Continent 8 Technologies has experienced significant growth in recent years, with a global private network now featuring over 100 data centre locations.
In the latest edition of the Cultiv8 Employee Series, Leslie Eisener, SVP of Supply Chain and Logistics, spoke with Jordan Holmes, Director of Talent Operations, about the exciting challenges of managing a growing network, the fundamental role her team plays on the broader company operations, current and upcoming initiatives, and much more.
This is a fairly new role at Continent 8, and its creation came off the back of consistent growth, bringing the business to a point where it needed to build a solid foundation for a supply chain that didn’t previously exist. That we have had to establish a supply chain function to match the pace of growth we are experiencing and to provide a platform for the future is a testament to the success Continent 8 has enjoyed in recent years, especially with the opening of North America, and the trajectory it is set to follow.
Our supply chain needs are similar to other services companies and include procurement, logistics, vendor management and inventory, as well as aspects of planning. With more than 100 data centre sites across four continents, we have inventory and assets that need to be purchased, shipped, tracked and stored in locations around the world, so my focus is to build a robust supply chain by engaging the right people, building or enhancing processes and deploying the necessary tools to support our goals.
I’ve been really fortunate to hold roles in the supply chain and digital technology spaces over the past 30 years. The first part of my career was spent in the high-tech industry as a systems administrator before progressing to data centre management. I then did an MBA, which allowed me to change direction and pursue a career in supply chain. This combination of experience with hardware/software and supply chain makes this role at Continent 8 the perfect fit for me.
The supply chain challenges faced by a technology company can be unique. I have experienced first-hand shortages like semiconductors during the pandemic and the impact that had, so I understand how even the smallest issue can significantly impact the supply chain but, more importantly, what needs to be done to ensure it’s business as usual.
The provisioning of secure data center hosting solutions to the iGaming industry is intriguing, exciting and new to me, so the opportunity to join a thriving global business and build something from scratch within the sector was one that I couldn’t turn down. Continent 8’s growing need for a supply chain solution and the chance to devise and deploy a solution to meet this demand presents a challenge that I know my experience will allow me to meet head-on and avoid the pitfalls I’ve seen companies fall into during my previous roles. Building something first-hand is always tough but I do love the challenge it brings.
So, approximately half of my team is new to the business, but the other half has invaluable experience that has fostered a nice blend of new eyes and energy mixed with wisdom and experience, and an understanding of Continent 8’s cultures and values. The team has had to embrace a great deal of change over the past year as we challenge the status quo, and they have done so enthusiastically. Everyone rolls up their sleeves and takes ownership to get things done while building better processes to work smarter and not just harder. This means taking an honest look at existing processes originally put in place when the company was smaller and then applying purposeful creativity to find better ways of doing things. We’ve spent many hours in whiteboarding sessions to develop new processes and streamline existing ones, but by doing this, we know that as we grow, we can continue to take active ownership of things we previously did not have the bandwidth or proper infrastructure to manage.
The supply chain is integral to the execution of our operations and the solutions and services we provide to our customers. We need to be able to find and onboard the best suppliers and ensure that products and services are flowing efficiently across our organisation in the most cost-effective way. As we continue to grow at speed, we must build strong partnerships with the suppliers that facilitate this growth while safeguarding against risks – of which there are many. With more than 100 data centres worldwide and counting, our logistics team has become a core and critical component in delivering the award-winning solutions we provide to operators and suppliers.
When I first joined Continent 8, the supply chain function consisted of a small but hard-working procurement team while logistics and inventory responsibilities were dispersed throughout the company. Relationships with our strategic suppliers fell mostly outside of that team, leaving the tactical purchasing work to be handled by procurement. Since joining, I have focused on several key areas while still trying to control the rate of change so that it’s manageable and achievable.
Some of these include building out a talented team of specialists, streamlining processes, implementing an inventory management system, and augmenting strategic relationships with our top suppliers by creating senior vendor manager roles.
This will be key to our success. Everything in the supply chain is new or changing, and this is why we need to gain buy-in from all stakeholders. To do this, we need to over-communicate these changes. If we can demonstrate the value of the changes we are making, we will have less resistance – and change always brings about plenty of this. The supply chain can add a lot of value to an organisation so long as it’s deployed and managed in an inclusive and collaborative environment. Luckily for me, the leadership team at Continent 8 is very open to change and has offered a great deal of support through the process – I regularly meet with members of the senior management team and have taken opportunities to present at meetings to show how the investment in the supply chain is evolving and the tremendous value it is bringing.
Join Craig Lusher from our Secure team as he takes a deep dive in the latest DDoS stat from the first quarter of the year
It’s been a quiet start to the year in terms of the number of DDoS attacks being launched against Continent 8 customers. In the first three months of 2024, we recorded just 58 attacks across 14 customers compared to the 184 recorded during the same period in 2023.
The year started with 17 attacks recorded in January, almost doubling to 30 in February before dropping back down to 15 in March – this compares with 116, 34 and 34 in January, February and March 2023 respectively.
