The age of information highway robbery

Distributed Denial of Service (DDoS) attacks are a widespread problem in the iGaming industry with hackers betting that they can make money from online gambling merchants by threatening to take down their primary revenue source, the gambling website. A recent report of a British Internet bookmaker paying £20,000 to online extortionists has brought the issue to the forefront but this is not an isolated incident.

The practice of cyber-extortion is common; not only in the online gambling/gaming market, but in other sectors where downtime and reputational damage costs escalate to exceed the modest ransom amount. In a recent survey conducted by Vanson Bourne amongst 100 UK businesses, 47% of IT managers at larger companies with over 3000 employees that had experienced a DDoS attack in the past year attributed the motive for the attack to financial extortion.

Place your bets: Why target the iGaming industry?
Online gambling is a fast moving market, in which time is literally money. It is fiercely competitive as companies vie for customers. Yet customer loyalty can be fleeting when it is time to make a bet and the service is not available. DDoS attacks can quickly drive players to alternate venues as the tolerance for unpredictable site performance is low.

Ransom demands are not uncommon and they can amount to tens of thousands of pounds with the perpetrators often hiding behind the networks of Eastern European countries and other nations where it is hard to track down the beneficiaries.

Many organisations may feel the temptation to just pay the ransom as a cost of doing business. The threat of a DDoS attack is usually timed for maximum effect and the attackers justify the size of the ransom based on the likely financial impact of a sustained and successful DDoS attack. Unfortunately for companies that pay the ransom there is no guarantee they will avoid being targeted again. We also believe these incidents are under reported as many companies do not disclose such incidents to avoid the associated negative publicity and brand damage.

Hold the winning hand and defend the perimeter
It is a game of escalating stakes as attackers use increasingly sophisticated techniques to cause disruption. Organisations are responding by implementing new cyber defence technologies at the perimeter of their networks to stop these events before they cause a problem. On premise, dedicated DDoS appliances placed at the network perimeter are a critical component of any modern defense solution.

However, in many organisations, traditional firewalls bear the brunt of the attackers’ network traffic as they are positioned at the forefront of the legacy infrastructure stack. Firewalls were not designed to handle this type of malicious activity and typically get overloaded when processing large numbers of connections for both good and bad traffic. Other traditional security devices e.g. IPS, SLB and WAF are not designed to eliminate the unwanted or malicious traffic “noise” coming from the Internet.

As a result, legitimate traffic gets impeded while malicious attacks may slip through undetected. At the end of the day, the legitimate customer’s good traffic is negatively impacted by the attacker’s bad traffic that is designed to overwhelm the target IT infrastructure.

Don’t play Russian Roulette with legitimate traffic
Though firewalls remain a critical security component, they are no longer the best type of device to deploy as the network’s first line of defense. Attackers know the limitations and have devised attacks that can evade or overwhelm a firewall other security devices. In order to allow these important devices to do their intended jobs, a new First Line of Defense must be deployed to eliminate the unwanted traffic from the network before it reaches the network. When the unwanted or malicious traffic noise is blocked, the internal network infrastructure can proceed unimpeded to allow the good customer traffic to have controlled, secured and streamlined access to the critical business applications and data.