Craig Lusher from our Secure team provides a comprehensive analysis of the latest DDoS statistics from the third quarter of the year and their implications for cybersecurity trends.
The third quarter of 2024 has continued to show relatively low DDoS attack activity, with 37 attacks recorded. This represents a slight increase from 2Q’s 32 attacks but remains significantly lower than the 359 attacks recorded in 3Q 2023. The most active month was July, which aligns with historical patterns of increased summer activity.
3Q 2024 showed some interesting patterns in attack intensity:
This quarter’s largest attack (16.8 Gbps) represents a significant decrease from 2Q 2024’s peak of 85.5 Gbps. For perspective, this is dramatically lower than the massive attacks seen in 2023, which peaked at 560.6 Gbps in Q2 2023, and over 1Tbps prior to that.
Key statistics for 3Q 2024:
Comparing 3Q 2024 with recent quarters reveals several interesting trends:
This shows a relative stabilisation at lower attack volumes compared to 2023’s numbers.
While more intense than 1Q, 3Q’s attacks remained relatively moderate compared to historical peaks.
The consistent number of affected customers over 2Q and 3Q 2024 suggests a stable threat landscape, though individual customers faced more repeated attacks in 3Q.
Comparing 3Q 2024 to 3Q 2023 shows a dramatic shift in the threat landscape:
The lower volume but moderate intensity of attacks suggests a shift in attacker strategies, possibly focusing on more targeted, strategic attacks rather than broad campaigns.
The average attack duration of 2 hours shows a trend toward longer, more sustained attacks compared to previous quarters, potentially indicating more sophisticated attack strategies.
While attack volumes remain relatively low compared to 2023 and previous, the increase in attacks per individual customer and attack duration suggests continued evolution in threat actors’ strategies. Organisations should maintain robust DDoS protection despite the lower overall attack volumes, as the pattern of attacks suggests more targeted and potentially more sophisticated approaches.
The historical pattern of increased activity during major sporting events and holiday periods suggests potential for increased activity in the upcoming quarters, particularly with various significant events on the horizon.
This analysis demonstrates the importance of maintaining comprehensive DDoS protection and the value of Continent 8’s multi-layered security approach, even during periods of relatively low attack volume.
Our best-in-class DDoS solution continues to evolve and in recent months we have amplified our scrubbing capacity to 5+ Tbps, as well as increased our scrubbing centres geographically deployed across multiple continents. Locations include Los Angeles, Chicago, New York, Miami, London, Amsterdam, Frankfurt, Singapore, Hong Kong and Sao Paulo.
Key features of our mitigation solution:
DDoS protection should also form part of a wider, multi-layered approach to cybersecurity. A 360-degree, end-to-end protection strategy should include DDoS mitigation solution as well as WAF/WAAP protection, MDR/EDR services, SIEM and SOC resources, VAPT assessments, backup solutions, and mobile device and phishing defence services.
This is the only way to have multiple protections in place for each attack type and to ensure the greatest level of resilience.
To learn more about how Continent 8 can help protect your organisation, contact a member of the team via sales@continent8.com or our Contact Us form.
Craig Lusher from our Secure team takes a deep dive into the latest DDoS stats from the second quarter of the year
As was the case in the first quarter of 2024, Continent 8 continues to see a decline in DDoS attacks against its customers with just 32 incidents reported across customers in the second quarter of the year. This marks a 45% decrease from the 58 attacks recorded in the previous quarter and is a mere fraction of the 1,106 DDoS attacks successfully thwarted during the corresponding period in 2023.
The quarter’s fluctuation in the number of attacks per month, with 8 in April, 5 in May and 19 in June, indicates varying attack campaigns or possibly enhanced defensive strategies.
The intensity of attacks in the second quarter of 2024 escalated significantly than in the previous quarter in terms of peak attack size:
This quarter’s surge in peak attack intensity, particularly in June, indicates a concerning trend towards more powerful DDoS attempts, despite their decreased frequency.
