By Nikhil Taneja, Vice President & Managing Director – India , SAARC , Middle East & GSI at Radware
Gaming is a hot, profitable industry – now more than ever, since the pandemic has driven people to consume more streaming content. It’s why botters, manipulators and cybercriminals will go above and beyond to disrupt online gaming services and impact the multiplayer experience.
Normally, DDoS attacks inflict damage by impacting service availability. However, in gaming there is another unique value to DDoS: it is being used to create an unfair advantage to one or more players by slowing down others and kicking out competitors from gaming rooms. The entire gaming arena could be DDoS attacked from different surfaces, leaving players frustrated and potentially leading to a severe impact on the brand reputation.
In recent months, we have witnessed more and more UDP, in-session, low volume floods targeting the online gaming industry, which even led a number of famous online tournaments to be canceled or postponed.
There are 3 attack surfaces that can take your game offline:
Gaming Server Surface
Similar to every resource on the internet, gaming servers are also bound to bandwidth and hardware resource limitation. As powerful as it may be, once attacked, the game infrastructure can be saturated as any other network/CPU-operated environment. The gaming server is the pivotal connection between the user and the gaming company/platform and hence, it must always be available, always online.
No matter if it resides in the public cloud or legacy data center, companies must protect their gaming servers against DDoS and other compromising attacks and ensure their constant high-availability and to provide the best user experience.
Gaming Lobby Surface
Such a unique, multi-layered architecture can cause a real headache for a security team. Lobby room protection, over UDP or TCP, can be hard to monitor and even harder to detect attacks because in most cases, they are low volume, resource exhausting attacks that won’t ring any alarm bells.
In addition, the authentication and initial login are, in most cases, encrypted. In general, encrypting the game authentication stream is mandatory in order to maintain data confidentiality and integrity. However, this also poses a problem as middle boxes are blind to the data stream. This inability to process the actual data might cause false positive or false negative detection where the server’s DDoS protection is based on traffic volume only.
On the other hand, decrypting all traffic might result in higher latency, negatively impacting the user experience in multi-player games. Since the SSL/TLS problem is a big issue, many times security teams are left with a big problem that keeps them from doing their job properly.
Companies need to monitor the regular usage of their lobby room, whether encrypted or not, focusing on the number of legitimate requests and their source IPs, so they can identify abnormal activities and
In-Game Surface
Protecting the in-game session is a hard skill to master. Security teams need to continually learn the normal distribution of UDP packets in the session itself in order to identify and block attacks, which makes the in-game attack surface lucrative for manipulators and hackers.
As UDP is all about speed, learning the normal distribution of online games can be an almost impossible task to perform manually. Gaming companies need to know to look for this in-session DDoS attack that can cause a game to crash or manipulate the integrity of the game itself. There is nothing players hate more than an unfair advantage that makes them lose the game and getting a network DDoS warning message.
Recommendations to protect your titles
Gaming companies are exposed in three dimensions and must stay on a constant alert and monitor each one of them for each of their titles. Security teams need to be able to identify attacks automatically, whether encrypted or not, when they start and have the right solution to block the attack while allowing legitimate users to play the game with no added latency. When working manually or with rate limiting technologies, security teams need to choose between impacting the user experience and overlooking the potential threats.