In the iGaming industry, trust is everything – not just for players, but for the entire ecosystem of operators, suppliers, and technology providers. Players expect seamless experiences, secure transactions, and confidence that their personal data is protected. At the same time, suppliers and platform partners demand robust cybersecurity standards and transparent risk management to safeguard their own systems and reputations. Yet, as the sector grows – driven by new markets, mobile-first platforms, and real-time betting – the attack surface expands exponentially. Cybercriminals have noticed. From ransomware groups to phishing campaigns, the industry is now a prime target for sophisticated attacks that exploit both technology and human behaviour.
Recent analysis shows a 400% surge in cyber incidents impacting casino operators and gambling businesses since early 2025. The cost of downtime during a major sporting event can exceed $6,000 per minute, and phishing attacks have grown by 180% since 2023. These numbers underscore a stark reality: the iGaming ecosystem is under siege.
The past year has been a wake-up call for the industry. In July 2025, Flutter Entertainment, owner of Paddy Power and Betfair, confirmed a breach affecting up to 800,000 users, exposing personal data such as IP addresses and betting activity. In March, Merkur Group, a major European casino operator, suffered a catastrophic incident that compromised sensitive data across multiple platforms, including payment details, identity verification documents, and over 70,000 ID scans, all due to misconfigured backend interfaces. Beyond data theft, account takeover attacks surged by 42% in Q1 2025, with one European betting platform losing €1.7 million in just 48 hours before detection. These examples illustrate a clear trend: attackers are exploiting both technical vulnerabilities and human factors, and the financial and reputational stakes have never been higher.
Why is the industry a target? Because it offers two things that attackers value most – money and data. Every payment gateway, affiliate integration, and game studio aggregation introduces new vulnerabilities. Add to this the complexity of real-time transaction engines, regulatory reporting systems, and third-party content providers, and you have an environment where a single weak link can compromise the entire chain.
Now that I have set the scene, here’s what I believe will shape cybersecurity in iGaming in 2026.
Artificial Intelligence is the double-edged sword of cybersecurity. In 2026, expect AI-driven attacks – deepfakes, automated intrusions, and identity-centric exploits – to become mainstream.
On the defensive side, AI will power advanced threat hunting, anomaly detection, and predictive analytics. Operators will deploy machine learning models to identify fraudulent transactions in real time and detect behavioural anomalies before they escalate. But securing AI itself will be critical as attackers are already targeting AI systems to turn them into insider threats.
Cybersecurity will move from being a compliance checkbox to a strategic KPI. This is a welcome shift for the industry. Regulators are demanding real-time, machine-readable compliance data, while players increasingly view security as part of the user experience. Seamless onboarding, frictionless withdrawals, and transparent data handling will become loyalty drivers.
The complexity of today’s threat landscape means no single operator can fight alone. Intelligence sharing will become the cornerstone of industry-wide defence. This is where Continent 8’s Threat Exchange sets a new benchmark.
Launched in late 2025, Threat Exchange is the industry’s first dedicated cyber threat intelligence (CTI) platform, engineered specifically for iGaming and online sports betting. It processes billions of signals daily, delivering real-time, actionable insights to operators, platform providers, and regulators.
Key capabilities include:
As I often say, “Threat Exchange is changing the game.” By leveraging our position as the industry’s trusted cybersecurity and hosting partner, we transform vast datasets into clear, actionable intelligence. This isn’t just about detecting threats – it’s about anticipating them and enabling proactive resilience.
Jurisdictions from Brazil to Finland are introducing competitive licensing models, while established markets like the UK are tightening advertising and security requirements. Compliance will increasingly rely on API-driven automation, enabling operators to feed regulators real-time data on transactions, safer gambling measures, and incident response.
To thrive in this environment, operators should:
Cybersecurity in iGaming is no longer about reacting to incidents – it’s about anticipating them. Those who harness intelligence, embrace collaboration, and embed security into every layer of their operations will not only survive but lead.
For more information on how Continent 8 can support your initiatives, email sales@continent.com or fill out our Contact Us page.
As we approach the end of 2025, Justin Cosnett, Chief Product Officer, has been reflecting on what has been an extraordinary year for Continent 8 Technologies. Our mission to deliver secure, innovative, and customer-focused solutions has never been more important, and this year we’ve achieved milestones that truly set us apart. From expanding our global footprint to driving cutting-edge cloud and cybersecurity solutions, 2025 has been a year of recognition and success.
We were proud to be a double winner at the 2025 Baltic & Scandinavian Gaming Awards during the MARE BALTICUM Gaming & TECH Summit in Vilnius, Lithuania, taking home:
And that’s not all – Continent 8 was also named Data Centre and Cloud System Provider of the Year at the prestigious EGR B2B Awards, cementing our position as a trusted leader in the industry.
