3 Attack Surfaces That Can Take Your Game Offline

0
2745

Gaming is a hot, profitable industry – now more than ever, since the pandemic has driven people to consume more streaming content. It’s why botters, manipulators and cybercriminals will go above and beyond to disrupt online gaming services and impact the multiplayer experience. 

Normally, DDoS attacks inflict damage by impacting service availability. However, in gaming there is another unique value to DDoS: it is being used to create an unfair advantage to one or more players by slowing down others and kicking out competitors from gaming rooms. The entire gaming arena could be DDoS attacked from different surfaces, leaving players frustrated and potentially leading to a severe impact on the brand reputation.

In recent months, we have witnessed more and more UDP, in-session, low volume floods targeting the online gaming industry, which even led a number of famous online tournaments to be canceled or postponed.

So, what are the three attack surfaces that can take your game offline?

The Gaming Server Surface

Similar to every resource on the internet, gaming servers are also bound to bandwidth and hardware resource limitation. As powerful as it may be, once attacked, the game infrastructure can be saturated as any other network/CPU-operated environment. The gaming server is the pivotal connection between the user and the gaming company/platform and hence, it must always be available, always online.

[You may also like: Gaming Companies Beware: Cyber Criminals Are Coming For You, Too]

No matter if it resides in the public cloud or legacy data center, companies must protect their gaming servers against DDoS and other compromising attacks and ensure their constant high-availability and to provide the best user experience.  

The Gaming Lobby Surface

Such a unique, multi-layered architecture can cause a real headache for a security team. Lobby room protection, over UDP or TCP, can be hard to monitor and even harder to detect attacks because in most cases, they are low volume, resource exhausting attacks that won’t ring any alarm bells.

In addition, the authentication and initial login are, in most cases, encrypted. In general, encrypting the game authentication stream is mandatory in order to maintain data confidentiality and integrity. However, this also poses a problem as middle boxes are blind to the data stream. This inability to process the actual data might cause false positive or false negative detection where the server’s DDoS protection is based on traffic volume only.

[You may also like: Hey! Where Are My Credits?]

On the other hand, decrypting all traffic might result in higher latency, negatively impacting the user experience in multi-player games. Since the SSL/TLS problem is a big issue, many times security teams are left with a big problem that keeps them from doing their job properly.

Companies need to monitor the regular usage of their lobby room, whether encrypted or not,  focusing on the number of legitimate requests and their source IPs, so they can identify abnormal activities and determine when the lobby is room under a flood attack.  

The In-Game Surface

Protecting the in-game session is a hard skill to master. Security teams need to continually learn the normal distribution of UDP packets in the session itself in order to identify and block attacks, which makes the in-game attack surface lucrative for manipulators and hackers.

As UDP is all about speed, learning the normal distribution of online games can be an almost impossible task to perform manually. Gaming companies need to know to look for this in-session DDoS attack that can cause a game to crash or manipulate the integrity of the game itself. There is nothing players hate more than an unfair advantage that makes them lose the game and getting a network DDoS warning message.

How Should You Protect Your Titles?

Gaming companies are exposed in three dimensions and must stay on a constant alert and monitor each one of them them for each of their titles. Security teams need to be able to identify attacks automatically, whether encrypted or not, when they start and have the right solution to block the attack while allowing legitimate users to play the game with no added latency.

When working manually or with rate limiting technologies, security teams need to choose between impacting the user experience or overlooking the potential threats. Now they can enjoy both with the right solution…..

Download Radware’s “Hackers Almanac” to learn more.

Download Now

Previous articleUnderstanding the Security Risks of Cloud Environments
Next articleUnderstanding the Shared Responsibility Model
Eden Amitai is a product marketing manager in Radware's security team. In his role, Eden is in charge of the company's line of DefensePro and DefenseFlow, Radware's on-prem DDoS Attack Mitigation Solutions. Eden works closely with Radware's white-hackers and cyber-experts to answer the needs of organizations and service providers in today's cyber-threat landscape. Eden has a diverse range of experience from both large enterprises and small firms, and deep knowledge in the cyber-security space. Before joining Radware, Eden spent a couple of years as the CMO of ACC, an Israeli startup. Prior the that, Eden worked at Intel's CHD product marketing department and as a product marketing manager at Xpandion, a cyber-security firm. Eden served in the IDF at an elite intelligence unit, and he holds a B.Sc. in Computer Science from the Interdisciplinary Center (IDC) Herzliya.

LEAVE A REPLY

Please enter your comment!
Please enter your name here