Distributed-Denial-of-Service (DDoS) Disrupted Gaming Industry During the Holiday - What You Need to Know

During the Christmas holiday, the Xbox and PlayStation networks at Sony and Microsoft game websites were taken down by a group of hackers called Lizard squad. This attack put thousands of users out of game playing. What a bummer huh?

Originally, the FBI blamed the North Koreans for taking down the network--that is another story, but had since revised their assessment when the Lizard squad claimed responsibility for the attack.

This kind of attack is called distributed-denial-of-service (DDoS). The impact resulted from such attack can be serious to the business than just causing a mere nuisance to the end-users. For example, this DDoS attack [incurred $30000-a-day Amazon cloud hosting service charge](This kind of attack is called distributed-denial-of-service (DDoS){:targetet="_blank"}.

What is (Distributed) Denial-of-Service?

Imagine you are a gamer in this incident. Some of the functions in the game console rely on the Internet connection to the gaming site. You can't play any of your games if there is too much traffic, and the servers shut down because of it. In the Chinese activist case, the DDoS attack delivered 2.6 billion requests per hour.

(Distributed) Denial-of-Service or (D)DoS is very common security attack. Please check out this interactive map to see attacks happening in real-time around the world.

Why attack?

One must be curious to understand what cause an individual or a group of people carry out such attacks.

HELP MANKIND

Believe it or not, the Lizard squad said that they were doing people a favor by “forcing” them to spend more time with family and friends during the holiday instead of playing online games. While there might be some truth to this, many gamers rejected this claim, stating that they, in fact, enjoyed time with their family by playing games together.

FORCE BIG COMPANIES TO UPGRADE THEIR SECURITY

In an article from Business Insider, interviewed hackers said they took down PlayStation Network and Xbox Live “for the laughs,” but eventually the hackers found a cause to rally behind — forcing these companies to up their game and upgrade the security on their networks.

DISRUPT BUSINESS

In another article from the Daily Mail, Sony's vice president Catherine Jensen said: 'PlayStation Network and some other gaming services were attacked over the holidays with artificially high levels of traffic to disrupt connectivity and online gameplay.'

FOR THE FUN OF IT

Sometimes hackers infiltrate the network just for the fun of it, to get their 15-minute of fame and to show off their technical prowess. They take the network down with DDoS just so the world knows about it, which in many cases we do.

The 3 categories of DDoS and mitigation against such attacks

The biggest issue about DDoS is its distributed nature. It is fairly common that the sources of attack come from all over the world, as seen in this map. It is not possible to block a particular packet source by country or other dummy methods.

To understand how we can protect against DDoS attack, first we must understand the different types of DDoS because every type of attack requires a different type of protection.

DDoS attacks are divided into volumetric, TCP, and application attacks.

VOLUMETRIC ATTACKS

Volumetric attacks are based on high amount of data traffic sent to the target. It can be done via amplifiers (misconfigured servers all around the world) to strengthen the attack and increase the bandwidth of the attacks. These attacks are hard to handle even if we have some protection on premise. We can drop the connections, but the data line has only limited capacity. If we drop the packets, there is still a lot of traffic on the data line. Thus, locally installed protection is not enough.

The key factor is to create an effective and automatic connection/signalling between ISP and the DDoS protection appliance that is installed on premise.

TCP ATTACKS

TCP attacks are focused on utilisation vacant and available connection slots to consume all the memory and other available resources on the target machine. These attacks can be suppressed by proxies that limit the number of requests and forward only correct ones via a full 3-way handshake.

Another technique is to use reputation databases of source IP addresses. Connections from origins with bad reputation, botnets and "problematic" countries are banned or dropped. This type of attack is not volumetric - our data line remains free even when we are under the attack. Discarding unwanted packets solves the problem.

APPLICATION ATTACKS

The last type focuses on the application layer. These attacks are the most destructive but, fortunately, require deeper knowledge from the attackers. These attacks can be performed using only a few packets if the target application has flaws in the code. We can use smart WAF or other application solution to mitigate these types of attacks. But these attacks are target specific, so is it necessary to investigate the attacks and repair the application or configure WAF for a particular application.

How to mitigate against DDOS attacks with SeaCat Mobile Secure Gateway (SC MSG)

AGILITY, CONTROL AND SCALABILITY

Imagine that you can control which gateway provides the functionalities for a particular application. You can extend the number of gateways or even deactivate some gateways. You can simply forward traffic to another gateway that is not under attack with approximately five minutes of connectivity interruption.

Because of the cloud, you can dedicate many gateways to serve one service for an application. During a DDoS attack, you disable the gateway that is under attack and automatically start new gateway(s) if necessary.

Additionally, every request to the application server has to be signed by a certificate. Therefore, it is not possible to send unsigned data packets. Every packet is examined, and SeaCat shields the real application server. Direct access via IP address is not possible.

COMPATIBILITY WITH GAMING APPLICATIONS

We design SeaCat Mobile Secure Gateway to scale and be compatible with many popular frameworks and platforms. You can port SeaCat to any contemporary console platforms like Playstation 3 & 4 (Sony), Xbox (Microsoft), Wii U (Nintendo). You can use it on any existing iOS and Android platforms.

Drop us a line at info@teskalabs.com to learn more about DDoS and how to protect your business against it. Alternatively, connect with us on Twitter @TeskaLabs.

Photo Credit: PrasViedegeek via Compfight