Here are eight standout moments that defined our journey in 2025.
Cybersecurity is at the heart of everything we do. This year, we launched the Continent 8 Threat Exchange, a collaborative platform that empowers customers to share threat intelligence and strengthen defences against evolving attacks. It’s a game-changer for proactive security.
As Patrick Gardner, our Chief Security Officer, said: “The Threat Exchange is a one-of-a-kind initiative for our industry. It gives customers the ability to collaborate and act on real-time intelligence, creating a stronger, united defence against cyber threats.”
In April, we hosted our annual Customer Advisory Board in Ireland, bringing together our trusted customers and partners. The event is designed to share insights and help shape the future of our services. These conversations are invaluable – they ensure we remain aligned with customer needs and market trends.
A proud moment for all of us was seeing our Founder and CEO, Michael Tobin, receive major industry recognition, ranking among the top global tech leaders in GamblingIQ’s Trusted 10 list. His vision and leadership continue to inspire our team and drive innovation across the business.
GamblingIQ’s commentary on Michael mentioned: “Michael Tobin has become one of the defining figures in iGaming infrastructure… In an industry often chasing the next big thing, Tobin embodies the kind of leadership that prioritises stability and sustainable growth without losing sight of innovation.”
We successfully migrated Sportingtech from a VMware-based environment to a Nutanix AHV hyperconverged infrastructure, delivering enhanced scalability, resilience, and compliance. This strategic move helped Sportingtech avoid a 42% increase in virtualisation costs following VMware licensing changes.
The cloud migration was no small feat:
Read the full case study here
Knowledge sharing is key to progress. This year, we launched the Ask The Expert podcast series, offering insights from specialists on topics like iGaming infrastructure, cybersecurity, cloud strategy, and compliance. We have welcomed guest speakers from AWS, Sportingtech and Nutanix. It’s become a valuable resource for the industry.
All the episodes can be viewed here
You can expect more episodes in 2026!
Our partnership with Alea went beyond technical collaboration – it became a platform for driving industry-wide awareness of the importance of cybersecurity for gaming. Alea, one of the fastest-growing iGaming aggregators, handles over 21,000 transactions per second and connects operators to 16,000+ games from 160 providers via a single API. Securing this scale of operations is critical, and together we’ve raised the bar for cybersecurity standards in the sector.
This collaboration was showcased at SBC Summit Lisbon, where we hosted a press conference to emphasise proactive security measures for operators and suppliers.
Security layers matter. We rolled out our MFA solution, adding an extra level of protection for customer environments and reinforcing our commitment to safeguarding critical systems. It also ensures regulatory compliance across iGaming jurisdictions and markets.
Continent 8’s one-step login solution, powered by MIRACL, has a proven success rate of 99.9%, taking on average just two seconds to login. It is also designed to reduce an organisation’s support costs.
We have recently signed a major US operator (more on that news soon!) and expect to announce some exciting partnerships in 2026.
We achieved ISO 50001 certification, demonstrating our dedication to energy efficiency and sustainability across our global data centre operations. This is an important step toward a greener future.
Michael Tobin said: “Achieving ISO 50001 certification is a significant step in our commitment to sustainability, and I’d like to congratulate all involved in this accomplishment. This certification ensures that our organisation is responsible for continuously enhancing our energy management system and implementing objective and best practices for energy efficiency.”
***
2025 has been a year of innovation, collaboration, and growth. I want to thank our customers, partners, and the incredible Continent 8 team for making these achievements possible. As we look ahead to 2026, we remain committed to delivering secure, resilient, and forward-thinking solutions for the industry.
Following the release of the National Indian Gaming Commission’s (NIGC) Fiscal Year (FY) 2024 Gross Gaming Revenue (GGR) report, Jerad Swimmer, Regional Sales Director at Continent 8 Technologies, provides a mid-year report on the state of tribal gaming in 2025.
On July 31, the NIGC published its annual GGR report, highlighting a record-setting $43.9 billion in revenue for FY 2024. This achievement reflects a 4.6% year-over-year increase, representing growth of $2 billion, with data collected from 532 gaming operations run by 243 federally recognized tribes across 29 states. In the NIGC press statement, Acting NIGC Chairwoman Sharon Avery remarked:
“This year’s GGR reflects not only the resilience of the tribal gaming industry, but also the dedication of tribal leadership in preserving and growing this important economic driver for their communities. The continued success of Indian gaming is a testament to the strong tribal governance and the sound regulation that protects the integrity of the industry.”
These figures emphasize the critical economic contribution of tribal gaming, supporting essential initiatives across employment, infrastructure, education and social services within tribal communities. Yet, as the tribal gaming industry’s financial impact continues to expand, so does its exposure to cyber threat actors aiming to benefit from this growth.