The fluctuation in attack numbers over the first three months of the year suggests varying attack campaigns targeting different customers. Interestingly, the highest number of attacks were launched against customers based in Kahnawake.
The intensity of attacks was far less ferocious than in previous quarters where we registered attacks over 1Tbps – in 1Q24 it was a far more manageable 3Gbps. Throughout the quarter, the average size of attack was <1Gbps which is a record low for Continent 8 in recent years.
While the size of attacks is on the low side, the disparity between the largest and the average is significant and suggests that while most attacks were smaller there were some outliers (including the 3Gbps attack) that increased the average in February and March.
Of the customers attacked over the first three months of the year, one customer was subject to 25 attacks making it the most targeted. This indicates that specific customer was victim to a persistent targeted attack, which is why we recommend organisations deploy our DDoS Mitigation Service.
It also highlights that some organisations are at greater risk than others and may require additional protective measures depending on the products and services they offer and the markets they are active in.
While the scale of attacks was moderate by global standards, their frequency and duration are cause for concern. That total attack duration for Q1 amounted to 36.6 hours, with the longest attack lasting a total of 2.1 hours resulting in an average attack length of 38 minutes for the quarter.
Such durations can strain resources for unprotected customers and potentially lead to significant disruptions if critical systems or services are targeted.
Despite a drop in the number of DDoS attacks on our customers in the iGaming and sports betting industry, the need for DDoS protection is still paramount, especially for customers who are more susceptible and vulnerable to attack. This is certainly the case as we move toward a summer of major sports events including the Olympics and UEFA Euro 2024.
DDoS protection should form part of a wider, multi-layered approach to cybersecurity that also includes WAF/WAAP protection, backup solutions, MDR/EDR services, VAPT assessments, mobile device and phishing defence as well as SIEM and SOC resources.
This is the only way to have multiple protections in place for each attack type, including DDoS, and to ensure the greatest level of resilience.
Of course, our data and analysis should also be used to inform cybersecurity strategies moving forward and for resource allocation for DDoS mitigation efforts.
Our DDoS solution continues to evolve and in recent months we have amplified our scrubbing capacity to 2.5+Tbps, as well as increased our scrubbing centres geographically deployed across multiple continents. Locations include Los Angeles, Chicago, New York, Miami, London, Amsterdam, Frankfurt, Singapore, Hong Kong and Sao Paulo.
Key features of our mitigation solution:
To learn more about how Continent 8 can help defend your organisation against DDoS attacks, contact a member of the team via sales@continent8.com or fill out the form on our Contact Us page
In today’s business landscape, accepting credit cards is crucial for competitiveness. This is especially true in sectors like online gambling.
Increasing incidents of credit card fraud, identity theft and data breaches have pushed businesses to employ a secure environment for card transactions. Failure to protect this sensitive information can result in a loss of trust from customers towards both merchants and financial institutions.
As a bridge to ensuring this trust and security, adherence to the Payment Card Industry (PCI) standards becomes essential. Every credit card transaction processed by your business needs the protection these standards offer. For online gambling businesses, where transaction volume and frequency are notably high, this compliance is even more crucial.
However, irrespective of the size of your online gambling business, all businesses, from start-ups to large corporations, must comply. This ensures the security of your customers’ cardholder information and maintains your standing as a trustworthy organization in the online gambling space.
PCI compliance is a set of security standards designed to protect card transactions against data theft and fraud. It is established by the PCI Security Standards Council (PCI SSC). The standards are comprehensive, covering a wide range of security measures to ensure the safe handling of sensitive data.
Significant revisions and updates have been made to the PCI Data Security Standard (PCI DSS) in its version 4.0, released in the first quarter of 2022.
In January 2022, a draft preview of the standard was provided to Participating Organizations, Qualified Security Assessors (QSAs) and Approved Scanning Vendors (ASVs). The council then released the final versions of the standard, which included validation documents and the initial phase of standard translations, for March 2022.
Notably, PCI DSS v3.2.1 will remain in effect until March 31, 2024. This transition period of two years allows organizations time to adapt and implement the new standards. After this period, PCI DSS v3.2.1 will be retired and v4.0 will become the exclusive active version of the standard.
PCI DSS 4.0 introduced a variety of updates since its inception. Key points among these updates are:
Under PCI 4.0, the role of Web Application Firewalls (WAF) in securing online platforms is more pronounced. A WAF is a security system that monitors, filters and blocks potentially harmful traffic to and from a web application. It acts as a gatekeeper, ensuring that only safe traffic reaches the application, which is crucial for online gambling sites handling sensitive user data.
A WAF is particularly effective in protecting against common web attacks. These include SQL injection, cross-site scripting and other vulnerabilities that can be exploited to gain unauthorized access to data.