The highest number of attacks a single customer faced was 7, a significant reduction from the peak of 25 attacks in the first quarter. This data indicates a shift towards a more distributed pattern of attacks in the second quarter compared to the first quarter.
The timing and frequency of attacks in the second quarter of 2024 reveal some interesting trends:
These figures indicate that while there were fewer attacks overall, they tended to last longer on average, with some attacks being significantly more persistent than in the previous quarter. Prolonged attacks can strain resources for unprotected customers, potentially leading to substantial disruptions if critical systems or services are compromised by malicious activity.
The second quarter of 2024 witnessed a significant reduction in overall DDoS activity compared to the first quarter. However, there has been a concerning uptick in the intensity of attacks, particularly in June, posing a greater risk of potential damage. The fluctuations observed throughout the quarter, peaking with a spike in June, suggest evolving DDoS attack strategies. Employing an advanced DDoS mitigation system and solution is essential to safeguard against potential threats.
Our best-in-class DDoS solution continues to evolve and in recent months we have amplified our scrubbing capacity to 2.5+ Tbps, as well as increased our scrubbing centres geographically deployed across multiple continents. Locations include Los Angeles, Chicago, New York, Miami, London, Amsterdam, Frankfurt, Singapore, Hong Kong and Sao Paulo.
Key features of our mitigation solution:
DDoS protection should also form part of a wider, multi-layered approach to cybersecurity. A 360-degree, end-to-end protection strategy should include DDoS mitigation solution as well as WAF/WAAP protection, MDR/EDR services, SIEM and SOC resources, VAPT assessments, backup solutions, and mobile device and phishing defence services.
This is the only way to have multiple protections in place for each attack type and to ensure the greatest level of resilience.
To learn more about how Continent 8 can help protect your organisation, contact a member of the team via sales@continent8.com or our Contact Us form.
On May 2, 2024, the Secretariat of Prizes and Bets (SPA) and the Ministry of Finance (MF) issued Ordinance No. 722 (link here in Portuguese). This set of regulations outlines the essential technical and security criteria that iGaming and online sports betting operators must adhere to within six months of obtaining their gaming licenses.
In a series of blogs over the coming months, Luana Monje, Sales Executive at Continent 8 Technologies, will examine the various requirements for regulated iGaming in Brazil. First up, she examines the penetration testing requirement, along with other cybersecurity considerations, in more detail.
Ordinance 722, Annex IV, section 41 – Penetration testing: The purpose of penetration testing is to exploit any weaknesses discovered during the vulnerability assessment in any publicly exposed applications or systems that host applications that process, transmit and/or store sensitive information.
Executing thorough penetration testing is a testament to an organisation’s dedication to safeguarding user data. Ordinance 722 defines penetration testing as systematically challenging the strength of network and application layers so that operators and suppliers can identify and rectify vulnerabilities.
Our Vulnerability Assessment and Penetration Testing (VAPT) services provide comprehensive security assessments for a customer’s infrastructure and applications. The VAPT solution enables organisations to achieve regulatory compliance and understand their attack surface area, providing a strong foundation for strengthening security posture.
Key benefits include:
VAPT use case: Read how Continent 8 Technologies supports ODDSworks with cybersecurity audit and vulnerability assessment penetration test services. |
Ordinance 722 offers a set of ground rules from which iGaming and online sports betting operators and suppliers should start. Beyond the suggested checklist, operators and suppliers should also consider a holistic approach that ensures end-to-end protection against any security and cyber threat. A 360-degree defense strategy includes:
By referencing the SPA and MF’s Ordinance 722 policies and partnering with an experienced and trusted solutions provider like Continent 8, operators and suppliers can deploy multi-defense, multi-layer security protection strategies for their iGaming and online sports betting platform. This approach enables them to comply with Brazil’s latest technical and security regulations while demonstrating their commitment to providing secure and trustworthy gaming environments and experiences.
Continent 8 Technologies, the trusted managed hosting, connectivity, cloud and cybersecurity partner to the global iGaming and online sports betting industry for over 25 years, is live in every major regulated Latin American (LATAM) jurisdiction, including Brazil.