Over the past year, the industry has witnessed significant cyber incidents. In April of last year, a tribal casino was forced to suspend its operations following a cyber breach and advised patrons to monitor account activity for potential unauthorized access. In February of this year, one tribe experienced a ransomware attack that disrupted telecommunications and IT systems across multiple tribal entities, including casino operations.
During recent key industry events – including the OIGA Conference and Trade Show, the Indian Gaming Convention and Tradeshow (IGA) and the TribalHub Cybersecurity Summit – our team has also received direct reports of numerous cybersecurity incidents. These events have resulted in a range of financial, operational and reputational impacts for affected organizations. These forums have provided tribal casinos, gaming commissions and government bodies in Indian Country with valuable opportunities to share their cybersecurity challenges and engage with experts on effective threat mitigation strategies.
Given the ongoing and evolving cyber threat landscape, tribal gaming organizations must adopt a proactive cybersecurity posture – operating with an ‘assume breach’ mindset and prioritizing resilience. Robust measures are essential to safeguard infrastructure, player data, critical platforms and preserve tribal sovereignty. Recommended best practices for comprehensive cyber defense include:
As a trusted Managed Security Service Provider (MSSP), we partner with tribal gaming organizations – including Cherokee Tribal Gaming Commission (TGC), ShowNation, Tachi Palace Casino Resort – to foster a culture of cybersecurity awareness, strengthen organizational security posture and ensure long-term operational resiliency.
Continent 8 provides comprehensive, multi-layered threat prevention, detection and response solutions to secure your tribal organization’s digital assets in the face of evolving cyber threats. For more information on how Continent 8 can support your cybersecurity initiatives, email sales@continent.com or fill out our Contact Us page.
Also, be sure to listen back to our Tribal Talks: Cybersecurity Unlocked podcast series. Each episode delves into new stories, insights gained, best practices and key developments that are shaping the future of tribal casino gaming and cybersecurity.
Key highlights:
In the iGaming and online sports betting industry, where cybersecurity breaches can result in unauthorised access, identity theft, account takeovers, operational disruptions and reputational damage, MFA is an essential security measure. It’s also mandated for the regulated Brazilian iGaming market, where operators must submit proof of compliance.
In this blog, Luana Monje, Brazil-based Sales Executive at Continent 8 Technologies, explores the significance of MFA in Brazil’s exciting market, highlighting its role as both a regulatory cybersecurity requirement, outlining key considerations when selecting an effective authentication platform, and showcasing Continent 8’s passwordless MFA solution designed to deliver the most seamless single-step PIN experience.
According to the Secretariat of Prizes and Bets (SPA) and the Ministry of Finance’s (MF) technical and cybersecurity guidelines for Brazil’s betting systems (Ordinance No. 722, available in Portuguese), MFA is defined as:
A type of authentication that uses two or more of the following elements to verify a user’s identity: information known only to the user, such as a password, a pattern, or answers to challenge questions; an item owned by a user, such as an electronic token, a physical token, or an identification card; a user’s biometric data, such as fingerprints, facial or voice recognition.
First and foremost, Brazilian regulations require the implementation of MFA across several technical and cybersecurity requirements outlined in Ordinance No. 722. These requirements include:
Ordinance 722, Annex I, sections 12, 13 and 16 – Access to the betting system:
a) at least once every 7 (seven) days; or
b) on the first access after a period of inactivity of more than 7 (seven) days.
Ordinance 722, Annex IV, section 25f – Technical Controls, DNS requirements:
25 – The following requirements apply to servers used to resolve Domain Name System (DNS) queries in association with the betting system:
f) multi-factor authentication must be in place
MFA provides a layer of cybersecurity that significantly mitigates the risk of unauthorised access, thereby safeguarding sensitive data and personal information.
With MFA being a regulatory requirement in Brazil, iGaming and online sports betting operators need to evaluate which MFA options are most suitable for their operations. Here are some key considerations when assessing an MFA platform, and how Continent 8 can support your MFA journey.
| Key Consideration | The Continent 8 MFA Advantage |
|---|---|
| User experience | Same passwordless, 2-second, single-step login – on all devices and browsers
99.9% of users log in within 2 seconds. Supports biometric auth in apps. Our MFA solution ensures consistent user experiences across both app and browser platforms, while also offering the option of local biometric authentication for apps. |
| Compatibility / Operability | 100% of devices, 100% of browsersOur MFA solution ensures complete independence from hardware or operating systems, enabling compatibility across all devices and platforms.