The PCI DSS outlines specific criteria regarding WAFs to bolster online security. One of those criteria is Requirement 6.4.2, which necessitates the deployment of an automated tool dedicated to continuously detecting and thwarting web-based attacks targeting web applications. This is a significant enhancement from the previous requirement that only called for periodic vulnerability scans of web applications.
Another critical aspect is Requirement 6.6, which stipulates that all web-facing applications must be shielded from known threats. This can be achieved through several methods. One option is to conduct a thorough analysis of all custom application codes for common vulnerabilities, undertaken either by the organization itself or by an external expert specializing in application security.
Alternatively, organizations can install an application-layer firewall as a frontline defence for their web-facing applications. The use of automated source code review tools, along with both automated and manual web vulnerability assessment tools, is also a viable approach.
When opting for a WAF, ensure that it is configured correctly to provide effective protection. However, it’s crucial to note that merely employing a WAF is not sufficient to fulfill the entire spectrum of PCI DSS’s web application security requirements. Comprehensive strategies encompassing multiple layers of security measures are necessary to fully adhere to these standards.
Understanding and adhering to the intricate requirements of PCI compliance might seem daunting, but don’t worry, we’ve got you covered.
For businesses in the online gambling sector, it’s essential to evaluate your current security measures critically. Are your web-facing applications adequately protected against potential threats? If the answer is anything but a “yes,” you should start planning to get it done.
Planning ahead is vital to ensure that your business not only complies with PCI requirements but is also fortified against a broad spectrum of cyber threats. By taking proactive steps now, you can secure your operations and maintain the trust of your customers in this rapidly evolving digital landscape.
This is where C8 Secure steps in. We offer comprehensive Web Application and API Protection (WAAP) solutions tailored to the unique needs of online gambling enterprises. Our services are designed to provide robust security layers, encompassing everything from automated vulnerability assessments to advanced application-layer firewalls. By leveraging these solutions, you can safeguard your web applications against both known and emerging threats.
Our WAAP solutions represent a proactive approach to online security that aligns with the stringent standards set by the PCI and beyond.
To support operators ensure they are PCI compliant, Continent 8 is offering 3 months FREE WAAP services for the first 50 customers to sign up to a 15-month contract*.
Learn more here: Waap solution for PCI compliance
*T&Cs apply. Limited-time offer; subject to change. First 3 months free, when signing up to a 15 month contract.
Super Bowl LVIII between the San Francisco 49ers and the Kansas City Chiefs on 11 February 2024 at the Allegiant Stadium was the first Super Bowl to be held in the state of Nevada, and the second ever to be decided in overtime. The event boasted record views of around 124 million (up from 113 million last year), with watchers enjoying the longest Super Bowl in history!
It was also a record-breaking 2024 in gambling terms, with an estimated 68 million US adults betting $23.1 billion, compared to last year’s 50.4 million US adults and $16 billion in bets, and a reported 11% increase in wagers across UK & Europe as NFL popularity grows outside the US.
This year also saw at least one $1m bet and a six-figure wager on the coin flip (it landed on tails BTW).
If we look at a few operators, FanDuel reported record $14 million bets on the Super Bowl with a total handle of $307 million, Entain reported 74% YoY increase in quantity of bets in the UK alone, and in Nevada itself, the Gaming Control Board reported a record breaking $185.6m wagered across 182 sportsbooks.
As the largest network, infrastructure and security supplier to the US and global market, Continent 8 can report its stats for Super Bowl LVIII:
Continent 8 is no stranger to supporting high-traffic sporting contests. Whether it is annually for the Grand National or Cheltenham horse racing events in the UK and Ireland, the UEFA Champions League across Europe, March Madness in the US, or every four years for the UEFA Euro finals or FIFA World Cup, we know what it takes to ensure platform uptime.
As the infrastructure and hosting solution partner of choice to iGaming and sports betting operators and suppliers, live in 30 US states, and supporting 85% of operators on the 2023 EGR US Power Rankings, we have in place the solutions and support systems that ultimately give operators the confidence they need to maximize the acquisition and retention opportunities these events present.
As standard for identified special sporting events, we:
In addition to this:
What’s key throughout is ensuring our customers are aware of all activity with notifications regularly sent such as internet and MPLS data, as well as average and maximum traffic in and out.
The Super Bowl is a huge event for sportsbooks, particularly now that the US has opened up online gambling in more than 30 states.
And after a very short amount of breathing space, we prepare for March Madness in the same vein!
Our expansion in the US began with a state-of-the-art data centre in Atlantic City, enabling customers to take advantage of the sports betting market opportunities in New Jersey, while gaining immediate access to the Continent 8 global network. Today we are live in 30 US states, with several new states in the pipeline. What’s more, we have secondary sites in several key US states, providing true disaster recovery capabilities.
We have an aggressive strategy to ensure we are the first iGaming hosting provider in state, enabling our customers to capitalise on the fast-growing and competitive US iGaming and sports betting market.
We have vast regulatory experience with strong regulator relationships across states, ensuring a complaint gaming solution for each.
