Distributed denial of service (DDoS) attacks are becoming more potent, as criminals “sharpen their focus” on service availability. The lockdown increased online gaming activity which has inevitably attracted attention from attackers. Gamers have become an irresistible target for the attackers as gamers are emotionally engaged, socially active, and often spend their disposable income on their gaming accounts.
According to Nexguard Q3 DDoS Attack report, nearly 77 per cent of cyber attacks targeted the online gaming and gambling industries in Q3 2020. Online gaming platforms’ sensitivity to latency and availability issues makes them ideal DDoS attack targets, and the online gaming environment is target-rich for perpetrators to capitalize during the pandemic.
According to the report:
–> More than a third of the entertainment attacks focused on online gaming targets. Nexusguard analysts also reported a 287 per cent increase in total DDoS attacks in the third quarter compared to the same period last year.
–> 99.5 per cent of cyber attacks were volumetric in nature, with 99.4 per cent of attacks consisting of single vector attacks. Perpetrators aim to consume all bandwidth so that gamers suffer the side effects of latency and then switch to game server hosts with faster and more stable connectivity.
–> A huge 23.7 Gbps DDoS attack was launched to interrupt the user login function of an online game; the attack attempted to paralyze the infrastructure and saturate the bandwidth of the game service provider.
In Q2 attack tactics by perpetrators saw a 570 per cent increase in bit-and-piece attacks compared to the same period last year. Attackers adopted a more elaborate practice of bit-and-piece attacks to launch various amplification and UDP-based attacks to flood target networks with traffic, making detection and mitigation via traditional threshold-based methods all the more difficult for CSPs. During this time 51.57 per cent of attacks were smaller than 30Mbps. In addition, 4,080 attacks were smaller than 5Mbps, 6,527 attacks were between 5Mbps and 10Mbps, and 9,637 attacks were between 10Mbps and 30Mbps.
In fact the year 2020 itself had a rocky start where DDoS attacks in Q1 rose more than 278 per cent compared to Q1 2019 and more than 542 per cent compared to the last quarter. These attacks result from drip-feeding doses of junk traffic into a large IP pool, which can clog the target when bits and pieces start to accumulate from different IPs. 90 per cent of attacks employed a single-vector approach, which is a change from the popularity of multi-vector attacks in the past.
According to Q3 DDoS attack report, Nexusguard chief technology officer Juniman Kasman suggested that the DDoS protection service industries need to step up their game to create a shield against such attacks. As he said, “Online gaming is snowballing in part due to the growth of cloud computing as well as the limited options for home entertainment during the pandemic, providing cyber attackers with a wide population of targets to exploit. Game service providers, CSPs and other organizations should take steps to safeguard service, including segregating applications to minimize collateral damage or rehearsing incident response drills to reduce service disruption during attacks.”
Japanese video game developer Capcom has disclosed that it was the victim of a cyberattack that affected some of its systems. The publisher of a long list of popular franchises, including Street Fighter and Resident Evil, first noticed signs of the intrusion before apparently taking swift action to prevent the attack from spreading across its systems.
“Beginning in the early morning hours of 2 November 2020, some of the Capcom Group networks experienced issues that affected access to certain systems, including email and file servers,” read the notice of the company’s official blog post.
According to A10 networks during a DDoS attack, an effective defence will include:
–> On-premises gear automatically detects the attack and activates mitigation procedures.
–> The incident response team is automatically alerted when the attack escalates to a certain level without being successfully mitigated.
–> The incident response team engages by verifying that a real attack is taking place (rather than a false positive), analyzing the attack, providing mitigation guidance and recommending cloud swing when needed.
–> A diversion signal is sent to the cloud, along with details about the attack.
–> The cloud team diverts traffic for scrubbing, usually using the Border Gateway Protocol (BGP) or the Domain Name System (DNS).
–> When the attack is over, traffic is restored to its normal path through the ISP.