By providing our solution through the same browser interface as the operator’s service, or by embedding the technology directly into the operator’s native app, we support:
|
| Login success rate | 99.93% login success or higherOur MFA platform streamlines the login process to a passwordless, single user step. The system is capable of operating with either a PIN or biometric authentication, providing users with flexibility and a reliable fallback across any device or browser.
Each additional step increases the potential for user error, and every dependency (such as downloads, installations, mobile phones, cellular networks, or username entry) introduces a potential point of failure for both users and the system. Our platform achieves a 99.93% login success rate in consumer-facing applications, using either a 4-digit PIN or device-based biometric authentication where available. Our platform also attains a 99.997% success rate in action (transaction) authentication. There is no difference in success rates between mobile and tablet/laptop devices, as the system does not rely on the presence of a mobile device. |
| Registration success rate | +18% in player registrations, 20% boost in profitsOur MFA solution’s enrolment process simply requires users to select a 4-digit PIN. This procedure does not require any permissions, downloads, plug-ins, imported keys or configurations, thereby eliminating registration failures. The enrolment can be completely invisible and take place during customer registration.
User process – on any device or browser:
The result: +18% increase in user registrations which can boost profits by up to 20%. |
| Support costs | 90% savings in support costs
Our MFA solution minimises support-related expenses and resources with a self-sufficient service. For example, this platform eliminates the need for password reset assistance – accounting for up to 60% of support desk inquiries, costing an estimated $15-70 per call – and customer validation. |
| MSSP services | 360-degree support
As an MSSP, we offer comprehensive end-to-end support for seamless evaluation, deployment, and ongoing assistance by:
|
| Technology | Minimal attack surface, no single point of failure
Our MFA solution employs advanced zero-knowledge proof of identity, ensuring a minimal trust surface and eliminating any single point of failure. Provides robust two-factor authentication, with the option of a software-only solution. |
| Data privacy | Zero information required
Our MFA solution does not require any Personally Identifiable Information (PII) from the end user. Instead, we only need a unique identifier, which may be a hash of a mobile number, email address, or username, thereby ensuring the solution’s adaptability to various identity schemes. |
The iGaming and online betting industry is constantly evolving, with new technologies and threats emerging regularly. Multi-factor authentication is an essential component of future-proofing betting and gaming platforms against these evolving risks. By integrating advanced authentication methods, iGaming and online sports betting operators can stay ahead of cyber threats and continuously protect their systems and players’ data.
Continent 8 is committed to supporting businesses in the iGaming and online sports betting industry with their cybersecurity needs. Our team of experts works closely with you to design and implement tailored MFA solutions that align with your regulatory requirements and business objectives.
To learn more about Continent 8’s MFA solution, contact Luana at luana.monje@continent8.com.
Jerad Swimmer, Regional Sales Director at Continent 8 Technologies, explores the benefits of a cybersecurity checklist to safeguard your tribal gaming operations against emerging cyber threats and attacks.
Safeguarding your business can be daunting, and you might be asking yourself ‘where do I begin?’ To address this, we have prepared a cybersecurity checklist to help you identify possible weaknesses.
First, let us set the scene with the current state of play and why you need to prioritize cybersecurity in today’s world.
The tribal gaming industry is a vibrant and vital part of many Native American communities, providing not only entertainment but also significant economic benefits. However, this industry is increasingly falling under the crosshairs of sophisticated cybercriminals. These bad actors aim to disrupt operations, steal sensitive patron data and extort ransom payments. The stakes are high, with the potential impact extending beyond the casino floors to tribal governments, health services and community trust.
Cyber threats in tribal gaming are diverse and evolving. For example, ransomware attacks have become more prevalent, demonstrating a devastating capacity to bring operations to a standstill. A recent notable incident involved a ransomware attack that compromised all internet servers and data, with the attackers demanding up to $500,000 to restore services. These incidents highlight the urgent need for comprehensive cybersecurity measures tailored to the unique environment of tribal casinos.
The consequences of a cyber attack on a tribal casino can be far-reaching. Beyond the immediate financial losses and operational disruptions, there is a profound impact on the trust and confidence of the community. Patrons expect their personal and financial information to be secure, and any breach can lead to a significant erosion of trust.
To effectively combat cyber threats, tribal casinos need to adopt a multi-faceted cybersecurity strategy. This involves not just technological solutions but also organizational practices and policies. The foundation of such a strategy includes:
Continent 8, supported by our dedicated cybersecurity company, C8 Secure, is a trusted partner for tribal nations and gaming enterprises. Our cybersecurity services are tailored to meet the unique needs of tribal governments, regulators and casino operators.
Our capabilities include:
We are trusted by a diverse array of tribal gaming casinos and organizations, including ShowNation, Tachi Palace Casino Resort, among others.