Operating out of the LATAM region since 2020, we offer operators and suppliers access to state-of-the-art data centers, connectivity to a global private network featuring 100+ locations across four continents and best-in-class managed and professional services to support the most demanding iGaming and online sports betting requirements.
Discover why Continent 8 is the go-to infrastructure and cybersecurity provider for leading LATAM operators and suppliers such as Betcris, Boldt, Bplay and Vibra Gaming, and learn how we ensure the seamless implementation of compliant and secure infrastructures so that your Brazilian gaming operations are live from day one.
For more information on how Continent 8 can support your organisation’s regulatory and cybersecurity requirements, contact Luana at luana.monje@continent8.com.
Em 2 de maio de 2024, a Secretaria de Prêmios e Apostas (SPA) e o Ministério da Fazenda (MF) emitiram a Portaria nº 722. Este conjunto de regulamentos define os critérios técnicos e de segurança essenciais que os operadores de iGaming e de apostas desportivas online devem cumprir no prazo de seis meses após a obtenção das suas licenças de jogo.
Em uma série de blogs nos próximos meses, Luana Monje, Executiva de Vendas da Continent 8 Technologies, examinará os vários requisitos para o iGaming regulamentado no Brasil. Em primeiro lugar, ela examina o requisito de teste de penetração, juntamente com outras considerações de segurança cibernética, em mais detalhes.
Portaria 722, Anexo IV, secção 41 – Testes de penetração: O objetivo dos testes de penetração é explorar quaisquer pontos fracos descobertos durante a avaliação de vulnerabilidades em quaisquer aplicações ou sistemas expostos publicamente que alojem aplicações que processem, transmitam e/ou armazenem informações sensíveis.
A realização de testes de penetração completos é uma prova da dedicação de uma organização à proteção dos dados dos utilizadores. A Portaria 722 define os testes de penetração como um desafio sistemático à força das camadas de rede e de aplicação para que os operadores e fornecedores possam identificar e retificar vulnerabilidades.
Os nossos serviços de Avaliação de Vulnerabilidades e Testes de Penetração (VAPT) fornecem avaliações de segurança abrangentes para as infra-estruturas e aplicações de um cliente. A solução VAPT permite que as organizações atinjam a conformidade regulamentar e compreendam a sua área de superfície de ataque, fornecendo uma base sólida para reforçar a postura de segurança.
As principais vantagens incluem:
Caso de utilização VAPT (em inglês): Leia como a Continent 8 Technologies apoia a ODDSworks com serviços de auditoria de cibersegurança e teste de penetração de avaliação de vulnerabilidades.. |
A portaria 722 oferece um conjunto de regras básicas a partir das quais os operadores e fornecedores de iGaming e de apostas desportivas em linha devem começar. Para além da lista de verificação sugerida, os operadores e fornecedores devem também considerar uma abordagem holística que garanta uma proteção completa contra qualquer ameaça à segurança e à cibersegurança. Uma estratégia de defesa de 360 graus inclui (ligações de produtos em inglês):
Ao fazer referência às políticas da SPA e da Portaria 722 do MF e fazer parceria com um provedor de soluções experiente e confiável como o Continente 8, operadores e fornecedores podem implantar estratégias de proteção de segurança multi-defesa e multi-camadas para sua plataforma de apostas esportivas iGaming e online. Essa abordagem permite que eles cumpram as mais recentes regulamentações técnicas e de segurança do Brasil, ao mesmo tempo em que demonstram seu compromisso em fornecer ambientes e experiências de jogos seguros e confiáveis.
A Continent 8 Technologies, parceira confiável de hospedagem gerenciada, conetividade, nuvem e segurança cibernética para a indústria global de iGaming e apostas esportivas online há mais de 25 anos, está ao vivo em todas as principais jurisdições regulamentadas da América Latina (LATAM), incluindo o Brasil.
