Distributed Denial of Service (DDoS) attacks flood targeted computers with illegitimate traffic to exhaust the network, causing lags or even stopping access outright. And no industry has been the target of DDoS attacks more than gaming. DDoS attacks have skyrocketed in general over the last ten years, setting a new record last year at 10 million attacks overall, globally, and incredibly, about 80% of those were gaming-related. The gaming sector has been one of the primary drivers of DDoS attacks for three reasons.
First, the amount of money being wagered in egaming continues to grow at a significant pace. More than $13 billion is estimated to have been wagered on esports matches globally in 2020. Top prizes for major tournaments like the League of Legends World Championship routinely exceed $1 million alone, and are watched by millions of people around the world.
With so much money and interest, it’s not a surprise that cyber attackers have also been paying attention. There are many possible motivations to use DDoS to alter the outcome of a match, but the end result is often to influence a competitive bet. Sometimes it’s a direct wager between two players. Other times, players are wagering on the outcome of a match between third parties. And sometimes, the cheaters want to win a match to gain entry into higher profile matches with prize pools.
Second, the pandemic has fueled both egaming usage as well as DDoS attacks because people were stuck at home during mandated lockdowns and eager for entertainment, and so looked to online activities. Global egaming revenues skyrocketed in value to $159 billion in 2020, around four times that of total box office revenues ($43 billion in 2019) and almost three times music industry revenues ($57 billion in 2019). More players online equate to more targets for attackers.
The third factor behind the spike in DDoS is how effective it is as a tool for people with even a rudimentary knowledge of the internet, a category under which most gamers certainly fall. DDoS is cheap, easy-to-use, and incredibly effective; it is the oldest and most common form of cyber attack. In today’s booming cybercrime economy, DDoS kits are easily purchased on the dark web for as little as US$7. The origin of DDoS attacks are also easy to disguise, and it doesn’t take much to dramatically affect the outcome of many live online games; even a disruption of just a few seconds can mean victory, and payout. In many instances, a DDoS attack might not even be recognized as such, and mistaken for normal network lags.
So, how should gamers protect themselves? Step one is preparation, and gamers must begin by using VPNs to obscure their IP addresses. For players (as opposed to esports firms), this is the single biggest key to mitigating DDoS attacks. Players should also never divulge personal information about themselves like their location or otherwise, as that can be useful information for would-be DDoS assailants.
For esports firms, preparation requires a more comprehensive approach. One basic, and often overlooked, step is a simple network capacity analysis in order to get a baseline of average network traffic, and extrapolate that to what type of capacity would be needed to address a DDoS attack. It’s not a matter of if, but when, an esports firm will be DDoS-ed, so it’s crucial to implement that extra bandwidth now.
More generally, it’s crucial to have an updated DDoS attack mitigation strategy that provides clear lines of authority and recommended actions in the event of an attack. This includes not just DDoS attacks against the esports firm specifically but the entire network supply chain, such as cloud and Internet Service Providers (ISPs). It’s very important to proactively have conversations with these partners in order to understand their DDoS mitigation tools and strategy.
As money and interest in winning esports matches grows, so too do the risks posed by DDoS attacks. The ease with which threat actors — even relatively experienced ones — can launch an attack, combined with the public visibility of many egaming tournaments, means that DDoS mitigation should be a top priority. Neither players nor the esports firms hosting them can afford to wager on their network’s availability.
About the author
Richard Hummel has over a dozen years of experience in the intelligence field and is currently the Threat Intelligence Research Lead for NETSCOUT’s ASERT Research Team. He began his career as a Signals Intelligence Analyst with the United States Army. During the course of his service, Richard became certified in Digital Network Intelligence and supported multiple operations overseas including a deployment to Iraq.