Craig Lusher from our Secure team reviews the latest company attack data as the volume and complexity of attacks once again rise during the second quarter of the year
The relative calm of the first quarter ended abruptly with a sharp rise in the number of DDoS attacks being launched against our customers during Q2 2023.
This was a tumultuous continuation of the adverse events that marked December 2022, when a well-orchestrated campaign that coincided with the World Cup and the Christmas Holidays saw us bear the brunt of 3,367 separate DDoS events in Q4 2022 alone.
During the second quarter of this year, we had to deflect an equally significant 1,106 DDoS attacks, which represented a massive jump on the 186 attacks recorded in the first quarter.
The intensity of attacks peaked in May, with one customer being subject to an exceptional 669 attacks. Of all the attacks recorded during the three months, 29 unique customers were impacted which aligns with previous quarters.
Just eight attacks exceeded 100Gbps and 94 attacks surpassed the 10Gbps mark, which falls within typical averages. Interestingly, the majority of attacks (1,006 in total) fell under the 10Gbps limit, but these lower bandwidth attacks were associated with a high Packet Per Second (PPS) rate with a peak of 317MPPS reached in May – the highest ever recorded on our network.
To put this into context, the largest ever PPS attack recorded on the internet was by Akamai in June 2023, reaching a peak of 809MPPS against a European bank. So, what does this mean for businesses in the online gambling space?
It highlights the importance of considering not just the throughput but also the volume of Packets Per Second because even low throughput attacks could involve millions of packets per second, threatening network equipment rather than just internet bandwidth.
This is why it’s vital to take a multi-layered approach to cyber security so that systems, networks and data are properly protected from different types of attack at a time when the volume and length of attacks are once again on the rise.
One customer was subject to a prolonged attack lasting an astounding 800 hours compared to the previous quarter’s longest attack time of two hours.
Q2 2023 DDoS stats
Our latest statistics show that Continent 8 saw off a total of 1,106 attacks. Interestingly, there were no instances of customers suffering a repeat attack within a 24-hour period. That said, on average each customer encountered 38 attacks during the quarter, a dramatic rise from the two they encountered in Q1.
May was the most challenging month with 593 attacks recorded and with Paris being the most attacked location over the three months. However, Atlantic City and Gibraltar also experienced a high volume of sustained attacks.
The stats for the period from 1 April 2023 to 30 June 2023 relate to our customers based in different locations around the world. Key highlights include:
- Blocked 1,106 DDoS attacks up a massive 494% quarter on quarter.
- Customers were under attack for a total of 15,611.5 hours during the period which equates to 650 full days of attacks compared with 464.4 hours in Q1.
- Longest sustained attack was 800 hours or 33 days, up from two hours in Q1.
- No customers had repeat attacks within a 24-hour period.
- One customer was hit with 669 attacks over the three-months.
- Average attack size hit 4.8Gbps.
- Peak attack size reached 560Gbps.
- Peak packets per second hit a record 316.8MPPS.
This quarter’s results show yet another surge in attacks, particularly in May. However, attack tactics have changed once again with attack size reducing but with a significant increase in the Packets Per Second being delivered via attacks.
This means that the threat has changed somewhat – ensuring internet bandwidth is always vital but no more than ever organisations need to protect their network equipment and systems.
There has been a lot of discussion around the changing cyber threat landscape, but this month’s stats show that action is crucial if organisations are to ensure resilience an mitigate an attack which is now a case of when and not if.
Continent 8’s DDoS protection
Our iGaming cyber security solution continues to evolve and in recent months we have amplified our scrubbing capacity to 2.5+Tbps, as well as increased our scrubbing centres geographically deployed across multiple continents. Locations include Los Angeles, Chicago, New York, Miami, London, Amsterdam, Frankfurt, Singapore, Hong Kong and Sao Paulo.
Our iGaming solution is one you can rely on with a capacity only matched by the largest DDoS providers on the planet. Learn more about our DDoS solutions here or contact Craig via craig.lusher@continent8.com