Operando a partir da região LATAM desde 2020, oferecemos aos operadores e fornecedores acesso a centros de dados de última geração, conetividade a uma rede privada global com mais de 100 locais em quatro continentes e os melhores serviços gerenciados e profissionais da categoria para apoiar os requisitos mais exigentes de iGaming e apostas desportivas online.
Descubra por que o Continente 8 é o provedor de infraestrutura e segurança cibernética para os principais operadores e fornecedores da LATAM, como Betcris, Boldt, Bplay e Vibra Gaming, e saiba como garantimos a implementação perfeita de infraestruturas compatíveis e seguras para que suas operações de jogos brasileiras estejam ao vivo desde o primeiro dia.
Para obter mais informações sobre como o Continente 8 pode apoiar os requisitos regulatórios e de segurança cibernética da sua organização, visite Continent8.com ou contactar Luana em luana.monje@continent8.com.
Join Craig Lusher from our Secure team as he takes a deep dive in the latest DDoS stat from the first quarter of the year
It’s been a quiet start to the year in terms of the number of DDoS attacks being launched against Continent 8 customers. In the first three months of 2024, we recorded just 58 attacks across 14 customers compared to the 184 recorded during the same period in 2023.
The year started with 17 attacks recorded in January, almost doubling to 30 in February before dropping back down to 15 in March – this compares with 116, 34 and 34 in January, February and March 2023 respectively.
The fluctuation in attack numbers over the first three months of the year suggests varying attack campaigns targeting different customers. Interestingly, the highest number of attacks were launched against customers based in Kahnawake.
The intensity of attacks was far less ferocious than in previous quarters where we registered attacks over 1Tbps – in 1Q24 it was a far more manageable 3Gbps. Throughout the quarter, the average size of attack was <1Gbps which is a record low for Continent 8 in recent years.
While the size of attacks is on the low side, the disparity between the largest and the average is significant and suggests that while most attacks were smaller there were some outliers (including the 3Gbps attack) that increased the average in February and March.
Of the customers attacked over the first three months of the year, one customer was subject to 25 attacks making it the most targeted. This indicates that specific customer was victim to a persistent targeted attack, which is why we recommend organisations deploy our DDoS Mitigation Service.
It also highlights that some organisations are at greater risk than others and may require additional protective measures depending on the products and services they offer and the markets they are active in.
While the scale of attacks was moderate by global standards, their frequency and duration are cause for concern. That total attack duration for Q1 amounted to 36.6 hours, with the longest attack lasting a total of 2.1 hours resulting in an average attack length of 38 minutes for the quarter.
Such durations can strain resources for unprotected customers and potentially lead to significant disruptions if critical systems or services are targeted.
Despite a drop in the number of DDoS attacks on our customers in the iGaming and sports betting industry, the need for DDoS protection is still paramount, especially for customers who are more susceptible and vulnerable to attack. This is certainly the case as we move toward a summer of major sports events including the Olympics and UEFA Euro 2024.
DDoS protection should form part of a wider, multi-layered approach to cybersecurity that also includes WAF/WAAP protection, backup solutions, MDR/EDR services, VAPT assessments, mobile device and phishing defence as well as SIEM and SOC resources.
This is the only way to have multiple protections in place for each attack type, including DDoS, and to ensure the greatest level of resilience.
Of course, our data and analysis should also be used to inform cybersecurity strategies moving forward and for resource allocation for DDoS mitigation efforts.
Our DDoS solution continues to evolve and in recent months we have amplified our scrubbing capacity to 2.5+Tbps, as well as increased our scrubbing centres geographically deployed across multiple continents. Locations include Los Angeles, Chicago, New York, Miami, London, Amsterdam, Frankfurt, Singapore, Hong Kong and Sao Paulo.
Key features of our mitigation solution:
To learn more about how Continent 8 can help defend your organisation against DDoS attacks, contact a member of the team via sales@continent8.com or fill out the form on our Contact Us page
Craig Lusher from our product team reviews the latest attack data with the intensity of attacks peaking in July and with one customer being hit 98 times over the three-month period
The third quarter of 2023 saw a significant reduction in DDoS attacks launched against Continent 8 customers.
