The gaming industry’s latest challenge: DDoS protection

As the industry faces a rise in DDoS threats, it is time that gaming companies truly prioritise cybersecurity and business resiliency. In his latest article, Babur Khan,Technical Marketing Engineer at A10 Networks, lays out a framework for the industry to do just this, securing their customers and their own success against the tide of cyberattacks.
As the industry faces a rise in DDoS threats, it is time that gaming companies truly prioritise cybersecurity and business resiliency. In his latest article, Babur Khan,Technical Marketing Engineer at A10 Networks, lays out a framework for the industry to do just this, securing their customers and their own success against the tide of cyberattacks.

Like moths to a flame, hackers always go where the action is. As the Covid-19 pandemic drove work away from the office, businesses have faced one cyberattack after another on their remote work infrastructure. Meanwhile, a boom in virtual entertainment has brought a surge of players to the gaming industry—and with them, a rise in DDoS attack activity. Cybercrime rings are launching triple extortion campaigns combining DDoS attacks with ransomware, and data theft, while ordinary gamers can rent a botnet easily and affordably to cheat or disrupt competition with a DDoS attack of their own. The highly popular Titanfall 2 game has already been rendered virtually unplayable—perhaps by as few as one or two individual players—and seemingly abandoned by its publisher, which is now focusing on defending a newer title from similar attacks.

This escalating cyberattack activity poses an urgent challenge for the gaming industry: achieve the level of DDoS protection needed to keep its products playable—or risk alienating the fans whose loyalty it depends on.

The DDoS Attack Menace

One of the most prevalent forms of cyberattack, a DDoS attack seeks to overload its victim’s network or infrastructure with a high-volume flood of illicit traffic from multiple locations at once. Often, these attacks are launched using a botnet—a network of computers and devices that have been infected by malware and recruited by cybercriminals. A single instruction can direct thousands of botnet members to target a given IP address, causing the victim’s systems to crash or leading its ISP to suspend service under a “noisy neighbour” policy to protect resources needed for other customers.

Far from an ad hoc, homegrown exploit, the DDoS attack industry is sophisticated and thriving. Cybercrime rings rent out DDoS-for-hire services that allow anyone to launch a DDoS attack quickly and inexpensively. For a gamer, an attack lasting long enough to disrupt an opponent’s session can cost less than a can of energy drink. At the high end, a botnet named “Simps” has recently been identified as part of the arsenal of the Keksec cybercrime organization. Infecting IoT devices in tandem with BASHLITE malware, Simps is already being used to launch DDoS attacks on gaming targets.

The Gaming Industry Comes under Fire

While DDoS attack activity is on the rise, it’s a threat the gaming industry has faced for many years. As long ago as 2016, a teenager used a variant of the Mirai botnet to launch a DDoS attack against the Sony PlayStation platform, costing the company US$2.7mn in revenue. Such exploits generally come in two forms: cheating or retaliation by individual gamers, or financially motivated schemes by professional cybercriminals. In either case, the impact of these attacks is all too easy to see. In the case of Titanfall 2, continuous DDoS attacks have made the game all but unplayable.

The ease of launching a DDoS attack makes it a highly appealing tactic for unscrupulous players. By targeting an individual opponent, the attacker can render their session slow or unplayable, gaining a significant competitive advantage. With professional esports teams vying for as much as $30mn or more in prize money in a single competition, there can be much more than bragging rights at stake. In fact, leading studios such as Respawn, Activision, and Ubisoft have banned gamers found to have used DDoS attacks to cheat, while Ubisoft filed suit against the operators of four DDoS-for-hire services that had been used to launch attacks on its Rainbow Six Siege multiplayer servers.

Beyond unscrupulous or disgruntled gamers, game publishers have also fallen into the crosshairs of the same cyberattack rings targeting industries from financial services to government and healthcare. In those industries, attackers gain leverage from the critical—even life-and-death—importance of keeping systems available for account holders, constituents, doctors, and patients. Uptime can be nearly as vital in the gaming industry, where customers are often intensely engaged and heavily invested in their favourite titles and systems. Combined with their high sensitivity to latency and availability issues, this makes online gaming platforms a prime target for extortionate schemes such as a ransom-related DDoS attack (RDOS).

