Distributed denial of service (DDoS) assaults continue to be a nuisance for online businesses and their customers. Worse, the downtime caused by attacks is costly for organizations and frustrating for consumers.
DDoS Trends—More Frequent, Bigger, and Easier to Launch than Ever
Based on industry reports and current trends, the prevalence of DDoS attacks is increasing at a rapid pace. According to one recent study, the number of reported incidents across all industries doubled in 2014.
The increasing frequency and size of DDoS events are well reflected in the gaming industry. Assaults against such companies are invariably aimed at the network layer (since most gaming servers do not support HTTP); they bombard a server with requests until it slows down to an intolerable level or connections collapse altogether.
In fact, according to another recent report, gaming servers are still the number one target of DDoS assaults; they have been hit by some of the largest and longest attacks on recent record.
Driving the above trends is the relative simplicity and low cost of instigating a DDoS attack. Readily available DDoS toolkits and botnet-for-hire services leave no online network, application, service, or website immune from danger. If you want to take aim at a gaming company and know the target IP address, you can order a DDoS attack for as little as $10.
An example of these services is “booter” or “stresser” sites that offer users the opportunity to pay for DDoS assaults directed against a target of choice. Ostensibly available to test a website’s resistance to attacks, these services are really nothing more than fronts for DDoS entities. LizardStresser is one such DDoS-for-hire site set up by Lizard Squad, the group responsible for the Christmas week attacks against Xbox Live and Playstation. It turns out those were a form of advertising for its new service.
Why Attack Gaming Servers?
Hacking groups, such as Lizard Squad, seek first and foremost to gain attention, and they realize that online gaming has an inherent “disruption amplification” effect—making them very attractive targets for those hungry for notoriety. There are two key factors creating this effect.
- Single Point of Failure Over the past two decades, gaming has shifted toward an online model. This has conditioned us to expect continual connectivity—both in massively multiplayer online (MMO) and single-player experiences.From a security perspective, however, the need for constant connectivity introduces a new single-point-of-failure (SPOF) in the form of the always-available, centralized gaming platform. Such a SPOF is what keeps DDoSers gravitating toward gaming servers, where they can use narrowly targeted attacks to wreak havoc on a massive scale—mostly in an attempt to achieve instant Internet notoriety.
- Emotional nature of gaming increases user frustration Perpetrators exploit the emotional investment gamers have toward their games—whether it be their connection to a character, fictional worlds, or user scores and competitive statuses. Gaming is a strong emotional experience for many, and any interruption evokes an equally strong, passionate response.Accordingly, emotional factors are a huge driver behind hundreds of thousands of online conversations centered around gaming DDoS intrusions. Attackers understand the innate vulnerabilities of gaming platforms and users’ emotional triggers. In both cases, they know how to push just the right buttons.
Why Gaming Networks Are Vulnerable
Since online gaming platforms are highly sensitive to latency and availability issues, they’re ideal DDoS attack targets. The following are a few of the main vulnerabilities that perpetrators exploit to their advantage.
Predictable spikes equals increased susceptibility
In the online gaming world, high traffic periods are very predictable. Providers announce new product releases well in advance; these dates are inevitably followed by peak traffic. Seasonal traffic spikes (e.g., end-of-year holiday season) are also common. Even in the absence of DDoS attacks, gamers complain about latency due to such high traffic volumes. With servers already operating at or near capacity, an effective DDoS attack threshold is significantly lower. In other words, it’s the perfect time to launch a crippling assault.
Doesn’t need to be taken offline
Any gamer can tell you that you don’t need to shut down a server to cripple it. Games—especially those featuring MMO competitive action—are all about instant response time and real-time player interaction. Core functionality depends on absence of latency—every additional millisecond between “order given” and “action taken” can severely disrupt the gaming experience.
Gaming platforms rely on unique, custom network protocols built with performance in mind. There is very little information available about how legitimate users interact with such services, thus making it virtually impossible for IT defenders to distinguish between a DDoS bot and a legitimate gamer. This makes mitigation for gaming servers much more challenging and resource-intensive.
Since gaming providers don’t want to block access to actual gamers (i.e., false positives), they have to lower their defenses—often allowing access to attackers as well.
Game Over? Not yet.
Even as you read this, someone is already scoping the next target. While there is no way to prevent that attack from happening, we can all do some things to make it less damaging.
Gaming companies should invest in mitigation solutions that provide on-demand scalability, increasing their resource pool when it’s needed the most. They should also be constantly aware of their relative weaknesses and, consequently, be proactive in their response to potential DDoS threats and predictable traffic peaks.
Looking to learn more?
Check out Incapsula Guide to Protecting Gaming Servers from DDoS Attacks for detailed information about DDoS assaults against gaming companies and a list of strategies you can adopt to defend your network from the growing DDoS threat.