The total number of attacks hit 359 during the period, down from 1,106 in Q2 where there was a continuation of the tumultuous adverse events that marked December 2022 with a well-orchestrated campaign that coincided with the World Cup and the festive holidays.
This saw Continent 8 defend 3,367 separate DDoS in the fourth quarter of 2022 alone.
In the third quarter of 2023, the intensity of attacks peaked in July with 195 separate incidents recorded. This was followed by August with 112 and September with 52. Over the three months, 24 unique customers were attacked making it a widespread issue rather than being isolated to a few customers.
On average, each customer faced 15 attacks in Q3, but one customer was subject to 98 attacks indicating a targeted effort and underscoring the need for all organisations to have specialised protective measures in place.
When it comes to the characteristics of attacks, there was great cause for concern with the largest attack hitting a staggering 149.7Gbps which could potentially cripple the most robust networks. The average size of attack was 2.27Gbps – manageable but not negligible.
The highest Peak Packets Per Second (PPS) recorded was 14.6 Mpps, and while this was substantially down on the 317 Mpps recorded in May 2023, it still indicates the scale of some of the attacks launched against Continent 8 customers during the quarter.
This highlights the importance of considering not just the throughput but also the volume of Packets Per Second because even low throughput attacks could involve millions of packets per second, threatening network equipment rather than just internet bandwidth.
This is why it’s vital to take a multi-layered approach to cybersecurity so that systems, networks and data are properly protected from different types of attack at a time when the volume and length of attacks remain high.
One customer was subject to an attack lasting more than 20 hours – so close to a full day. This shows the persistence of attackers. That said, the average attack duration during Q3 was 0.76 hours which comes to about 45 minutes.
This suggests most attacks were aiming for quick disruptions rather than prolonged engagement. Again, this is different to the previous quarter where the longest attack lasted an astounding 800 hours.
Interestingly, there were no attacks exceeding 1 Tbps, but there were four attacks exceeding 100 Gbps and four more in the range of 10-100Gbps. The majority of attacks – 350 altogether – were under 10 Gbps. This compares to a peak attack size of 560 Gbps in Q2.
When it comes to repeat attacks, 10 customers were hit for a second time in a 24-hour period – interestingly, in Q2 there were no instances of customers suffering repeat attacks within 24 hours – so this marks the return of attackers going after the same target multiple times.
The stats for the period from 1 July 2023 to 30 September 2023 relate to our customers based in different locations around the world. Key highlights include:
This quarter’s results show that attack tactics have changed once again with attack size reducing but with significant Packets Per Second being delivered via attacks.
This means that the threat has changed somewhat from earlier in the year – ensuring internet bandwidth is always vital but now more than ever organisations need to protect their network equipment and systems.
There has been a lot of discussion around the changing cyber threat landscape, but this quarter’s stats show that action is crucial if organisations are to ensure resilience and mitigate an attack which is now a case of when and not if.
Our solution continues to evolve and in recent months we have amplified our scrubbing capacity to 2.5+Tbps, as well as increased our scrubbing centres geographically deployed across multiple continents. Locations include Los Angeles, Chicago, New York, Miami, London, Amsterdam, Frankfurt, Singapore, Hong Kong and Sao Paulo.
Our proven platform is one you can rely on with a capacity only matched by the largest DDoS providers on the planet. Learn more about our DDoS solutions here or contact Craig via craig.lusher@continent8.com
Distributed denial-of-service (DDoS) attacks threaten data integrity of numerous companies worldwide. Unlike a DoS attack, which originates from a single location, DDoS attacks occur from multiple locations simultaneously, making securing data potentially more complicated.
Understanding the mechanism of DDoS attacks and what an enterprise must do to safeguard its data against them is critical. Here Craig Lusher, Senior Product Specialist – Secure, discusses where DDoS attacks originate and why it is important to deploy thorough prevention strategies.
