The popularity of Pokémon GO has exploded like wildfire in a matter of days (as anyone who does not live under a rock knows). It took only a few days for cyber hackers to find a way to cripple the online game with two apparently separate distributed denial of service (DDoS) attacks that caused service disruptions and outages.
Two groups have claimed responsibility for the attacks: the cyber hacking collective OurMine and another group, PoodleCorp (which threatens to launch another DDoS attack on Pokémon on August 1). It’s impossible to prove which group is responsible, due to their anonymity. As for the cybercriminals' motives, they probably do it to improve their “reputation” in the cyber underworld; organized cybercrime syndicates love to grab headlines. On the other hand, OurMine claims they are just doing it to nudge the Niantic, the company that created Pokémon GO, to improve its security.
The hacks are not surprising, because DDoS attack tools are inexpensive to buy and easy to find, allowing any creative attacker the ability to cause service disruptions with the click of a mouse. The online gaming industry is highly susceptible to DDoS attacks because the players are highly competitive and hate to be blocked out of a game. With so many players frustrated, Niantic is taking a huge hit in terms of revenue generation and brand reputation. How much money is it losing? That’s impossible to say, but MoneyNation.com reported, “Right now Pokémon GO money is big. How big? Estimates put its earnings at around $1.6 million a day.”
DDoS Protection Saves the Day
The costs of a DDoS attack are steep. What can an online gaming company do to protect itself from DDoS attacks? Without doubt, a DDoS protection solution is the only effective defense. Traditional security infrastructure or legacy DDoS mitigation solutions create latency in response time. By the time IT security staff notice an attack, then swing out traffic to be cleansed by an out of band scrubbing center, it’s very likely that the network has already suffered a disruption of service.
In addition, attackers have become more sophisticated in their techniques by launching low-level, multi-vector attacks that evade scrubbing solutions. Unlike an automated DDoS protection solution, human security agents are seldom able to detect granular, low-threshold DDoS attacks that drag 1) down network performance and 2) allow nefarious hackers to conduct a security breach. They can map and infiltrate the gaming company’s network which enables them to install malware or ransomware, either at the time or at a later date.
The benefits of Corero’s DDoS protection solution are as follows:
- Attacks are blocked before they can cause disruption to players’ gaming sessions;
- DDoS mitigation is automatic and in real-time, eliminating costly human analysis and configuration of countermeasures;
- Brand reputation and revenue streams are enhanced when customers have full and continuous access to online games.
To learn more about how Corero can help, read the Jagex case study.