Don’t wait for an incident to discover whether you’re vulnerable. By taking these proactive steps, tribal casinos can fortify their defenses, ensuring uninterrupted operations and maintaining the trust of their communities.
Secure your tribal gaming operations by accessing this detailed checklist.
Continent 8 provides comprehensive, multi-layered threat prevention, detection and response solutions to secure your tribal organization’s digital assets in the face of evolving cyber threats. For more information on how Continent 8 can support your cybersecurity initiatives, email sales@continent.com or fill out our Contact Us page.
In the latest chapter of our Cultiv8 Employee Series, Jordan Holmes, Vice President of Human Resources at Continent 8 Technologies, sat down with Jason Magsoy, a Network Security Engineer based out of the Philippines.
Throughout the discussion, Jason shares insights into his professional journey, outlines his current networking responsibilities at Continent 8, discusses how he embodies the company’s culture and values and previews some of his forthcoming projects.
Hi Jason! Can you tell us a little but about yourself and your role as a Network Security Engineer at Continent 8?
I began my professional career in the IT industry in the Philippines and subsequently broadened my expertise while working in Saudi Arabia. I started from the ground up, initially running cables in ceilings, and progressively advanced to securing endpoints and networks.
At Continent 8, my responsibilities include configuring security solutions such as firewalls and maintaining a secure network for both Continent 8 and its customers. We consistently ensure that network security does not create bottlenecks by providing aggregated connections and redundant solutions.
How did you come to choose a career as a Network Security Engineer?
I was introduced to cybersecurity through firewalls, Network Detection and Response (NDR) and Endpoint Detection and Response (EDR) solutions without any prior experience, and I found network security to be incredibly fascinating. It ignited my passion for protecting devices from malicious entities. Achieving clear network traffic visibility and implementing the appropriate security solutions can significantly reduce the risk of intrusion by malicious actors.
What motivated you to join the Continent 8 team? What do you enjoy most about your job?
In my previous role, I was dedicated to configuring and safeguarding a single data centre and a limited network connection. The scope was quite narrow, and I felt my professional development was stalling. This realisation drove me to broaden my expertise in networking and security, ultimately leading me to Continent 8.
At Continent 8, I was introduced to an expansive network environment, secured by robust solutions and supported by a team of experts. I find my experience here highly rewarding, largely due to the team’s professionalism, expertise and approachability. Moreover, my time at Continent 8 has been marked by substantial personal and professional growth, which has been extremely gratifying.
Can you describe some of the challenges you face in your job position? How do you also stay up to date on the latest security/cybersecurity developments?
As a Network Security Engineer, I am part of a team dedicated to ensuring maximum network uptime for both Continent 8 and its customers. This is undoubtedly a significant responsibility, but one that I fully embrace, requiring constant vigilance and a meticulous approach.
To ensure I remain current, I am pursuing certifications related to the security solutions we employ and engaging in continuous education to stay informed about new and emerging features that could support our team’s objectives. Furthermore, I subscribe to Common Vulnerabilities and Exposures (CVE) sites to monitor new vulnerabilities pertinent to our solutions and implement necessary patches.
How do you align with Continent 8’s culture and values of Active Ownership, Purposeful Creativity and/or Genuine Care?
I align myself with Continent 8’s culture and values by actively fostering an environment of collaboration, mutual support and knowledge sharing to ensure everyone’s success. This is accomplished by upholding our team’s commitments, taking full responsibility of my role and caring for the people, company and our customers.
Any final thoughts?
Continent 8 has provided me with an incredible opportunity to pursue the work that I genuinely enjoy, providing me with a deep sense of fulfillment.
I would also like to express my sincere gratitude to the Network Security Team: Bruce Craig, Michael Freitas, Rodrigo Suzuki and Christian Temporado. Your exceptional support and leadership are truly appreciated.
Craig Lusher from our Secure team provides a comprehensive analysis of the latest Distributed Denial of Service (DDoS) statistics from the first quarter of the year and their implications for cybersecurity trends.
The first quarter of 2025 has revealed significant changes in the DDoS threat landscape, characterised by a substantial increase in attack frequency, the emergence of ‘carpet bombing’ techniques and growing trends targeting the iGaming sector. With attack methodologies evolving and becoming more sophisticated, this report provides critical insights for cybersecurity planning and threat mitigation.
The first quarter of 2025 has shown a noticeable increase in DDoS attack activity, with 161 attacks recorded. This represents a rise from 4Q 2024’s 138 attacks and a dramatic increase from 1Q 2024’s 58 attacks. The most active month was February, which continues to show vulnerability during winter months.
1Q 2025 showed the following patterns in attack intensity:
While individual attack sizes appear smaller compared to historical peaks (2Q 2023’s 560.6 Gbps), this represents a strategic shift rather than reduced threat capability. Intelligence indicates that attackers now possess capabilities exceeding 500 Gbps but are employing more targeted and distributed approaches that can bypass traditional detection mechanisms.