DDoS attacks involve hackers flooding a network or server with fake traffic. They overwhelm the system, disrupting genuine user requests and causing the server to crash. During a DDoS attack, your website will be bombarded with requests from various sources for an extended duration.
These requests are not a result of a sudden increase in legitimate visitors. Instead, they are automated and originate from a limited number of sources, the quantity of which depends on the attack’s size.
DDoS attacks can come from competitors or other entities that intend to disrupt access to website’s content. Either way, it poses significant risks to the company’s integrity.
For instance, research conducted in 2022 revealed a 74 percent increase in DDoS attacks, causing disruptions and financial losses. Most of these attacks targeted the fintech industry, accounting for 34 percent of these attacks and experiencing a twelvefold rise in attack traffic. Experts also predicted that the number of DDoS attacks would double, going from 7.9 million in 2018 to over 15 million by 2023.
Moreover, DDoS attacks can have widespread consequences beyond individual data breaches. They can disrupt entire networks, affecting critical services and the availability of websites and online platforms. For businesses, these attacks can lead to significant financial losses, harm their reputation, and diminish customer trust.
Seeing how significant the impact of DDoS attacks is, use the following strategies to shield your server from these threats.
To strengthen your hosting against DDoS attacks, you need sufficient bandwidth to manage traffic spikes caused by cyber attacks. Increasing bandwidth makes it harder for attackers to execute successful DDoS attacks. However, this won’t be enough to protect your website thoroughly. It would be best to combine it with other mitigation tactics for comprehensive cyber security.
Anticipating a cyber attack in advance is essential for a proactive security architecture, enabling a quick response to potential threats before they can harm your website. An effective security plan includes identifying your response team, prioritizing critical functions, and establishing communication with your Internet Service Provider, which can help stop the attack.
When you notice a sudden increase in traffic to a host, you can use ‘rate limiting’ to manage the incoming traffic at a level the host can handle without causing disruptions. Advanced security goes further by checking each packet to see if it’s valid. If you want to do this effectively, you must understand what normal, legitimate traffic for the target looks like and then compare each packet to this standard. This will help you identify any unusual patterns or potential threats.
To protect against DDoS attacks, your infrastructure should be robust. Instead of relying solely on firewalls, you can diversify your approach by distributing data centers across different networks, avoiding concentration in one location, placing servers in multiple data centers, and ensuring uninterrupted traffic flow without network bottlenecks.
Make sure to follow strong security practices, like changing passwords regularly, using secure authentication, and avoiding phishing attacks. Reducing user errors within your organization enhances safety, even during an attack.
Black hole routing is a method to stop DDoS attacks by discarding harmful traffic before it reaches the target. It works by directing traffic to a non-existent “black hole” interface, effectively blocking traffic from the source of the attack. Although it is a reactive measure, it reduces the impact of DDoS attacks.
A cloud-based DDoS service like Continent 8 is essential for effective protection. The cloud offers more bandwidth than on-premises resources and distributes servers across different locations, enhancing security for many websites with limited resources.
Log monitoring provides valuable insights into your web traffic, enabling real-time threat detection and a faster DDoS mitigation process. By analysing log traffic statistics, you can identify when significant traffic spikes occur and determine the servers affected by the attack. Log analysis can also save time by notifying you about unwanted events in advance, reducing the time and effort needed for troubleshooting.
Your network may slow down unexpectedly, your website could shut down, and you might start receiving an influx of spam. Additional signs of a DDoS attack include slow performance, excessive traffic from a single source, frequent crashes, poor connectivity, and any other unusual patterns, like a sudden surge in traffic from a single IP address.
A web application firewall (WAF) protects against harmful traffic that targets application vulnerabilities. It watches for unusual traffic patterns, blocking malicious ones while allowing legitimate ones. When you position a WAF between your server and the internet, it acts like a shield, ensuring all traffic goes through it first.
Security providers like Continent 8 assist global enterprises in protecting their servers from these malicious attacks. Ensure that you are implementing the industry’s best practices and be adaptive to changes.