Online gaming servers, whether for PC or console gaming, have long been the target of DDoS attacks. Often at the helm of these attacks are collectives who vary in hacking skill. Motivations for these attacks vary, such as Lizard Squad’s desire for attention and chaos via DDoS’ing Sony and Microsoft servers (among countless others). Some want fame, some want to prove their hacking prowess, and others just like creating situations of misery for innocent gamers.
These attacks are increasing in number and strength for online gamers, and Blizzard Entertainment is the latest victim.
On August 13, the company responsible for the enormously popular World of Warcraft and Diablo online games began experiencing issues with their authentication servers. As reported by Kaspersky Lab’s Threatpost, “Blizzard experienced a sharp increase in network problems midday Sunday with users reporting an inability to log into games, server connection problems and… the Blizzard Entertainment webpage appearing to be down.”
Blizzard kept their users updated on the situation through their official Twitter account, as seen below:
As of the time that this article was written, no individual or group has taken responsibility for the attacks. Blizzard Entertainment has not given any interviews or statements to the InfoSec media about the attack either. It isn’t clear at this point whether or not this will be a onetime instance, or if perhaps this is the beginning of a wave of DDoS attacks against the company (it always helps to anticipate subsequent attacks).
DDoS protection services exist, but as this recent attack proves, there is no such thing as a bulletproof armor against DDoS. This is further compounded by the fact that anyone with enough drive can commit these attacks. It isn’t just restricted to hackers anymore, as botnets are available all over the Dark Web for purchase.
DDoS attacks are a major threat to businesses, but gaming companies that host multiplayer servers are always a tantalizing target. A lot of this has to do with how much damage can be done in a short amount of time. As Igal Zeifman of Imperva told Threatpost in an interview:
In the case of a real-time online game, even a small amount of latency — as a result of a technically ‘failed’ attack — is enough to cause major disruption to gamers looking for a completely responsive and immersive experience.
Major gaming companies are aware of this thanks to the numerous high-profile incidents of the past few years, but the attacks are only growing in power and frequency. Inevitably, there will be a time that DDoS protection services cannot fight back against a far more powerful attack that becomes widespread. We’ve seen this occurring with botnets like Mirai and Necurs, and it is only a matter of time before botnets like these get pointed at gaming servers.
The gaming industry must be prepared for that time.
Photo credit: Blizzard Entertainment