Distributed-Denial-of-Service (DDoS) Disrupted Gaming Industry During the Holiday - What You Need to Know

Play games

During the Christmas holiday, the Xbox and PlayStation networks at Sony and Microsoft game websites were taken down by a group of hackers called Lizard squad. This attack put thousands of users out of game playing. What a bummer huh?

Originally, the FBI blamed the North Koreans for taking down the network--that is another story, but had since revised their assessment when the Lizard squad claimed responsibility for the attack.

This kind of attack is called distributed-denial-of-service (DDoS). The impact resulted from such attack can be serious to the business than just causing a mere nuisance to the end-users. For example, this DDoS attack [incurred $30000-a-day Amazon cloud hosting service charge](This kind of attack is called distributed-denial-of-service (DDoS){:targetet="_blank"}.

What is (Distributed) Denial-of-Service?

Imagine you are a gamer in this incident. Some of the functions in the game console rely on the Internet connection to the gaming site. You can't play any of your games if there is too much traffic, and the servers shut down because of it. In the Chinese activist case, the DDoS attack delivered 2.6 billion requests per hour.

(Distributed) Denial-of-Service or (D)DoS is very common security attack. Please check out this interactive map to see attacks happening in real-time around the world.

Why attack?

One must be curious to understand what cause an individual or a group of people carry out such attacks.

HELP MANKIND

Believe it or not, the Lizard squad said that they were doing people a favor by “forcing” them to spend more time with family and friends during the holiday instead of playing online games. While there might be some truth to this, many gamers rejected this claim, stating that they, in fact, enjoyed time with their family by playing games together.

FORCE BIG COMPANIES TO UPGRADE THEIR SECURITY

In an article from Business Insider, interviewed hackers said they took down PlayStation Network and Xbox Live “for the laughs,” but eventually the hackers found a cause to rally behind — forcing these companies to up their game and upgrade the security on their networks.

DISRUPT BUSINESS

In another article from the Daily Mail, Sony's vice president Catherine Jensen said: 'PlayStation Network and some other gaming services were attacked over the holidays with artificially high levels of traffic to disrupt connectivity and online gameplay.'

FOR THE FUN OF IT

Sometimes hackers infiltrate the network just for the fun of it, to get their 15-minute of fame and to show off their technical prowess. They take the network down with DDoS just so the world knows about it, which in many cases we do.

The 3 categories of DDoS and mitigation against such attacks

The biggest issue about DDoS is its distributed nature. It is fairly common that the sources of attack come from all over the world, as seen in this map. It is not possible to block a particular packet source by country or other dummy methods.

To understand how we can protect against DDoS attack, first we must understand the different types of DDoS because every type of attack requires a different type of protection.

DDoS attacks are divided into volumetric, TCP, and application attacks.

VOLUMETRIC ATTACKS

Volumetric attacks are based on high amount of data traffic sent to the target. It can be done via amplifiers (misconfigured servers all around the world) to strengthen the attack and increase the bandwidth of the attacks. These attacks are hard to handle even if we have some protection on premise. We can drop the connections, but the data line has only limited capacity. If we drop the packets, there is still a lot of traffic on the data line. Thus, locally installed protection is not enough.

The key factor is to create an effective and automatic connection/signalling between ISP and the DDoS protection appliance that is installed on premise.

TCP ATTACKS

TCP attacks are focused on utilisation vacant and available connection slots to consume all the memory and other available resources on the target machine. These attacks can be suppressed by proxies that limit the number of requests and forward only correct ones via a full 3-way handshake.

Another technique is to use reputation databases of source IP addresses. Connections from origins with bad reputation, botnets and "problematic" countries are banned or dropped. This type of attack is not volumetric - our data line remains free even when we are under the attack. Discarding unwanted packets solves the problem.

APPLICATION ATTACKS

The last type focuses on the application layer. These attacks are the most destructive but, fortunately, require deeper knowledge from the attackers. These attacks can be performed using only a few packets if the target application has flaws in the code. We can use smart WAF or other application solution to mitigate these types of attacks. But these attacks are target specific, so is it necessary to investigate the attacks and repair the application or configure WAF for a particular application.

How to mitigate against DDOS attacks with SeaCat Mobile Secure Gateway (SC MSG)

AGILITY, CONTROL AND SCALABILITY

Imagine that you can control which gateway provides the functionalities for a particular application. You can extend the number of gateways or even deactivate some gateways. You can simply forward traffic to another gateway that is not under attack with approximately five minutes of connectivity interruption.

Because of the cloud, you can dedicate many gateways to serve one service for an application. During a DDoS attack, you disable the gateway that is under attack and automatically start new gateway(s) if necessary.

Additionally, every request to the application server has to be signed by a certificate. Therefore, it is not possible to send unsigned data packets. Every packet is examined, and SeaCat shields the real application server. Direct access via IP address is not possible.

COMPATIBILITY WITH GAMING APPLICATIONS

We design SeaCat Mobile Secure Gateway to scale and be compatible with many popular frameworks and platforms. You can port SeaCat to any contemporary console platforms like Playstation 3 & 4 (Sony), Xbox (Microsoft), Wii U (Nintendo). You can use it on any existing iOS and Android platforms.

Drop us a line at info@teskalabs.com to learn more about DDoS and how to protect your business against it. Alternatively, connect with us on Twitter @TeskaLabs.

Photo Credit: PrasViedegeek via Compfight




You Might Be Interested in Reading These Articles

The Security Vulnerability That Puts Millions of Application Backends at Risk. Yours Included

FoxGlove Security researchers published a serious vulnerability that can put millions of application backend, including mobile backend, at risk. Mobile applications use the same web-app technology for their backends, thus suffer the same vulnerability. Mobile application servers are inherently insecure because they consist of extensive stacks of software. Each piece can contain risky zero-day vulnerabilities.

Continue reading ...

mobile security

Published on December 15, 2015

80% of Androids Are Vulnerable to Linux TCP Flaw. But I Don’t Care!

Researchers from the University of California, Riverside, and the U.S. Army Research Laboratory have found an off-path TCP vulnerability [1] that affects more than 80% of Android mobile devices. Unlike a Man-in-The-Middle attack, you don't need to be in the middle of the communication to get hacked - all attackers need to know is who you communicate with.

Continue reading ...

android security

Published on October 11, 2016

9 Usefull basics to deal with the cybersecurity

When it comes to dealing with the modern business, cyber security is more than an afterthought. Poor security standards will cost you more than just business, too; it could cost your reputation, or even your ability to trade.

Continue reading ...

security

Published on March 10, 2019