DDoS attacks continue to develop in size, sophistication and frequency. It costs billions of dollars in damage across intellectual property, brand reputation and lost customers for companies all around the world.

Any business with an online presence is always exposed to DDoS attacks. However, the most recent report from Imperva shows that this is particularly true in the iGaming industry.

This article provides a high-level overview of what a DDoS attack is, how and why it impacts the iGaming industry so severely, and thus why mitigation is critical. The intention is to offer C-suite with a fundamental understanding of one of the most common internet borne attacks.

‍

Briefly, what is DDoS?

The clue is in the name with this type of cyber attack. It stands for 'Distributed Denial of Service". Such an attack is launched by flooding a company's network with enormous volumes of traffic and malicious IP data packets, usually using a botnet. This overwhelms their servers and resources.

The result? The intended services are no longer available and legitimate users can't access them. The service is denied.

There are several types of DDoS attacks. That described above is a 'volumetric' attack, which is the most common. Why? Because it is the most straightforward approach for a cybercriminal. Botnets can simply be hired for as little as $40, meaning little to no skill (or money) is needed to swarm a system.
‍

‍

Other types include connection, fragmentation and application attacks. More sophisticated DDoS attacks can also be aimed at the Network or the Application layer. The former relates to overwhelming a network or server and consumes all of its available resources. The latter causes a breach or vulnerability in a web application, overloading the database powering it. Such attacks imitate genuine user traffic, making them tougher to detect.

Hit-and-run attacks are also on the rise. As their name suggests, these consist of short packet bursts at random intervals over a long period of time. They can last for days or even weeks. They are not continuous and are specifically designed to exploit slow-reacting anti-DDoS solutions. The low cost and ease of deployment make hit and run attacks consistently popular.

‍

DDoS and iGaming: Why the House doesn't always win

iGaming are increasingly at risk of DDoS attacks. Around 36% of all DDoS strikes in 2019 were directed at gaming companies. 31% hit gambling sites. As the online gambling environment only continues to grow, we can expect the risk to rise with it.

‍

So why is this?

• These industries wholly rely on system availability and connectivity. They are the most affected when an attack occurs because their entire service is dependent on the internet.
• Direct revenue interruption to the target.
• Because of their predictable rush hours over weekends, or during major sporting events, iGaming sites are easy targets for DDoS attacks.
• Online gambling is a hyper-competitive industry. Some attacks are launched to damage rival companies. It is thought that 1 out of 2 attacks are launched or funded by rival businesses.
• Gambling regulations are easing in some parts of the world. As a result of deregulation, the sports betting market in many US states has exploded in the last 18 months.
• Other, broader reasons for cyberattacks are also applicable to the gaming industry. Hacktivism is one of these. Hacktivists typically target political, media, or corporate websites to protest their actions. Still, iGaming sites fall victim to this too.
• Vandalism. Cyber vandals, typically disgruntled users or random offenders, often attack gaming services or other high-profile targets.

‍

What is the impact of a DDoS on an iGaming organisation?

‍

For the very reasons they are attacked in the first place, the losses caused by DDoS attacks can be incredibly detrimental to online gambling companies.

When a DDoS strikes, the service will either become remarkably slow or be taken offline completely. In gaming and gambling, instantaneous response time is essential. Even minimal latency spikes in the milliseconds may cost a player their game. In real-time betting, excessive response times might determine a bid or wager is not accepted. Whatever the case, any delay can be the difference between victory and defeat. With high stakes, this is not a risk worth taking for you as the gaming operator, or for your customer parting with their money.

Loss of customers

Customers participating in this sector are sensitive to placing bets immediately, experiencing real-time streams of casino streams, and no-fuss payouts of their winnings. Suppose they are unable to place bets, or they make a decision informed by something too late due to slow response times. In that case, the chances are they will quickly turn to a rival company instead. This is especially the case of live sports betting, where timing is everything, and players are serious about placing bets.

Loss of reputation‍

Since this is a hyper-competitive sector, and as mentioned, a high-risk activity, reputation means everything. News of unreliable or inadequate latency travels fast within player communities. This results in new users or prospects to signup with competitors as an alternative.

Direct financial hit‍

Aside from the loss of revenue caused by losing customers both directly and indirectly, other financial blows come from a DDoS attack. As mentioned, DDoS Botnets can be hired for $40? On average, it costs $40,000 to recover from an unmitigated DDoS attack. Per hour.

These recovery costs on top of the loss of customers, lawsuits, refunds and opportunity losses makes DDoS an extremely damaging crisis for iGaming companies.

‍

How can iGaming companies protect themselves?

‍

Simply put, with a DDoS Mitigation Service. Gartner recommends: "DDoS mitigation services should be a standard part of business continuity/disaster recovery planning, and should be included in all internet service procurements when the business depends on the availability of internet connectivity".

To maintain brand reputation and reliable revenue, online casinos and sports gambling sites must be assured that all incoming network traffic is 100% secure. DDoS mitigation helps to provide multiple layers of security and reaches beyond the data centre, identifying and overcoming DDoS attacks.

It works by diverting DDoS traffic in the network layer. This helps to absorb any potential application-layer DDoS traffic at the network edge. This means that the threat can be prevented in the cloud before it reaches the customer origin. Your users do not need to know and do not care that you are under attack. So, any mitigation solution must continue to allow users to access and use your site without delays, holding areas, splash screens or seeing old cached content.

‍

The 01T DDoS Security Platform provides an Always-On, comprehensive mitigation system to protect your entire IP estate and ensures that your business stays up and running.

It supports Unicast and Anycast technologies, powering a many-to-many defence methodology. This automatically detects and mitigates attacks exploiting application and server vulnerabilities, hit-and-run events and large botnets. With global scrubbing centres, the platform can absorb over 65 billion simultaneous attack packets while seamlessly passing legitimate traffic to its destination.  

Operators of gaming and gambling services must adopt actions to protect their systems from DDoS and other attacks to ensure continuity and customer retention. As the gambling and iGaming industry is at an all-time high, the existing threat only continues to grow.

For more information on DDoS and how 01T can help you - use the form below, and one of the team will be in touch shortly.