We are a global team with a local presence – we ensure we have a team on the ground in the US to help you expand.
Learn more about our trusted solutions in the USA here or contact the team via sales@continent8.com
Sources: ESPN, EGR
Craig Lusher, Product Principal [Secure Solutions], discusses the recently uncovered iOS Trojan designed to steal users’ facial recognition data, identify documents, and intercept SMS.
In an era where digital threats are increasingly sophisticated, the discovery of the GoldFactory iOS Trojan, as reported by Group-IB, underscores a critical challenge for businesses and individuals alike. This advanced iOS Trojan, designed to infiltrate iPhones through malicious applications, represents a significant escalation in the cyber threat landscape, particularly for users who assume iOS devices are immune to such risks.
The Trojan, named GoldFactory, exploits a method that bypasses Apple’s stringent app review process, enabling cybercriminals to distribute their malicious software via seemingly benign applications. Once installed, GoldFactory can execute a range of malicious activities, from stealing sensitive facial biometric information to executing phishing attacks, posing a substantial risk to data security and privacy.
Continent 8’s response with Mobile ProtectIn response to evolving mobile threats like GoldFactory, Continent 8 Technologies’ Mobile Protect service stands as a defence against mobile cyber threats. Our solution is designed to safeguard iOS and Android devices against a wide spectrum of cyber attacks, including sophisticated Trojans, malware, and phishing schemes.
Mobile Protect leverages cutting-edge technology to provide real-time threat detection and response, ensuring that even the most advanced Trojans, such as GoldFactory, are identified and neutralised before they can inflict harm. The service employs a multi-layered security approach, combining endpoint protection with continuous monitoring and threat intelligence, to offer comprehensive protection for mobile devices.
The advent of Trojans like GoldFactory presents significant business challenges, from the risk of data breaches and financial loss to reputational damage. Continent 8’s Mobile Protect service directly addresses these challenges by:
The detection of the GoldFactory iOS Trojan serves as a stark reminder of the evolving cyber threat landscape and the need for robust security measures. Continent 8 Technologies, through its Mobile Protect service, offers an effective solution to these challenges, providing iGaming casino and sportsbook businesses and their mobile users with the highest level of protection against mobile cyber threats.
As cybercriminals continue to innovate, the importance of proactive and comprehensive security measures cannot be overstated. With Mobile Protect, Continent 8 Technologies reaffirms its commitment to securing the digital frontier, ensuring that businesses can operate with confidence in a connected world.
To learn more about Mobile Protect click here or reach out to a member of the team via sales@continent8.com
Craig Lusher from our Secure team reveals the DDoS stats for the final quarter of 2023 and looks back at attack trends for the iGaming industry across the previous 12 months
The fourth quarter saw a total of 187 DDoS attacks launched against Continent 8 customers, a significant decrease from the 1,106 recorded in Q2 and the 359 in Q3. In fact, Q4 was the second-lowest month in terms of attacks, coming in just behind Q1 where 184 attacks were registered.
Before looking at how attack trends played out across the year, let’s first analyse the data from Q4 to understand attack characteristics over the three months.
In the fourth quarter, the intensity of attacks peaked in October with 84 separate incidents recorded with 44 in November and 59 in December. Over the period, a total of 27 customers were attacked making it a widespread issue rather than being isolated to a few organisations.
Malta was the most targeted location, suggesting a geographical focus of the attacks perhaps because of vulnerabilities that had been exploited.
Interestingly, there were no repeat attacks on the same day, indicating that each attack was a unique event. This implies that attacks were well-mitigated after the first occurrence or that attackers did not persist on the same targets within 24 hours.
The average number of attacks experienced by each customer was seven, but the most affected single customer experienced 49 attacks, significantly higher than the average. This suggests that some customers are at greater risk than others and may require additional protective measures.
The largest attack size was 412.9 Gbps but the average attack size throughout the quarter was 2.7Gbps. This is a significant disparity and suggests that while most attacks were relatively small, there were significant outliers that boosted the average.
Across the quarter, only one attack exceeded 100 Gbps which underscores the exceptional nature of the largest attack. The average attack duration was 42 minutes with the longest attack lasting just 3.3 hours, the shortest of the year – the longest attack came in Q2 and lasted a staggering 799.7 hours.
For the fourth quarter, the peak megapackets per second (MPPS) rate came in at 36, the second highest of the year behind the 316.9 recorded in Q2, providing insight into the intensity and potential impact of the attacks.
The Q4 stats show a need for targeted DDoS mitigation strategies, especially in high-risk months and for customers who are more frequently targeted. The data also helps enhance our DDoS Mitigation Solution, allocating more resources during peak attack periods and in regions such as Malta.
The fourth quarter of 2023 sits in stark contrast to 4Q22 where Continent 8 blocked a total of 3,367 separate DDoS events during a well-orchestrated campaign that coincided with the World Cup and the Christmas Holidays.
