Game is far from Over:
DDoS attacks on the Gaming Industry
The gaming industry is at risk
In September of 2022, Activision Blizzard announced on Twitter that they are down. Activision Blizzard is one of the biggest gaming companies in the world, a key player if you may, and the announcement was a huge red flag for the entire gaming industry. According to IGN, Activision Blizzard first acknowledged the issue in a tweet at 12:15am, Pacific, on September 14, saying it was investigating an issue affecting its authentication servers that was causing slow or failed login attempts for players. Around 40 minutes later, Activision Blizzard confirmed that its servers were down due to a DDoS attack.
Activision Blizzard is the publisher of gaming hits such as Call of Duty, Warzone, and Overwatch. To the unfamiliar reader, this may sound like a small issue, but for someone who is aware of the enormous popularity of these titles, and the gaming industry as a whole, this is troubling news. The gaming industry is one of the entertainment world’s largest money makers, which branches into several lucrative paths – consoles, smartphones, casual games, educational games, and many more. In the past, gaming was limited to consoles and even physical game boards. Nowadays, the gaming industry is living online. If not in the form of support (which is now the basics), then in the form of the entire gaming experience situated on servers.
How does that impact me?
Think of the times when you needed a short break from the workday, and you logged on to Angry Birds or Candy Crush Saga. These casual games are all online, and a simple DDoS attack can shut down the game for hours. Now, think of a teenager who spends their afternoon playing Fortnite online with friends, and how a temporary shutdown of services can ruin their shared activity. In December of 2022, SC Media reported that Minecraft servers worldwide were almost shut down due to a widespread DDoS attack, which could have resulted in millions of Minecraft players unable to log in the game. And now think about Twitch, the video streaming service that focuses on video game live streaming, including broadcasts of Esports competitions and "real life" streams. Twitch is owned by Amazon and is currently housing millions of users, who generate over three million streams per month. The revenue damage from a large-scale DDoS attack to Twitch’s servers will be tremendous, should such an attack happen.
The gaming industry is all around us, and the numbers don’t lie: according to Statista, the gaming industry’s revenue in 2022 will be over 100 billion USD in mobile devices alone. Mobile games are currently the most popular form of gaming, and they are almost entirely cloud-based. From an operational standpoint alone, attacks on web-based gaming applications shut down the game for hours and cause massive reputational damage to the company. As one might imagine, many of these games also have sponsors, so the collateral damage is even more severe. In addition, a DDoS attack may put player accounts at risk of being compromised by hackers, resulting in account selling, theft of personal information including credit card data. In fact, in recent years, DDoS attacks are also used as a distraction to other malicious cyber-attacks such as malware. Large-scale DDoS attacks can take games offline and affect thousands of players in a matter of seconds. The attacks can also be more targeted, increasing latency to give one player an advantage over others, and many more interruptions and damages. So, if you are a gamer, even a part-time one, or your children are gamers, most chances are that a simple DDoS attack will put you at risk, and in the least – in a great deal of frustration.
Online gaming tournaments, which draw sponsors and revenue and award big cash prizes, were also the focus of malicious DDoS attacks in recent years, with the most notable case being the cancellation of an entire day of competition during the “League of Legends” tournament held by Riot Games in January of 2021. The attack caused major disruptions to the tournament’s operations, including cancellations, refunds, and reputational damage. Due to the rising number of DDoS attacks on gaming tournaments and events, there’s a worrying trend of tournaments moving offline, which leads to illegal gambling and a lack of regulation.
But I’m not a gamer, I’m a CISO in a gaming Company…
The gaming industry is targeted for 37% of all DDoS attacks, according to an official report published by Akamai Technologies, one of the world’s leading mitigation vendors. This is an overwhelming amount, as the second most targeted vertical is the financial sector. This report, and many others, including our own attack reports, indicate that in 2022, threat actors are increasing their attempts to attack gaming companies. The report also shows that The United States is the main target of attackers, followed by Switzerland, India, Japan, and the UK, meaning that no one is safe, no matter where the company is located. Gaming companies are moving operations to the cloud, creating larger, more vulnerable attack surfaces. The main danger, as mentioned, is first and foremost disruption of activity, which will cause downtime and reputational damages.
If the DDoS attack is a distraction, then the damages may include stealing financial information such as microtransactions, which are common in the gaming industry, especially in casual mobile games. These small transactions represent a huge draw for cybercriminals to capitalize on the spending power of gamers without drawing attention to their malicious actions. The main problem with most organizations nowadays, whether they are in the financial fields, insurance or gaming, is the lack of visibility into their critical DDoS vulnerabilities. Traditional mitigation can only test and detect the known attack vectors, but DDoS attacks are constantly evolving and becoming more advanced. From simple disruption to ransom attacks, DDoS attacks have become the new cyber threat to organizations worldwide, and the effect that a sophisticated DDoS attack can have on a gaming company, even a medium-scale one, can be devastating. But it’s not all doom and gloom.
First step – become proactive
In order to expose the existing gaps in the mitigation layers, gaming companies must take every proactive step to stay protected and ready to provide its service to their customers. This means testing for DDoS vulnerabilities across the entire attack surface, exposing and remediating said vulnerabilities and unknown attack vectors, with minimal downtime. By running constant DDoS testing and simulations, a gaming company can ensure its operations will be as protected as possible against an incoming DDoS attack. Due to its nature of 24/7 entertainment on various devices and platforms, a gaming company’s mitigation layers should be up to date on all DDoS vulnerabilities, with full visibility into the company’s true DDoS resilience.
In times when the largest gaming companies are being attacked monthly, one cannot assume that their organization is protected just because it spends a lot on mitigation services. The vulnerabilities are present, and the attack vectors are evolving. While games can sometimes lag and the players live with it, protecting your gaming company’s attack surface cannot lag for a millisecond. So, take the proactive approach because this game is far from over.