0 comments

Sponsored: The gaming industry and DDoS attacks: a natural match, unfortunately

by on August 4, 2015
 

There was a time when if you mentioned the Lizard Squad, the person you were talking to would have assumed it was some sad bootleg version of the Teenage Mutant Ninja Turtles. The idea of four iguanas eating lasagna and hanging out with a mutant hamster may not have been thrilling, but it was certainly better than the Lizard Squad the world is currently faced with. Especially from the perspective of the online gaming industry.

Over the last couple of years the online gaming industry has become a big-time target of DDoS attacks. This is due to both the nature of the gaming industry, and the nature of hacking groups like the Lizard Squad. Read on for details on why the gaming industry has been barraged by DDoS attacks (and why it’s going to continue to be), and what needs to be done in response.

Don’t let them fool you; it’s not all for the lulz

Leaving aside visions of scorned World of Warcraft players going berserk and launching DDoS attacks after their Orcs are betrayed, there are two main reasons the online gaming industry is such a frequent target of DDoS attacks. They are as follows.

1. It’s relatively easy. The online gaming industry requires constant uptime. Regardless of what game it is, people have become used to the idea of being able to play whenever they want. And not only is a game expected to be available at all times, but it’s expected to be functioning at a high level, which of course equals fast.

These expected, nay, demanded traits of online games create what’s called a single point of failure (SPOF) in the constantly available and centralized gaming platform. Using a narrowly targeted DDoS attack, such as an NTP amplification attack, can yield big results for an attacker without a ton of resources or effort.

According to Incapsula recent blog post, there are also a few other factors that make the online gaming industry an easy target. Firstly, attackers can predict high traffic periods, such as new product release dates or around gift-giving holidays, and easily nudge a server already operating at near capacity into overload.

Secondly, because gaming platforms are so dependent on high performance, they’re built using custom network protocols. And since these custom network protocols are pretty unique, there just isn’t a ton of information available on how legitimate users interact with the platform, making it difficult for security measures to distinguish between users and malicious traffic.

Lastly, DDoS attack pointed at an online gaming platform doesn’t even need to knock a game offline in order to be effective. It just has to slow the game enough that users start to complain. Which leads us to point number two.

2. It’s going to get a reaction. Forget the gamer stereotype of an overweight basement dweller with Cheeto stained fingers. Online games are being played by all kinds of people all over the world, with the online gamer count already standing at over 700 million back in 2013. Not only can online games be ridiculously competitive – with some people even making a living as gamers – but games are also designed to encourage an emotional attachment between players and their characters, storylines, fictional worlds and fellow gamers.

Essentially, when gamers want to play, they want to play NOW. And if they can’t? They take to Twitter, Facebook, tumblr, reddit, and any number of other social media avenues or forums to express their intense displeasure. All of this leads to a whole lot of attention for the hacking group. Is it positive attention? Not at all. Do groups like the Lizard Squad, who launched high-profile attacks on both the Sony PlayStation Network and Xbox Live last Christmas care? Not when they’re doing it to promote their DDoS for hire services they don’t. All attention is good attention, and they came away with immeasurable amounts of it.

Image and video hosting by HilariousGIFs.com

What the gaming industry needs to do

The things that make the online gaming industry such an attractive DDoS target aren’t going to change. Gamers are always going to want that constant uptime, and they’re going to take to social media in screeching droves when they don’t get it. And since hacker groups probably won’t be changing their ways anytime soon, it’s up to the industry to adapt and minimize the effects of DDoS attacks.

One of the simplest things online gaming services can do in order to bolster their security is start thinking like hackers. If attackers can predict high traffic periods and are known to target servers at exactly these times, then online gaming services have to be aware of when these attacks are going to be attempted. If an attacker knows when a gaming server is going to be bursting at the seams, then so should the organization in charge of it.

Another step that needs to be taken by online gaming services is enlisting professional DDoS mitigation. How much latency will your gamers stand for before they start signing out? How many outages will they put up with before they move on to the next big game? Quality DDoS mitigation services for the gaming industry will offer on-demand scalability, increasing the resource pool when it’s needed.

The more things change…

The Lizard Squad may not inspire as much fear as they used to. Getting slapped down by Taylor Swift will do that. But as long as DDoS for hire remains a profitable business and the online gaming industry remains an attractive, publicity-heavy target, there’s always going to be the next Lizard Squad. Until those two things change we can only dream of the crime-fighting adventures of Leonard, Michael, Donald and Razmo, Adolescent Abnormal Karate Geckos.