While the volume of attacks dipped significantly in 1Q23, the second quarter saw a significant resurgence in terms of the volume and size of attacks.
Q2 would become the standout quarter during the year with a total of 1,106 separate attacks blocked between April and June. This compares with 184 attacks in Q1, 359 in Q3 and 187 in Q4.
The most attacked locations were Kahnawake (Q1), Paris (Q2), Isle of Man (Q3) and Malta (Q4) with January, May, July and October being the months with the most DDoS attacks recorded. The number of unique customer attacks was 83, 29, 24 and 27 respectively.
The highest number of attacks against a single customer came in Q2, with 669 recorded, followed by 98 in Q3, 49 in Q4 and 31 in Q1. The longest single attack lasted 799.7 hours (Q2) with the shortest coming in at 3.3 hours in Q4 – in Q1 it was 5 hours and in Q3, 20 hours.
In terms of trends, Q1 saw a relatively high number of customers attacked at 83 but with a modest number of total attacks and the largest attack size of 49.5 Gbps. This shows that while attacks were frequent, they were less severe.
But Q2 presents a stark contrast. Despite a smaller number of customers being attacked (29), the total number of attacks was incredibly high with a remarkably large attack size of 560.6 Gbps. The high number of attacks against a single customer and the unprecedented longest attack time indicated a period of sustained, severe attacks.
In Q3 the focus of attacks shifted to the Isle of Man in July. The frequency of attacks and the number of customers impacted dropped. So too did the size of the largest attack but at 149.7 Gbps it was still substantial, denoting a continued threat.
For Q4, the size of the largest attack was once again on the rise, coming in at 412.9 Gbps indicating a resurgence in attack severity. That said, the highest number of attacks on a single customer and the longest attack duration were both down, suggesting effective mitigation of attack efforts.
In summary, 2023 began with frequent but less severe attacks which peaked in intensity during Q2 and especially in Paris. As we moved into the second half of the year, we saw signs of decreasing frequency and severity.
That said, the large attack sizes in Q4 indicated that while attacks may have become less frequent, their potential impact remains high, and businesses absolutely must have the protections in place to defend their systems, networks and data against DDoS attacks.
Our data and analysis should also be used to inform cybersecurity strategies moving forward and for resource allocation for DDoS mitigation efforts.
Our service provides complete layer 3 through 7 DDoS mitigation with bespoke profiling. Over the past year, Continent 8 has significantly enhanced its DDoS protection service through major upgrades to its network, DDoS platform and customer systems. We have streamlined our Tier 1 provisions by optimising the number of providers and doubling capacity. This was achieved by optimising the number of tier 1 providers, allowing for more efficient global traffic management and engineering.
Additionally, the DDoS service improvements include the introduction of a new scrubbing centre in Denver, which utilises the A10 TPS model consistent with previous deployments and increases the overall DDoS scrubbing capacity available. The expansion of the network edge with Juniper devices across multiple global locations, including NWK1, LON1, and HKG1, enhances the network’s resilience and capacity. These devices offer a significant capacity upgrade, supporting up to 4.8 Tbps, which is a substantial increase over the legacy models.
Furthermore, enhancements to the internal systems and the Customer Portal & API have been made, including the addition of 21 new features, redesigning of six existing features, and the resolution of 29 bugs. These improvements aim to enhance customer experience by providing better notifications, visibility of real-time events, and access to downloadable reports, thereby improving the overall effectiveness and responsiveness of the DDoS protection service.
To learn more about how Continent 8 can help defend your organisation against DDoS attacks with its iGaming cybersecurity solutions, contact a member of the team or head here for more info.
Jeremie Kanter, Director of Regulatory Affairs at Continent 8 Technologies
The global gambling industry has undergone a significant transformation in recent years. Government policies and ever-evolving stringent regulations continue to shape the undulating landscape for operators. Responsible gambling is not limited to the protection of vulnerable gamblers. With so much money and sensitive personal information being exchanged online, gambling sites have become a hot target for bad actors; therefore, it is essential that the industry takes cybersecurity seriously.
As quickly as technology advances, so do methods of hacking and scamming. Online gambling companies need to have many layers of defence to protect themselves and their customers. Cybersecurity, backed by Artificial Intelligence (AI) and machine learning, plays a pivotal role in safeguarding the gaming environment from a multitude of threats whilst protecting players and transactions and strengthening operators’ responsible gambling obligations. Cybersecurity measures ensure online sports betting platforms effectively enhance the integrity of their platform and demonstrate their commitment to fair play, transparency, and player safety.
One of the most critical aspects of cybersecurity in the online sports betting industry is protecting sensitive information. Cybersecurity solutions shield customer data from breaches with advanced encryption techniques and intrusion detection systems. AI-driven security systems can identify and mitigate potential threats in real time, ensuring a robust defence against data breaches and cyber attacks. This not only secures player information but also safeguards gambling operators’ trustworthiness and brand integrity.