1Q 2025 has shown a marked increase in attacks specifically targeting the online gambling and casino sector, with intelligence indicating a 400% rise in attacks against these entities since February. This industry-specific targeting represents a prominent trend that requires specialised attention and defence mechanisms.
Key statistics for 1Q 2025:
On 26 February, a carpet-bombing incident targeted 53 networks within a short 6-minute window (03:41-03:47 UTC). While this attack peaked at 150 Gbps with 120 Mpps, its distributed nature allows it to circumvent traditional defence systems, potentially resulting in a significant customer impact.
Comparing 1Q 2025 with recent quarters reveals several trends:
This shows a clear trend of increasing attack volumes over the past three quarters, with a 372% increase from 3Q 2024 to 1Q 2025.
While individual attack volume metrics appear to show decreasing intensity, this is misleading as attacks are now distributed across multiple targets simultaneously, making traditional detection mechanisms less effective.
The number of affected customers has increased dramatically in 1Q 2025, indicating a broader targeting strategy. Of particular note is the observed ‘spray’ technique that targets entire network Classless Inter-Domain Routing (CIDR) blocks rather than individual IPs, affecting multiple customers simultaneously.
1Q 2025 has seen the emergence of carpet bombing or spray attacks that distribute traffic across multiple hosts within targeted IP ranges. These attacks:
Comparing 1Q 2025 to 1Q 2024 shows significant changes in the threat landscape:
Intelligence indicates a notable correlation between DDoS attacks and subsequent data breaches in the iGaming sector. 1Q 2025 has seen examples of multiple organisations experiencing what appears to be a new attack pattern:
Unlike traditional ransomware operations, these attacks show no ransom demands prior to data release, indicating a potential shift in threat actor motivations from financial gain to maximum disruption or competitive advantage.
The transition to carpet-bombing techniques represents a significant evolution in DDoS tactics. These attacks distribute traffic across multiple targets within a network range, using traffic volumes per target that stay below conventional detection thresholds.
Intelligence indicates a targeted campaign against the iGaming sector, with a 400% increase in attacks since February 2025.
The average attack duration has increased dramatically to 4.3 hours, with the longest attack lasting 54 hours. Short, intense attacks (3-6 minutes) are now frequently observed as reconnaissance to test defence capabilities before launching larger campaigns.
Intelligence suggests a rising trend of AI technology adoption by threat actors. Self-hosted AI tools are enabling more sophisticated and unpredictable attack patterns that traditional defence mechanisms struggle to detect. These AI-enhanced attacks show several characteristics:
Based on 1Q 2025 attack patterns, particularly the emergence of carpet-bombing techniques, the following defence strategies are recommended:
The increase in attack volumes and sophistication in 1Q 2025 indicates a significant evolution in the threat landscape. Organisations should prepare for:
The 26 February incident, which affected 53 networks within a 6-minute window, demonstrates the effectiveness of these new attack methodologies and highlights the need for enhanced detection and mitigation capabilities.
Our best-in-class DDoS solution continues to evolve and in recent months we have amplified our scrubbing capacity to 5+ Tbps, as well as increased our scrubbing centres geographically deployed across multiple continents. Locations include Los Angeles, Chicago, New York, Miami, London, Amsterdam, Frankfurt, Singapore, Hong Kong and Sao Paulo.
Key features of our mitigation solution:
DDoS protection should also form part of a wider, multi-layered approach to cybersecurity. A 360-degree, end-to-end protection strategy should include DDoS mitigation solution as well as WAF/WAAP protection, MDR/EDR services, SIEM and SOC resources, VAPT assessments, backup solutions, and mobile device, phishing defence and MFA services.
This is the only way to have multiple protections in place for each attack type and to ensure the greatest level of resilience.
To learn more about how Continent 8 can help protect your organisation, contact a member of the team via sales@continent8.com or our Contact Us form.
Super Bowl LIX between the Philadelphia Eagles and the Kansas City Chiefs on February 9th, 2025, at the Caesars Superdome, was the eleventh Super Bowl to be held in New Orleans, and it was not the close affair we expected! In fact, the Eagles reached an insurmountable lead of 34 points before the Chiefs managed a first score. The event boasted record peak views of around 135 million, up from 124 million last year.
It was also a record-breaking 2025 in gambling terms, with significant growth in online betting compared to last year’s, reflecting the continued expansion of legal online sports betting in the US. An estimated $1.39 billion was gambled on Super Bowl LIX, up from $1.25 billion in legal bets for Super Bowl LVIII — a growth of about 11%. This figure marks the first time the American Gaming Association (AGA) based its estimate solely on legal wagers, unlike previous years that included illegal and casual bets, suggesting the actual increase in regulated online activity could be even higher as the market shifts toward legal channels.
