You’re just about to take out a long-time rival, claim Victory Royale or round out a royal flush when your ping spikes or you’re DCed. Chances are you, or the game you’re playing, have been hit by a denial of service (DoS) attack. What’s the story?
A recent report cited that of all cyber attacks targeting online gaming and gambling industries in Q3 2020, more than a third focused on online gaming platforms. Denial of service and Distributed Denial of Service (DDoS) attacks capable of booting thousands of players offline, or causing lag spikes that puts them at a disadvantage over rivals, are rife in gaming. But why are they happening and what can gamers do about it?
In this post, we’ll take a look at some of the reasons behind DDoS attacks on gamers, how they work and why they’re so popular. We’ll finish up with some steps gamers can take to protect themselves from DDoS and other attacks.
Crash cow
Gamers are lucrative targets for cyberattackers; their high-spec machines alone are a valuable resource for cryptocurrency miners. The top 10 teams in eSports are valued at around US$2.4bn and, as the prize money rockets (the first-ever Fortnite World Cup had a US$30m prize pool), it’s inevitable that attacks on players, platforms and studios will too.
The problem for both gamers and studios is that pretty much anyone can launch a DoS/DDoS attack on individual gamers or entire networks, without needing to have programming skills. “DDoS as a Service” attacks can be rented online for as little as $10, complete with technical support. All it takes for your sworn mortal enemy to knock you offline for 10 minutes is a PayPal or cryptocurrency account and the inclination to execute. So how does DDoS work?
Operation overload
DoS attacks involve sending large volumes of junk traffic to a target IP address, overwhelming it with data and either slowing it down or completely knocking the network offline. Because a lone network connection is unlikely to have the capacity to send enough data to overwhelm the target, attackers use DDoS attacks to bring down entire sites and networks. To do this, they can use a “botnet” – a group of malware-infected computers and devices that provide the firepower needed to initiate attacks, usually without the owner’s knowledge.
Back in 2016, the then-biggest DDoS attack the world had ever seen was launched by a zombie botnet army of smart TVs, fridges, webcams and other hijacked Internet of Things (IoT) devices. Today, attackers rent botnets to carry out successful attacks without having any specialised knowledge. When gaming servers are victims of DDoS attacks, the game is unavailable. When you consider that Fortnite’s 350m registered players spent a collective 3.2 billion hours in-game in April 2020, or Apex Legends took just one week to amass 25m users following its launch, that’s a lot of unhappy gamers. Who’s behind DDoS attacks on gamers?
Cheaters gonna cheat
In a world where anyone can rent a DoS or DDoS attack, gamers are finding themselves blocked or with connection speeds so low their attacker gains a competitive advantage or revenge on a rival. DDoS as a form of “digital doping” has ramped up so much that studios like Respawn, Activision and Ubisoft (creators of Apex Legends, Call of Duty and Rainbow Six Siege respectively) banned gamers using DDoS attacks to cheat. Cheaters simply created new accounts, leaving the studios to take legal action against the cybercriminal “arms dealers” offering DDoS attacks for hire to gamers.
It’s not all one-way traffic for the cheaters: Fortnite players are regularly targeted with ransomware masquerading as cheat tools. Malware is routinely distributed on websites offering hacks and cheats for games like Minecraft, FIFA and CS:GO. Some attackers are able to hijack game updates to execute their payload. But not all attackers are interested in cheating…
Spies gonna spy
DoS attacks on gamers aren’t all about money or cheating: actors linked with nation-states are in on the game too, targeting the gaming community and distributors to launch attacks that distract and disguise wider “supply chain attacks” that help them gain access to bigger targets.
Winnti, APT41 and ShadowHammer have all been linked with nation-state actors looking to compromise supply chains, gather information about/from individual gamers via chats and message boards, or infect their machine with malware.
Trolls gonna troll
With so much at stake, attackers have moved away from massive volumetric attacks based on junk traffic and into more sophisticated network crashes that pull down and interrupt sessions on a regular basis, creating maximum disruption for gamers -and putting massive pressure on platforms and network providers.
Annoying as it is for gamers, regular interruptions and downtime for service providers are a massive problem for the companies being attacked. Downtime can cost US$100K an hour – and the first hint of it spreads quickly over social media, along with the complaints and references to other times gamers have felt let down by the provider. If it’s a very popular platform, the media will soon notice. In such a competitive market, hackers can do a lot of damage in just a few minutes; resulting in service providers and studios losing players and revenue.