Another essential consideration for operators is preventing fraud and taking anti-money laundering (AML) measures. The gambling industry is particularly susceptible to fraud, with hackers constantly devising new scams to exploit vulnerabilities. Robust cybersecurity measures underpinned by machine learning algorithms analyse vast amounts of information, including transaction records, customer information, and other financial data, to identify suspicious activity, enabling operators to intervene promptly. By employing effective cybersecurity measures, operators can protect their players from these types of illegal activities whilst minimising reputational damage.
Regulatory compliance is not just a legal requirement but also a means of building trust with players and regulatory authorities. By prioritising cybersecurity, iGaming operators can ensure they are not only following regulatory requirements, but they proactively avoid any potential legal or financial risks. Robust cybersecurity measures and AI systems help operators manage compliance by automating reporting, monitoring transactions, and ensuring adherence to data protection laws.
Part of an operator’s responsible gambling obligations include safeguarding players from addiction. How can the deployment of cybersecurity and AI-driven technology help in this regard? AI and machine learning algorithms can analyse player activity patterns and behaviours, identifying early signs and markers of harm. It can also track time spent gambling and prompt players to take a break. This information can be used to intervene and offer support to players who may be at risk. AI-driven chatbots provide real-time assistance to players seeking information and resources on responsible gambling. These chatbots can provide guidance and support and direct players to relevant resources when they exhibit risky or erratic behaviour. Offering immediate interaction with customers in need reinforces the industry’s commitment to responsible gaming and player wellbeing.
The gambling industry faces unique cybersecurity challenges that require a comprehensive and proactive approach. Responsible gambling is not just a legal requirement but a compass and an ethical obligation of the gambling industry. The importance of cybersecurity in the online sports betting industry cannot be overstated. Embracing a security-first mindset is essential for the gambling industry to thrive in an increasingly digital and interconnected world where the stakes are high.
Continent 8 can play a pivotal role in helping online gaming operators promote responsible gambling. By implementing advanced cybersecurity measures powered by AI-driven interventions, we can add significant value to operators, ensuring a safe and secure gaming environment while fostering responsible gambling practices. This not only benefits players but also enhances the reputation and trustworthiness of the operator.
Craig Lusher from our product team reviews the latest attack data with the intensity of attacks peaking in July and with one customer being hit 98 times over the three-month period
The third quarter of 2023 saw a significant reduction in DDoS attacks launched against Continent 8 customers.
The total number of attacks hit 359 during the period, down from 1,106 in Q2 where there was a continuation of the tumultuous adverse events that marked December 2022 with a well-orchestrated campaign that coincided with the World Cup and the festive holidays.
This saw Continent 8 defend 3,367 separate DDoS in the fourth quarter of 2022 alone.
In the third quarter of 2023, the intensity of attacks peaked in July with 195 separate incidents recorded. This was followed by August with 112 and September with 52. Over the three months, 24 unique customers were attacked making it a widespread issue rather than being isolated to a few customers.
On average, each customer faced 15 attacks in Q3, but one customer was subject to 98 attacks indicating a targeted effort and underscoring the need for all organisations to have specialised protective measures in place.
When it comes to the characteristics of attacks, there was great cause for concern with the largest attack hitting a staggering 149.7Gbps which could potentially cripple the most robust networks. The average size of attack was 2.27Gbps – manageable but not negligible.
The highest Peak Packets Per Second (PPS) recorded was 14.6 Mpps, and while this was substantially down on the 317 Mpps recorded in May 2023, it still indicates the scale of some of the attacks launched against Continent 8 customers during the quarter.
This highlights the importance of considering not just the throughput but also the volume of Packets Per Second because even low throughput attacks could involve millions of packets per second, threatening network equipment rather than just internet bandwidth.
This is why it’s vital to take a multi-layered approach to cybersecurity so that systems, networks and data are properly protected from different types of attack at a time when the volume and length of attacks remain high.
One customer was subject to an attack lasting more than 20 hours – so close to a full day. This shows the persistence of attackers. That said, the average attack duration during Q3 was 0.76 hours which comes to about 45 minutes.
This suggests most attacks were aiming for quick disruptions rather than prolonged engagement. Again, this is different to the previous quarter where the longest attack lasted an astounding 800 hours.
Interestingly, there were no attacks exceeding 1 Tbps, but there were four attacks exceeding 100 Gbps and four more in the range of 10-100Gbps. The majority of attacks – 350 altogether – were under 10 Gbps. This compares to a peak attack size of 560 Gbps in Q2.
When it comes to repeat attacks, 10 customers were hit for a second time in a 24-hour period – interestingly, in Q2 there were no instances of customers suffering repeat attacks within 24 hours – so this marks the return of attackers going after the same target multiple times.
The stats for the period from 1 July 2023 to 30 September 2023 relate to our customers based in different locations around the world. Key highlights include:
This quarter’s results show that attack tactics have changed once again with attack size reducing but with significant Packets Per Second being delivered via attacks.
