Craig Lusher, Senior Product Specialist – Secure at Continent 8 Technologies discusses the longest sustained attack that Continent 8 has ever seen.
Here at Continent 8, all we want for Christmas is… a peaceful night’s sleep!
Major sporting events and holidays such as the festive season, mean only one thing for us, DDoS attacks, and lots of them! Attacks of all shapes and sizes are on the rise and Christmas 2022 was no different. With the 2022 World Cup final and Christmas period coinciding, we were in for the perfect storm.
The few days preceding the World Cup Final held on December 18th, Continent 8 was alerted to the fact that several of our customers received DDoS ransom notes. At this point we knew we were going to be in for a difficult period, but little did we know what an historic, record-breaking event this would be.
We geared up our systems and engineers and prepared for the inevitable attacks. Sure enough, we saw a wave of attacks hit on the day of the Final, including attacks against our own network monitoring system. The team quickly realised that this wave of attacks was not just against targeted customers, but a ‘carpet bomb’ attack. The term ‘carpet bomb’ refers to the idea of saturating the entire target IP range with traffic in a manner that is akin to the way a carpet bomber would saturate an entire area with bombs. Rather than targeting single IP address, this type of attack targets a whole network or IP range.
Needing to take decisive action, we put an entire /19 and 3x /21 networks into DDoS mitigation as the breadth of the attack was so vast. The historic carpet bomb campaign of attacks, one of the largest EVER on the Internet, lasted for an incredible nine days against 145 different customers. There was a total of over 5,500 individual attacks and 300 services targeted.
With a cumulated total of over 7,000 hours of mitigation in just nine days (which equates to a consistent average of 33 simultaneous attacks mitigations), the attack hit 38 global Continent 8 data centre locations out of the 90+ locations we have. The breadth and duration of this sustained attack has never been witnessed at Continent 8, or even on the Internet ever before!
To put this into perspective, during a normal month at Continent 8 we ingest about 2PB (Petabytes) of data globally into our network. During this DDoS attack, we ingested 10PB – so 5x the normal amount. So assuming we ingested 2PB of legitimate traffic, 8PB was DDoS traffic.
To provide an idea of scale, global tier 1 DDoS mitigation provider Radware recently released their ‘2022-202 Global Threat Analysis Report’. In that report they state that the total mitigated DDoS attack volume over the entirety of 2022 was “4.44PB, up 32% over 2021”. This yearly figure is only half of what we mitigated in just 9 days!
Fig. 1: December DDoS Attacks – Number of Attacks
Why Carpet Bomb the online gaming industry over Christmas and sporting events?
The gaming industry is becoming an increased target: During a DDoS attack, attackers use a botnet to flood the target sites with a massive volume of traffic, making it impossible for users to access the sites and place bets. In addition to targeting the sportsbooks and betting sites directly, attackers also target related services, such as payment processing systems or data providers, which are critical to the functioning of the sites. By targeting multiple targets simultaneously, the attacker can create widespread disruption and cause significant financial losses for the affected organisations.
Seasonal spikes in traffic: Online sports betting businesses may experience seasonal spikes in traffic around major sporting events, as people place more bets and attackers can cause most destruction. Attackers target at this time to take advantage of the increased legitimate traffic and an IT teams’ distraction to disrupt the website or application.
Rival sports betting businesses: It’s possible that rival online book makers may launch DDoS attacks against their competitors during a major sporting event in an attempt to disrupt their operations, gain an advantage and win a rival’s customer.
The consequences of an attack
DDoS attacks can have serious consequences for iGaming and sports betting businesses and their customers. For the businesses, DDoS attacks can result in significant financial losses, damage to reputation, and loss of customers. For customers or players, DDoS attacks can prevent them from placing bets, accessing their accounts, and receiving pay-outs. DDoS attacks have also been used in Credential Stuffing exercises to gain access to a customer’s account and syphon funds or personal data.
An important point to make is that major DDoS attacks against sportsbook sites can be used to manipulate the odds or outcome of a sporting event by denying users access to a particular site or by flooding a site with fake bets or data, causing the site to adjust its odds or outcome accordingly. This can create an unfair advantage for the attacker or their associates and can result in significant financial gains at the expense of the affected sportsbooks and betting sites.
How to prepare for an attack
To mitigate the risks associated with DDoS attacks, sports betting companies should invest in robust cybersecurity measures, including DDoS protection services, to help detect and mitigate attacks. They should also establish incident response plans to quickly respond to attacks and minimise the impact on operations and customers.
- Have a DDoS mitigation plan in place: It’s important to have a comprehensive DDoS mitigation plan in place, which includes both proactive and reactive measures. This plan should include regular testing and updates to specific DDoS profiling to ensure it is up-to-date and effective.
- Monitor traffic closely: Businesses should monitor their network traffic closely to detect any unusual patterns or traffic spikes that may indicate a DDoS attack. This monitoring should be conducted both in-house and through the use of Continent 8’s DDoS mitigation solution.
- Implement traffic filtering: Traffic filtering can help to block malicious traffic before it reaches the company’s servers. This can be done through the use of Web Application Firewalls and other filtering technologies.
- Use a content delivery network (CDN): A CDN can help to distribute traffic across multiple servers, making it more difficult for attackers to overwhelm a single server with a DDoS attack.
- Have a disaster recovery plan: In the event of a successful DDoS attack, it’s important to have a disaster recovery plan in place to minimise downtime and ensure business continuity. This plan should include backup servers and data recovery procedures.
In conclusion, cybercriminals are becoming more sophisticated in their attacks, using advanced techniques and tools to carry out DDoS attacks. This trend is expected to continue, with attackers constantly evolving their tactics to stay ahead of security measures. Cybercriminals will continue to continue target major sporting events, such as the Super Bowl or World Cup, as they provide a high-profile target with the potential for significant financial gain.
As more sports betting companies move their operations to the Cloud, which can provide benefits in terms of scalability and flexibility, this also increases the risk of DDoS attacks, as attackers can target Cloud service providers and disrupt operations for multiple businesses at once.
Sports betting companies face a significant threat from DDoS attacks, particularly during peak times. By implementing a comprehensive DDoS mitigation plan, including the use of a DDoS mitigation solution, monitoring traffic closely, implementing traffic filtering, using a CDN, having a disaster recovery plan, sports betting companies can defend themselves against DDoS attacks and ensure business continuity.
Having launched a DDoS solution back in 2014 tailored to the iGaming industry, Continent 8 is on hand to support your business. Reach out via firstname.lastname@example.org to learn more.