Online businesses and customers continue to experience inconvenience from distributed denial-of-service (DNS) attacks. Even worse, downtime due to attacks can be costly for businesses and frustrating for consumers.
DDoS Trends – More Frequent, Greater, and Easier To Launch Than Ever
According to industry reports and current trends DDoS attacks are on the rise. One recent study found that all industries saw an increase in the number of incidents reported in 2014.
Gaming industry is well aware of the increasing frequency and magnitude of DDoS attacks. Attacks on such companies are always directed at the network layer, since most gaming servers don`t support HTTP. They bombard a server until it slows down or stops working altogether.
According to another report, gaming servers remain the top target for DDoS attacks. They have been the victims of some of the longest and most severe attacks in recent history.
DDoS as-a-Service
The simplicity and low cost involved in initiating a DDoS attack is what drives these trends. There are many DDoS tools and botnet-for hire services that can be used to inflict harm on any online network, application, website, or service. You can order a DDoS attack starting at $10 if you know the target IP address and want to strike at a gaming company.
One example of such services is the “booter” and “stresser” websites that allow users to pay for DDoS attacks against any target they choose. These services, while they may appear to be used to test websites` resistance to attacks are nothing but fronts for DDoS entities. Lizard Stresser, one of these DDoS-for hire sites, was created by Lizard Squad (the group that attacked Xbox Live and Playstation during Christmas week). These were actually advertisements for the new service.
Why attack gaming servers?
Lizard Squad is one of the most popular hacking groups. They are looking to get attention and realize that online gaming has a “disruption amplifying” effect, making them attractive targets for people who want notoriety. Two factors are key to this effect.
- One point of failure Gaming has evolved to an online model over the past 20 years. It has become more common for gamers to expect constant connectivity, both in multiplayer online (MMO), and single-player experiences. However, this new point-of-failure (SPOF), is the always-available, central gaming platform. This SPOF is what keeps DDoSers focusing on gaming servers. They can use narrowly targeted attacks and wreak havoc at large scales in an effort to gain instant Internet fame.
- Gamers are more frustrated by the emotional nature of gaming Perpetrators profit from the emotional connection gamers have to their games, whether it`s their connection with characters, fictional worlds or user scores, and competitive statuses. Gaming is an emotional experience that many people enjoy. Any interruption can elicit a passionate response. Attackers are aware of the inherent vulnerabilities of gaming platforms as well as users` emotional triggers. They know exactly how to push the right buttons in both cases.
Gaming Networks are at Risk
Online gaming platforms like bingo blitz free credits and critical ops are extremely sensitive to latency issues and availability issues making them ideal targets for DDoS attacks. Here are some of the key vulnerabilities perpetrators can exploit to their advantage.
Increased susceptibility to predictable spikes
High traffic periods in online gaming are predictable. Providers often announce new product releases in advance. Peak traffic follows these dates. Seasonal spikes in traffic (e.g. the holiday season at the end of each year) are also common. Gamers complain about latency even when there are no DDoS attacks. A DDoS attack threshold that is effective is much lower when servers are already at capacity. This means that it is the ideal time to launch a devastating attack.
It doesn`t have to be taken offline
Every gamer will tell you that it doesn`t take much to stop a server from being down. MMO competitive games, especially call of duty modern warfare that feature instant response times and real-time player interaction are all about gaming. The core functionality of the game depends on avoiding latency. Every millisecond that passes between “order given” and “action taken”, can seriously disrupt the gaming experience.
Protocols custom
Gaming platforms depend on custom network protocols that are optimized for performance. IT defenders are unable to tell the difference between legitimate gamers and DDoS bots because there is not much information about their interactions with these services. This makes mitigation of gaming servers more difficult and resource-intensive.
Gaming providers don`t want gamers to be blocked (i.e. false positives), so they must lower their defenses, often allowing attacker’s access.
Is it over? It`s not yet.
As you read this, someone is looking for the next target. Although it is impossible to stop an attack happening, there are some things we can do to reduce the damage.
Gaming companies need to invest in mitigation solutions that allow them to scale up on demand, increasing their resources when they are most needed. They must also be aware of their weaknesses and be proactive in responding to DDoS threats or predictable traffic spikes.