Can I be “DDoSed”?
Short answer: yes.
Anyone can be targeted, but for individual gamers, the attacker would need to know your IP address. If you only play through official servers like Steam or Xbox, your IP should be hidden automatically. If you’re a PC gamer who plays games like Minecraft or Team Fortress, your IP address could be visible to server admins and potentially the public when you’re in-game.
The real danger for gamer IP addresses comes from within the community channels where people hang out and chat. For a long time, Skype and other VOIP tools were a weak point, but now hide IP addresses by default (you can double-check by doing this). Large group channels like Discord put a lot of work into ensuring IP addresses remain hidden but accidents and attacks can happen, like the recent incident where players’ IP addresses were accidentally shown on screen.
Whichever voice program you use, keep it updated with the latest patches and adjust settings to make sure you only receive calls and requests from players on your friends list. Double down by keeping your profile and any identifying information private.
What should gamers do if they think they’re being attacked or DDoSed?
Rubber banding and ping spiking often have more to do with your home connection than the platform you’re on. Often, the only sign you’re experiencing a DoS attack is the sudden outage and unexplained dc. How do you know the difference? Start by eliminating home network/ISP issues:
- Unplug the router at the power source and the cable
- Turn off your computer/console
- Wait five to ten minutes and re-start
Resetting the router should stop a targeted attack on you specifically; it should get you a new IP address, which your attacker won’t have access to. Botnets are usually trained to operate automatically for as long as an IP address is active, so switching off your router should work. Still nothing? Call your service provider – in addition to alerting you to any known network issue, there’s a good chance they can check to see if suspicious traffic is being sent to your IP address. Equally, if your CPU is running high and overall performance is sluggish, there’s a chance your system has been hijacked for use as a bot or a crypto miner.
How can gamers protect themselves from DDoS attacks?
If your service provider or platform is attacked, there isn’t a lot you can do. Here are five steps you can take to protect yourself from a targeted DoS attack:
- Keep your IP hidden. Yes, we said this already. We’re saying it again because it’s one of the best ways to protect yourself from a targeted DoS attack.
- Reset your IP address regularly. Like changing your password, it keeps would-be attackers guessing, especially if you’re a high-profile gamer or streamer. The easiest way to reset your IP is simple: unplug your router and leave it for at least 10 minutes. You can also reset your IP address in Windows by doing this. Mac users can change their IP by following these instructions.
- Don’t click on external links sent to you in chat. Even if they look like they’re from someone you trust, check that they meant to send it before you click. Malicious links can expose your IP address or install malware on your system.
- Use a virtual private network (VPN). This essentially hides your IP address inside a virtual tunnel. All your network traffic routes to the VPN provider first, meaning attackers hit the VPN’s servers first, where they’re screened out before they can damage you. Because VPNs introduce another layer to your network path, they can lead to higher latency and ping. On the up-side, VPNs designed specifically for gamers have less impact – and can even improve your connection while making you more secure.
- Upgrade your home network. If your network hardware is provided by your ISP, it should be up-to-date and secure. If the hardware is more than four years old, or you bought your own, it’s time for an upgrade. Some routers have built-in protection against DoS attacks and other network intrusions. Some have blocklists that immediately block known botnet IP addresses.
- Update your Security Software. If on a PC make sure your AV and security software is updated and active. Allow only minimal access points in your firewall. Practice good patching hygiene.
What other steps can I take to stay secure while gaming?
Good anti-malware on all your devices (including your phone) ensures a strong first line of defense. It can also help protect you from being hijacked for use in a botnet and becoming part of a wider DDoS attack. If you’re a Mac user, don’t fall prey to the myth that you’re somehow immune: Apple devices are increasingly vulnerable and have also been used in DDoS attacks. By regularly updating your security software, staying patched and keeping up with hardware updates, you’ll be doing a lot to protect your home network (and by extension, your gaming system) from attack. Gamers understand all too well how interruptions or lag can ruin the experience for themselves and others; when you secure your own experience, you’re also helping the wider community. Let your provider know if you’re having problems and ask them to provide a more secure gaming environment.
If you’re a gaming company interested in protecting your infrastructure from attack, you can learn more here about how Imperva can keep your players safe on the digital battlefield. If you’re an ISP, you can find out more about protecting against network take-downs by DDoS and bad bots here.
Try Imperva for Free
Protect your business for 30 days on Imperva.