The online gaming business has quickly grown over the past few years into a successful multi-billion-dollar industry.
The activity of wagering money or something of value in exchange for an uncertain outcome predates recorded history, and China is considered the birthplace of gambling. One of the oldest gambling games in existence is Keno, which dates back to the Han Dynasty between 205 and 187 B.C.
Fast-forward to the present time, the gambling world has rapidly adapted to the changing times with the technological advances made in the marketplace.
For example, online gambling sites offer betting, gaming, and lottery through cutting-edge devices (smartphones, tablets, PCs, and laptops). According to a PR Newswire report, the global online gambling market is expected to grow and gross at a compound annual growth rate (CAGR) of 10.73 percent over the period of 2014 to 2019.
The industry continues to amass substantial business and by 2015 revenues were forecast to reach $41.4 billion, according to Statista.com. The latest development is that industry is expected to have an increase in distributed denial-of-service (DDoS) attacks carried out by cyber-criminals and competitors alike in the New Year.
Previously, the news of data breaches happened frequently in industries such as finance, banking, telecommunications, and others. Now, the online gambling sector is garnering all of the attention.
A report by Yogonet.com confirmed that the industry was the target of half of the DDoS attacks in third quarter of 2015. Furthermore, it was reported that the average length of a DDoS attack on an online gaming site was 18.86 hours.
Just in the last decade, the industry has nearly tripled its performance from $15 billion to $40 billion in earnings. Online operators do not just have to deal with complex agreements (Internet compliances, financial, and business), but try to mitigate attacks, as reported by Goldsecurity.com.
Insights, High Profile Attacks, and Global Gaming Outlook
If you think or believe an unmitigated DDoS attacks does not cost a business think again. On average, they cost $40,000, which is the amount it takes to recruit a hacker to hire a botnet. (A comprehensive visual graphic that examines the impact of DDoS on the online gambling industry can be found here.)
Given the profitability of this growing industry, recent research from Kaspersky Lab and B2B International hinted that IT professionals believed these attacks were organized by a competitor. The following list illustrates how active and frequent DDoS attacks are targeted towards these businesses:
- “9 out of 20 online gambling businesses are attacked.”
- “1 in 10 online gambling businesses was attacked in the last week.”
- “1 out of 2 attacks are launched or funded by rival businesses.”
- “3 out 4 online gambling businesses are attacked more than once.”
- “9 out 10 online gambling businesses have been attacked in the last 12 months.”
Naturally, the question now is have there been attacks on prominent online gaming sites? The answer is a resounding “yes.” A detailed analysis by the online casino and gambling information directory, Jackpot.co.uk, confirmed five of the most high-profile DDoS cases in the iGaming sector.
These cyberattack cases included three major operators: PokerStars, BETAT, and Betfair.
Two of the previously mentioned cases reached the courts. The others were orchestrated through extortion and ransom of money in exchange for terminating these costly cyberattacks.
It is becoming a common practice and tactic for attackers to exploit since they know it will cost operators significant money for the downtime. It gets worse if it’s during a major gambling or sporting event, since new or existing gamblers will turn to another service.
These campaigns targeting online operators are not taken lightly. A recent news report by Welivesecurity.com stated that European countries have arrested people responsible for the distributed denial-of-service for Bitcoin (DD4BC).
One of the challenges is that private companies do not always report these incidents.
Takeaways and Conclusions
As the online gambling industry grows its profits, proceeds, and revenues from quarter to quarter these attacks won’t be going away anytime soon. We have learned that some of these DDoS campaigns were the result of an inside job.
The geographical origins of these DDoS attacks come from the following countries including their bot traffic percentage distribution, according to Gold Security:
- China 14.9 percent
- Vietnam 13.8 percent
- United States 9.7 percent
- Brazil 9.5 percent
- Thailand 8.1 percent
Online operators should expect that for operations to run smoothly they will have to invest heavily in deploying more secure channels and infrastructure protection layers.
For 2016, the online gambling industry will be overwhelmed on how to best implement online security channels; it will also be subject to incremental regulatory requirements. A publication by PricewaterhouseCoopers (PwC) confirms the European Union (EU) will be moving to install regulatory regimes.
Moreover, the PwC findings reveal greater intervention of the regulatory apparatus and taxation of revenues. This could eventually push the EU and the United States to further pool online gaming liquidity.
The online gaming industry is entrenched with possibilities. In an era invaded with technology and high-tech devices, it is clear that regulating the sector will be difficult for governments. Finally, law enforcement agencies will have their work cut out for them on trying to mitigate an attack and online operators can anticipate for more sophisticated cyberattacks to come their way.