This year also saw at least one $1m bet and a six-figure wager on the coin flip (tails by the way).
Continent 8 customer, FanDuel, reported record-breaking activity for Super Bowl LIX, with over 16.6 million bets placed by almost 3 million customers, a nearly 20% increase in bets from the 14 million recorded for LVIII (which totalled $307 million in wagers from 2.5 million users). In New York alone, a key online sports betting market, the Super Bowl LIX week saw a handle (total amount wagered) of over $557 million, with $155 million tied directly to the game, outpacing last year’s figures. FanDuel’s handle in New York for that week was $222.2 million, and DraftKings reported $193.9 million, both reflecting robust growth.
As the largest network, infrastructure and cybersecurity supplier to the US and global regulated iGaming market, Continent 8 can report its stats for Super Bowl LIX:
Continent 8 is no stranger to supporting high-traffic sporting contests. Whether it is annually for the Grand National or Cheltenham horse racing events in the UK and Ireland, the UEFA Champions League across Europe, March Madness in the US, or every four years for the UEFA Euro finals or FIFA World Cup, we know what it takes to ensure platform uptime.
As the partner of choice for iGaming and sports betting hosting, for both operators and suppliers alike, live in 31 US states, and supporting more than 90% of the largest brands in the marketplace (EGR US Power Rankings), we have the solutions and support systems in place that ultimately give companies the confidence they need to maximise the acquisition and retention opportunities these events present.
As standard for identified special sporting events, we:
In addition to this:
What’s key throughout is ensuring our customers are aware of all activity with notifications regularly sent such as internet and MPLS data, as well as average and maximum traffic in and out.
The Super Bowl is a huge event for sportsbooks, particularly now that the US has opened up online gambling (in varying capacity) in 31 states.
And after a very short amount of breathing space, we prepare for March Madness in the same vein!
Live in 31 states: Our expansion in the US began with a state-of-the-art data centre in Atlantic City, enabling customers to take advantage of the online sports betting market opportunities in New Jersey, while gaining immediate access to the Continent 8 global network. Today, we are live in 31 US states, with several new sites in the pipeline.
First-to-market: We have an aggressive strategy to ensure we are the first iGaming hosting provider in state, enabling our customers to capitalise on the fast-growing and competitive US iGaming and online sports betting market. Most recently, we went live in Missouri.
Regulated and compliant: We have vast regulatory experience and a dedicated compliance team, with strong regulator relationships across states, ensuring a complaint iGaming hosting solution for each.
Growing global team: We are a global team of 300+ specialists with a local presence – we ensure we have a team on the ground in the US to help you expand.
Learn more about our trusted solutions in the US here or contact the team via sales@continent8.com
The iGaming and online sports betting industry is facing unprecedented cybersecurity challenges, and multi-factor authentication (MFA) is becoming a crucial element for compliance and protection against cyber threats.
In this blog, Justin Cosnett, Chief Product Officer at Continent 8, will explore the cybersecurity landscape within iGaming, analyse the regulatory requirements for MFA in the US, discuss strategies for effectively navigating compliance while enhancing user experience and illustrate how passwordless MFA can be a game-changer in the iGaming industry.
In the rapidly expanding world of iGaming and online sports betting, cybersecurity has become a non-negotiable priority. As digital platforms proliferate, so do the threats aimed at them. Cyber criminals are constantly evolving their tactics, making it essential for operators to stay ahead of the curve. The stakes are high: a single breach can result in massive financial losses, reputational damage and erosion of customer trust.
Moreover, the nature of our industry, which involves real-time transactions and sensitive personal data, makes it an attractive target for cyber attacks. Implementing robust cybersecurity measures, including MFA, is not just about compliance; it’s about safeguarding the integrity of the gaming experience and protecting both the business and its players.
In the US, regulatory requirements for MFA vary by state.
Several regulated states have recognised the critical need for enhanced cybersecurity measures and have mandated the use of MFA for online gambling platforms. States such as Michigan, New Jersey and Pennsylvania are leading the charge – with others following suit – requiring operators to implement MFA to comply with state regulations.
These regulations are designed to protect consumers and ensure the integrity of the gaming environment. By requiring MFA, these states – and markets such as Brazil and Italy – aim to reduce the risk of unauthorised access and fraud, thereby fostering a safer and more trustworthy industry. Operators must stay informed about the regulatory landscape and ensure they meet all necessary requirements to avoid penalties and maintain their operating licenses.
Implementing MFA comes with its own set of challenges, particularly in balancing compliance with user experience. No operator wants to add friction to the login process, especially given the rise of live betting on mobile apps.
