. It’s always a pleasure to reconnect with familiar faces and engage with those seeking Continent 8’s guidance for specific challenges or exploring our holistic cybersecurity approach.

JS: It will be interesting to observe how iGaming and online sports betting approvals progress within the tribal gaming community. Cybersecurity is also critical in these applications, and Continent 8 offers a multi-layered approach that ensures robust protection across the entire IT infrastructure, so we’re prepared to offer support across these areas as well.

Once again, we wanted to extend our gratitude to everyone who visited our booth or attended the panel session. If you missed the event and have specific challenges or need information on enhancing your cybersecurity posture, we encourage you to reach out to us anytime.

We look forward to reconnecting with everyone at IGA 2026!

Cybersecurity solutions for a safer tomorrow

Continent 8 provides comprehensive, multi-layered threat prevention, detection and response solutions to secure your tribal organization’s digital assets in the face of evolving cyber threats. For more information on how Continent 8 can support your cybersecurity initiatives, email sales@continent.com or fill out our Contact Us page.

Also, be sure to watch the latest episode in our Tribal Talks: Cybersecurity Unlocked podcast series. Each episode delves into new stories, insights gained, best practices and key developments that are shaping the future of tribal casino gaming and cybersecurity.

Watch Tribal Talks: Cybersecurity Unlocked podcast series

Let's work together.

GET IN TOUCH

Asia +65 3165 4649
Europe +44 1624 694625
Latin America +54 11 5168 5637
North America +1 514 461 5120