Sanjai Gangadharan, Area Vice President – South ASEAN at A10 Networks, Inc. and Babur Khan, Technical Marketing Engineer at A10 Networks
Like moths to a flame, hackers always go where the action is. As the COVID-19 pandemic drove work away from the office, businesses have faced one cyber attack after another on their remote work infrastructure. Meanwhile, a boom in virtual entertainment has brought a surge of players to the gaming industry—and with them, a rise in DDoS attack activity. Cyber crime rings are launching triple extortion campaigns combining DDoS attacks with ransomware, and data theft, while ordinary gamers can rent a botnet easily and affordably to cheat or disrupt competition with a DDoS attack of their own. The highly popular Titanfall 2 game has already been rendered virtually unplayable—perhaps by as few as one or two individual players—and seemingly abandoned by its publisher, which is now focusing on defending a newer title from similar attacks.
This escalating cyber attack activity poses an urgent challenge for the gaming industry: achieve the level of DDoS protection needed to keep its products playable—or risk alienating the fans whose loyalty it depends on.
The DDoS Attack Menace
One of the most prevalent forms of cyber attack, a DDoS attack seeks to overload its victim’s network or infrastructure with a high-volume flood of illicit traffic from multiple locations at once. Often, these attacks are launched using a botnet—a network of computers and devices that have been infected by malware and recruited by cyber criminals. A single instruction can direct thousands of botnet members to target a given IP address, causing the victim’s systems to crash or leading its ISP to suspend service under a “noisy neighbor” policy to protect resources needed for other customers.
Far from an ad hoc, homegrown exploit, the DDoS attack industry is sophisticated and thriving. Cyber crime rings rent out DDoS-for-hire services that allow anyone to launch a DDoS attack quickly and inexpensively. For a gamer, an attack lasting long enough to disrupt an opponent’s session can cost less than a can of energy drink. At the high end, a botnet named “Simps” has recently been identified as part of the arsenal of the Keksec cybercrime organization. Infecting IoT devices in tandem with BASHLITE malware, Simps is already being used to launch DDoS attacks on gaming targets.
The Gaming Industry Comes under Fire
While DDoS attack activity is on the rise, it’s a threat the gaming industry has faced for many years. As long ago as 2016, a teenager used a variant of the Mirai botnet to launch a DDoS attack against the Sony PlayStation platform, costing the company $2.7 million in revenue. Such exploits generally come in two forms: cheating or retaliation by individual gamers, or financially motivated schemes by professional cyber criminals. In either case, the impact of these attacks is all too easy to see. In the case of Titanfall 2, continuous DDoS attacks have made the game all but unplayable.
The ease of launching a DDoS attack makes it a highly appealing tactic for unscrupulous players. By targeting an individual opponent, the attacker can render their session slow or unplayable, gaining a significant competitive advantage. With professional esports teams vying for as much as $30 million or more in prize money in a single competition, there can be much more than bragging rights at stake. In fact, leading studios such as Respawn, Activision, and Ubisoft have banned gamers found to have used DDoS attacks to cheat, while Ubisoft filed suit against the operators of four DDoS-for-hire services that had been used to launch attacks on its Rainbow Six Siege multiplayer servers.
Beyond unscrupulous or disgruntled gamers, game publishers have also fallen into the crosshairs of the same cyber attack rings targeting industries from financial services to government and healthcare. In those industries, attackers gain leverage from the critical—even life-and-death—importance of keeping systems available for account holders, constituents, doctors, and patients. Uptime can be nearly as vital in the gaming industry, where customers are often intensely engaged and heavily invested in their favorite titles and systems. Combined with their high sensitivity to latency and availability issues, this makes online gaming platforms a prime target for extortionate schemes such as a ransom-related DDoS attack (RDOS).
Ensuring High-Quality Play with DDoS Protection
When every millisecond matters, reactive DDoS protection measures prove ineffective for gaming industry victims. When a DDoS attack is discovered, legacy solutions often respond by clamping down on traffic to protect the targeted system from being overloaded—sidelining legitimate players alongside hackers. By the time the attack has been analyzed and neutralized, the damage to customer sessions and the game’s reputation has already been done. In fact, hackers increasingly deploy multi-vector exploits that make it even harder for security teams to respond quickly and keep platforms available.
Rather than waiting for a cyber attack to happen, then responding, gaming platform operators must take a proactive approach to DDoS protection. This begins with Zero Trust—a security model based on the idea that organizations should not automatically trust anything inside or outside the network perimeter. Before allowing access to its systems, the operator should perform multiple checks for legitimate access rights; once inside, the player should continue to be checked to prevent authenticated players from going rogue. At the same time, continuous, real-time validation can’t be allowed to compromise the gameplay experience.
Essential elements of DDoS defense for the gaming industry reflect best practices for web security across every vertical, including leveraging threat intelligence to block IP addresses known to host DDoS weapons; blocking unauthenticated access, unwanted, and unusual behavior; verifying time-sensitive watermarks on every packet; and deploying zero-day attack pattern recognition.
The gaming industry has thrived by providing deeply immersive, richly realized, and highly responsive experiences for players. By taking a proactive, zero trust-based approach to DDoS protection, gaming platform operators can keep cheaters and criminals from spoiling the fun for players and fans