Fourth white paper in the DrDoS Attacks series: Multiplayer video gaming attacks

Published September 10, 2013

Fourth white paper in the DrDoS Attacks series: Multiplayer video gaming attacks

Reflection DDoS attack methods, called DrDoS, involving the online video gaming community, are widespread and harm gaming and non-gaming targets alike. Learn about the history of denial of service attacks in gaming and reflection attack tools that use gaming servers – including Quake, Half Life and Call of Duty – to attack non-gaming targets.

What You Need to Know

  • Malicious actors consistently target online gaming infrastructures, seeking easy resources to harvest for use in DDoS and DrDoS attacks against gaming and non-gaming targets.
  • They especially look for profitable exploitable vulnerabilities and misconfigurations.
  • The large footprint and broadband capabilities of video game server infrastructures makes them attractive to malicious actors.
  • Attackers look for poorly implemented security controls and server configurations for use in DrDoS reflection attacks.
  • Rapid growth of online gaming infrastructures has fueled an environment among gaming providers where uptime and functionality often take precedence over security.
  • The attack surface of online game providers will expand as the industry grows.
  • The black market makes a commodity of video game network access credentials and in-game currency, powerful character profiles, and downloadable software are valuable.

Background

The online video gaming infrastructure supports hundreds of millions of online gamers — Comscore estimated that online gaming communities had amassed 671 million users worldwide by April 2013, with 145 million gamers playing on a daily basis1.

The availability and accessibility of online gaming infrastructures and devices creates opportunities for malicious actors to use freely available underground tools to launch DDoS attacks against gaming consoles, and steal gaming network login credentials from legitimate users. A history of malicious behavior follows the online video gaming industry and denial of service attacks occur frequently and keep evolving. Attacks are widespread and harm gaming and non-gaming targets alike.

Malicious actors vary in their motivations, methods, and use of online gaming servers, including:

  • DrDoS attacks against non-gaming targets
  • Takeover of high-value player accounts
  • Knock fellow players temporarily off the network
  • Damage the playing experience on rival platforms

DDoS Mitigation:

What can online gaming providers do to reduce DDoS risk?

Gaming network administrators should implement several prevention measures to prevent the types of attacks discussed in this whitepaper:

  • DDoS protection mechanisms. Acquire third-party DDoS protection services or implement network operation center (NOC)-based DDoS monitoring and mitigation.
  • Enforce authentication from clients by establishing endpoint security. Such mechanisms must prevent unauthorized parties from joining the gaming network and communicating with the gaming infrastructure.
  • Implement proactive measures against potentially vulnerable protocols, such as ICMP. The ICMP protocol and DNS servers with misconfigurations are two ways malicious actors can use gaming servers as intermediary victims in reflection attacks.
  • Implement and enforce policies for software updates, patch and change management. Keeping the infrastructure current on updates and patches will help mitigate DDoS vulnerabilities.
  • Close opportunities for brute force attacks. Network service providers should implement and enforce proper measures to limit brute force attacks and make use of geolocation confirmation features.

Contact Us