Ensuring High-Quality Play with DDoS Protection

When every millisecond matters, reactive DDoS protection measures prove ineffective for gaming industry victims. When a DDoS attack is discovered, legacy solutions often respond by clamping down on traffic to protect the targeted system from being overloaded—side-lining legitimate players alongside hackers. By the time the attack has been analyzed and neutralized, the damage to customer sessions and the game’s reputation has already been done. In fact, hackers increasingly deploy multi-vector exploits that make it even harder for security teams to respond quickly and keep platforms available.

Rather than waiting for a cyberattack to happen, then responding, gaming platform operators must take a proactive approach to DDoS protection. This begins with zero trust—a security model based on the idea that organizations should not automatically trust anything inside or outside the network perimeter. Before allowing access to its systems, the operator should perform multiple checks for legitimate access rights; once inside, the player should continue to be checked to prevent authenticated players from going rogue. At the same time, continuous, real-time validation can’t be allowed to compromise the gameplay experience.

Essential elements of DDoS defence for the gaming industry reflect best practices for web security across every vertical, including leveraging threat intelligence to block IP addresses known to host DDoS weapons; blocking unauthenticated access, unwanted, and unusual behaviour; verifying time-sensitive watermarks on every packet; and deploying zero-day attack pattern recognition.

READ MORE:

The gaming industry has thrived by providing deeply immersive, richly realized, and highly responsive experiences for players. By taking a proactive, zero trust-based approach to DDoS protection, gaming platform operators can keep cheaters and criminals from spoiling the fun for players and fans.

For more news from Top Business Tech, don’t forget to subscribe to our daily bulletin!

Follow us on LinkedIn and Twitter

Babur Khan

Babur Khan is the Technical Marketing Engineer at A10 Networks.

How E-commerce Marketers Can Win Black Friday

Sue Azari • 11th November 2024

As new global eCommerce players expand their influence across both European and US markets, traditional brands are navigating a rapidly shifting landscape. These fast-growing Asian platforms have gained traction by offering ultra-low prices, rapid product turnarounds, heavy investment in paid user acquisition, and leveraging viral social media trends to create demand almost in real-time. This...

Why microgrids are big news

Craig Tropea • 31st October 2024

As the world continues its march towards a greener future, businesses, communities, and individuals alike are all increasingly turning towards renewable energy sources to power their operations. What is most interesting, though, is how many of them are taking the pro-active position of researching, selecting, and implementing their preferred solutions without the assistance of traditional...

Is automation the silver bullet for customer retention?

Carter Busse • 22nd October 2024

CX innovation has accelerated rapidly since 2020, as business and consumer expectations evolved dramatically during the Covid-19 pandemic. Now, finding the best way to engage and respond to customers has become a top business priority and a key business challenge. Not only do customers expect the highest standard, but companies are prioritising superb CX to...

Automated Testing Tools and Their Impact on Software Quality

Natalia Yanchii • 09th October 2024

Test automation refers to using specialized software tools and frameworks to automate the execution of test cases, thereby reducing the time and effort required for manual testing. This approach ensures that automation tests run quickly and consistently, allowing development teams to identify and resolve defects more effectively. Test automation provides greater accuracy by eliminating human...

Custom Software Development

Natalia Yanchii • 04th October 2024

There is a wide performance gap between industry-leading companies and other market players. What helps these top businesses outperform their competitors? McKinsey & Company researchers are confident that these are digital technologies and custom software solutions. Nearly 70% of the top performers develop their proprietary products to differentiate themselves from competitors and drive growth. As...

The Impact of Test Automation on Software Quality

Natalia Yanchii • 04th October 2024

Software systems have become highly complex now, with multiple interconnected components, diverse user interfaces, and business logic. To ensure quality, QA engineers thoroughly test these systems through either automated or manual testing. At Testlum, we met many software development teams who were pressured to deliver new features and updates at a faster pace. The manual...