This means that the threat has changed somewhat from earlier in the year – ensuring internet bandwidth is always vital but now more than ever organisations need to protect their network equipment and systems.
There has been a lot of discussion around the changing cyber threat landscape, but this quarter’s stats show that action is crucial if organisations are to ensure resilience and mitigate an attack which is now a case of when and not if.
Our solution continues to evolve and in recent months we have amplified our scrubbing capacity to 2.5+Tbps, as well as increased our scrubbing centres geographically deployed across multiple continents. Locations include Los Angeles, Chicago, New York, Miami, London, Amsterdam, Frankfurt, Singapore, Hong Kong and Sao Paulo.
Our proven platform is one you can rely on with a capacity only matched by the largest DDoS providers on the planet. Learn more about our DDoS solutions here or contact Craig via craig.lusher@continent8.com
The Latin American (LATAM) region has rapidly emerged as an enticing frontier in the global iGaming market. Its immense potential, unique characteristics, and dynamic nature make it a rich opportunity for operators and providers looking to expand their horizons.
In a recent webinar moderated by Anna McChesney, Senior Marketing Manager for Continent 8 Technologies, Gabriel Szlaifsztein, Regional Sales Director for LATAM (Continent 8) and Marcelo Blanco, CTO at Vibra Gaming (a Continent 8 customer), explored what the opportunity is for operators and suppliers in the region and how to develop a strategy for growth across this emerging market.
They also addressed the current and future regulatory landscape, the importance of cybersecurity, cultural nuances, infrastructure requirements and the influence of socioeconomic factors affecting player habits. Marcelo provided deeper insight into the key challenges and opportunities when setting up regional operations through his customer case study and talked enthusiastically about how “opportunity beckons.”
The LATAM region is often hailed as one of the most promising emerging markets in the iGaming sector. Its vast, untapped population of over 670 million, the proliferation of mobile devices, and an increasing appetite for online entertainment create a perfect storm for growth. The region is ripe for innovation and investment, attracting global players who recognize the potential of this exciting market.
The regulatory landscape in LATAM varies significantly from one country to another. Some countries have embraced iGaming and enacted favourable legislation, while others are still navigating the complexities of regulation. It’s imperative for operators and providers to closely monitor and adapt to the evolving legal framework in each jurisdiction they operate in. In our webinar, Gabriel explains the growing acceptance and adoption of regulation and provides a detailed, country-by-country overview of gambling activity and licensing requirements across the region.
LATAM is a tapestry of diverse cultures, languages, and traditions. Understanding the cultural nuances of each nation is pivotal for iGaming success. Tailoring strategies and customising offerings to resonate with local markets in each country, from content and marketing to user experience, is a key consideration in the region. The flexibility required to create a “unique look and feel” for different products is crucial.
“There is a huge diversity of devices and connectivity across Latin America. We need to provide different content for different markets in order to provide the right solution. Each audience has a particular taste, and we must accommodate that.” – Marcelo Blanco, CTO, Vibra Gaming.
Sports hold a special place in the hearts of many LATAM residents. Football, in particular, reigns supreme, and sports betting enjoys immense popularity. Boxing, basketball and baseball also attract a lot of interest. There has been an explosion in online gaming and sports betting in the LATAM region, which has risen sharply since the pandemic. There were 383 million registered mobile internet users in 2022, with the highest numbers in Brazil and Mexico. The intertwining of sports betting and iGaming presents a unique opportunity for providers to engage a passionate audience.
As the LATAM iGaming market evolves, embracing technological advancements becomes vital. Infrastructure and cybersecurity take centre stage to protect sensitive data, ensure fair play, and maintain uninterrupted services. There are 135 data centres across the region, all very well distributed. Continent 8 has established certified operations in Colombia, as well as Peru and Puerto Rico.
“The right data centre for operations in LATAM is a combination of technical capacity, latency and regulatory aspects in the target market.” – Gabriel Szlaifsztein, Regional Sales Director (LATAM), Continent 8.
Cyber threats are on the rise. According to a recent cybersecurity report by Fortinet, there were 137 billion registered cyber attack attempts in Latin America during the first half of 2022, the main attack vectors being ransomware and DDoS. Mexico saw the highest number of cyber attacks, followed by Brazil and Columbia. This makes the role of cybersecurity paramount for the industry’s integrity and a critical investment for operators and suppliers.
Local partnerships and collaborations are crucial to navigating the intricacies of the LATAM iGaming sector. Understanding local business practices, forming solid relationships with local entities, and complying with regulatory requirements are integral to long-term success. Marcelo talks about the importance of being prepared and describes how having a strong partner in Continent 8 was critical to Vibra Gaming’s journey when setting up infrastructure in regulated markets.
The LATAM iGaming market is a treasure chest of opportunity for operators and providers with the vision to tap into its potential. While navigating the complexities of regulation, understanding cultural diversity, and embracing technological advancements, industry players can position themselves to thrive in this dynamic and evolving landscape.