Statistics show that 20-30%* of users abandon login attempts due to friction caused by complex authentication processes. For iGaming and online sports betting operators, this can translate in a decrease in player engagement and potential profit losses of up to 20%*.
Businesses must navigate the tightrope of stringent regulatory compliance while ensuring a seamless and enjoyable user experience. This often involves investing in advanced MFA solutions that offer robust security without compromising on convenience.
Continent 8, in partnership with MIRACL, offers a cutting-edge passwordless MFA solution that addresses both security and user experience challenges. MIRACL’s technology eliminates the need for traditional passwords, replacing them with a single-step authentication process that is both secure and user-friendly.
Key statistics underscore the effectiveness of this solution: a 99.9% reduction in account takeovers, a 70% decrease in user login friction and a significant increase in user satisfaction and retention rates. By leveraging MIRACL’s passwordless authentication, operators can provide a seamless and secure login experience that meets regulatory requirements and enhances customer loyalty.
Quick. Easy. Successful.
Continent 8 is committed to supporting businesses in the iGaming and online sports betting industry with their cybersecurity needs. Our team of experts works closely with customers to design and implement a tailored MFA solution that align with regulatory requirements and business objectives.
Trust Continent 8 to be your partner in navigating the complexities of cybersecurity and regulatory compliance in the gambling industry.
Are you compliant? Are you losing players at login? Are you missing out on revenue? See a live demo of our MFA solution on our rapid-fire webinar, ‘Passwordless MFA:
Improve player login and maximise profit potential’ hosted by Justin on Monday 10 March. Register here.
Craig Lusher from our Secure team provides a comprehensive analysis of the latest Distributed Denial of Service (DDoS) statistics from the fourth quarter of the year and their implications for cybersecurity trends.
The fourth quarter of 2024 marked a significant shift in DDoS attack patterns, with 138 recorded incidents. This represents a substantial increase from 3Q’s 37 attacks, though remaining well below historical peaks like 2Q 2023’s 1,106 attacks. October emerged as the most active month, aligning with historical patterns of increased 4Q activity.
This is a trend not just at Continent 8. In fact, 4Q also happened to see the largest DDoS attack ever recorded, with Cloudflare mitigating a 5.6 (Terabits per second) Tbps Mirai-variant botnet attack on one of their customers on October 29.
4Q 2024 demonstrated interesting patterns in attack intensity:
This quarter’s largest attack of 13.4 Gbps represents a decrease from 3Q 2024’s peak of 37.0 Gbps. For perspective, this is dramatically lower than 4Q 2023’s peak of 412.9 Gbps, indicating a significant shift in attack methodologies.
Key statistics for 4Q 2024:
Key statistics for 4Q 2024:
Comparing 4Q 2024 with recent quarters reveals several interesting trends:
This shows a significant escalation in attack frequency during 4Q.
While attack frequency increased, intensity continued to decrease throughout the year.
The decrease in affected customers coupled with the dramatic increase in attacks per customer suggests a shift toward more targeted campaigns.
Comparing 4Q 2024 to 4Q 2023 shows significant changes in the threat landscape:
The higher volume but lower intensity of attacks suggests a fundamental shift in attacker strategies, focusing on persistent, lower-threshold campaigns rather than high-impact events.
The concentration of attacks on fewer customers, with more attacks per target, indicates a move toward more sophisticated, focused operations.
The shorter average attack duration (17.6 minutes) combined with increased frequency suggests a tactical shift toward ‘pulse’ style attacks rather than sustained campaigns.
While individual attack intensities have decreased significantly year-over-year, the dramatic increase in frequency and focus on specific targets suggests an evolution in threat actors’ strategies. The pattern of increased 4Q activity appears to be holding true, though manifesting differently than in previous years.
Organisations should prepare for:
Our best-in-class DDoS solution continues to evolve and in recent months we have amplified our scrubbing capacity to 5+ Tbps, as well as increased our scrubbing centres geographically deployed across multiple continents. Locations include Los Angeles, Chicago, New York, Miami, London, Amsterdam, Frankfurt, Singapore, Hong Kong and Sao Paulo.
Key features of our mitigation solution:
DDoS protection should also form part of a wider, multi-layered approach to cybersecurity. A 360-degree, end-to-end protection strategy should include DDoS mitigation solution as well as WAF/WAAP protection, MDR/EDR services, SIEM and SOC resources, VAPT assessments, backup solutions, and mobile device, phishing defence and MFA services.
This is the only way to have multiple protections in place for each attack type and to ensure the greatest level of resilience.
To learn more about how Continent 8 can help protect your organisation, contact a member of the team via sales@continent8.com or our Contact Us form.