Throughout the last year of the pandemic, we have seen increases in the volume of attacks targeting gaming companies and the number of attacks targeting players and content streamers. But this should come as no surprise. As a result of COVID, the gaming industry’s userbase has grown substantially, leading to more significant opportunities for criminals. But how bad are things a year later?
The Effectiveness of Bans and Lawsuits in the Gaming Industry
Back in March, Respawn, the creators of Apex Legends (plagued by DDoS attacks), began banning users for launching DDoS attacks and cheating. This is similar to the 360,000 total accounts Activision banned from Call of Duty and Call of Duty: Warzone and the 91,000 Rainbow Six Siege accounts Ubisoft banned in 2020. But do bans accomplish anything? In my opinion, no. This is mainly because these users who cheat and DDoS can easily skirt the rules, regulations and circumvent the ban by simply making a new account.
One of the possible options left for Respawn is to take legal action. In 2019, Ubisoft, dealing with a similar series of DDoS attacks directed at Rainbow Six Siege, took legal action against those providing DDoS attacks for hire after a ban wave failed. As a result of the legal action, Ubisoft reported a 93% drop in DDoS attacks!
How to Combat Digital Attacks in the Gaming Arena
Gaming vendors leverage unique architectures, public cloud environments, and UDP/TCP protocols to achieve low latency, top-end performance with high throughput. But these multi-layered architectures are a double-edged sword. While they provide an incredible digital experience, they can be a nightmare to keep secure. Protecting the entire gaming arena, from the game server to the lobby server and the gaming session itself, is critical.
Another concern is when companies deploy advanced defense solutions to protect their gaming infrastructure; cybercriminals seek their level. In reality, threat actors do not have to find a way to bypass your security solutions to cause a problem; they need to find a new level to operate on. Unfortunately, this typically means targeting the users who are less likely to have an advanced security solution in place.
I previously highlighted this in a 2019 blog, Gamers Beware: Cyber Criminals Are Coming For You; threat actors were launching DDoS attacks against a user in Mortal Kombat’s ranked online game mode. These threat actors chose not to target the gaming servers, lobby servers, or the gaming session. Instead, they launched DDoS attacks against their opponent’s home networks. By doing so, they forced a disconnect and gained ranking points for the opponent’s forfeiture. As a result of this cheat, the hackers would reach the top rank of ‘Elder God.’
In the more recent example used, over at Respawn, players were launching DDoS attacks against Xbox servers, forcing a disconnect of their opponent and achieving the rank of ‘Apex Predators.’
Outside of advanced defense solutions, what else can be done to protect the user? Well, Xbox is attempting’s to combat digital attacks by phasing out p2p voice connections. In my opinion, this actually might help improve the situation or, at the very least, provide temporary relief and force the threat actors to retool their methods of targeting. Removing p2p connections between users and moving large parties to a server-based environment will reduce the risk of users exposing their IP addresses.
How To Tell The Difference Between a DDos Attack From Other Attacks
Unfortunately, even with advanced defense solutions and user safeguards in place, criminals will still find a way to disrupt the gaming vertical for fun and profit. They will always take the path of least resistance and target the most vulnerable point in the overall environment, typically a user, and not always in the form of a DDoS attack.
The gaming vertical is currently overwhelmed with numerous attacks outside of DDoS, ranging from phishing and credential stuffing to Ransomware attacks. In the Mortal Kombat example, the threat actors used a phishing attack to gain another player’s IP address. In a more extreme example, Capcom suffered from a Ragnar Locker Ransomware attack back in 2020, resulting in the destruction and encryption of their servers. But this isn’t the only case. In fact, over the last year, ZDNet has reported on four major gaming studios that were targeted by Ransomware gangs.
How COVID Changed the Landscape of Gaming for Cybercriminals
All aspects of the gaming arena are vulnerable to different attack surfaces. It’s pretty messy if you ask me. Criminals appear to be evolving and seeking new ways to cause disruption and launch larger attacks over the last year. Because of COVID and the growth in userbases across the gaming verticals, both video games and gambling, it’s very likely that threat actors will continue to invest more time and resources in targeting the verticals.