In the final part of the webinar, Gabriel and Marcelo discussed their predictions for the industry and the region for the next 5 years. These included greater coverage for regulated markets, a level-up in disruptive and emerging technologies and the development of a new breed of players as the market matures.
Interested in learning more about developing a strategy for growth in the LATAM region? Contact Continent 8 today and book your free 1-hour consultation with our experts.
Distributed denial-of-service (DDoS) attacks threaten data integrity of numerous companies worldwide. Unlike a DoS attack, which originates from a single location, DDoS attacks occur from multiple locations simultaneously, making securing data potentially more complicated.
Understanding the mechanism of DDoS attacks and what an enterprise must do to safeguard its data against them is critical. Here Craig Lusher, Senior Product Specialist – Secure, discusses where DDoS attacks originate and why it is important to deploy thorough prevention strategies.
DDoS attacks involve hackers flooding a network or server with fake traffic. They overwhelm the system, disrupting genuine user requests and causing the server to crash. During a DDoS attack, your website will be bombarded with requests from various sources for an extended duration.
These requests are not a result of a sudden increase in legitimate visitors. Instead, they are automated and originate from a limited number of sources, the quantity of which depends on the attack’s size.
DDoS attacks can come from competitors or other entities that intend to disrupt access to website’s content. Either way, it poses significant risks to the company’s integrity.
For instance, research conducted in 2022 revealed a 74 percent increase in DDoS attacks, causing disruptions and financial losses. Most of these attacks targeted the fintech industry, accounting for 34 percent of these attacks and experiencing a twelvefold rise in attack traffic. Experts also predicted that the number of DDoS attacks would double, going from 7.9 million in 2018 to over 15 million by 2023.
Moreover, DDoS attacks can have widespread consequences beyond individual data breaches. They can disrupt entire networks, affecting critical services and the availability of websites and online platforms. For businesses, these attacks can lead to significant financial losses, harm their reputation, and diminish customer trust.
Seeing how significant the impact of DDoS attacks is, use the following strategies to shield your server from these threats.
To strengthen your hosting against DDoS attacks, you need sufficient bandwidth to manage traffic spikes caused by cyber attacks. Increasing bandwidth makes it harder for attackers to execute successful DDoS attacks. However, this won’t be enough to protect your website thoroughly. It would be best to combine it with other mitigation tactics for comprehensive cyber security.
Anticipating a cyber attack in advance is essential for a proactive security architecture, enabling a quick response to potential threats before they can harm your website. An effective security plan includes identifying your response team, prioritizing critical functions, and establishing communication with your Internet Service Provider, which can help stop the attack.
When you notice a sudden increase in traffic to a host, you can use ‘rate limiting’ to manage the incoming traffic at a level the host can handle without causing disruptions. Advanced security goes further by checking each packet to see if it’s valid. If you want to do this effectively, you must understand what normal, legitimate traffic for the target looks like and then compare each packet to this standard. This will help you identify any unusual patterns or potential threats.
To protect against DDoS attacks, your infrastructure should be robust. Instead of relying solely on firewalls, you can diversify your approach by distributing data centers across different networks, avoiding concentration in one location, placing servers in multiple data centers, and ensuring uninterrupted traffic flow without network bottlenecks.
Make sure to follow strong security practices, like changing passwords regularly, using secure authentication, and avoiding phishing attacks. Reducing user errors within your organization enhances safety, even during an attack.
Black hole routing is a method to stop DDoS attacks by discarding harmful traffic before it reaches the target. It works by directing traffic to a non-existent “black hole” interface, effectively blocking traffic from the source of the attack. Although it is a reactive measure, it reduces the impact of DDoS attacks.
A cloud-based DDoS service like Continent 8 is essential for effective protection. The cloud offers more bandwidth than on-premises resources and distributes servers across different locations, enhancing security for many websites with limited resources.
Log monitoring provides valuable insights into your web traffic, enabling real-time threat detection and a faster DDoS mitigation process. By analysing log traffic statistics, you can identify when significant traffic spikes occur and determine the servers affected by the attack. Log analysis can also save time by notifying you about unwanted events in advance, reducing the time and effort needed for troubleshooting.
Your network may slow down unexpectedly, your website could shut down, and you might start receiving an influx of spam. Additional signs of a DDoS attack include slow performance, excessive traffic from a single source, frequent crashes, poor connectivity, and any other unusual patterns, like a sudden surge in traffic from a single IP address.
A web application firewall (WAF) protects against harmful traffic that targets application vulnerabilities. It watches for unusual traffic patterns, blocking malicious ones while allowing legitimate ones. When you position a WAF between your server and the internet, it acts like a shield, ensuring all traffic goes through it first.
Security providers like Continent 8 assist global enterprises in protecting their servers from these malicious attacks. Ensure that you are implementing the industry’s best practices and be adaptive to changes.