DDoS has evolved considerably since the early days of the Internet, when attacks were mostly the preserve of teenagers coding in their bedrooms to cause mischief and disruption. DDoS attacks have now become a cheap, yet highly effective, method of cyber-attack that just about anyone can launch. The rise of DDoS-for-hire botnets has caused an explosion of attacks, partly due to their cheap price point – they can be launched for just a few dozen dollars per month – but also because there is virtually no technical barrier to entry, as they require no coding knowledge. On the back of this, DDoS attacks are now rife within the gaming industry.
Gamers are known to regularly use DDoS to gain a tactical advantage. It has now become an expected part of gaming culture for a player to use DDoS to knock other players offline, or sometimes to target an entire service to prevent others from gaining a competitive edge. These kinds of DDoS attacks can spark a wave of repercussions. When thousands of online gamers are locked out, or booted off their games, it gets the attention of the media. The stakes are high for the gaming companies – when they lose players, they lose revenue. So, it’s easy to see why DDoS-for-Hire is so successful, as it plays on the popularity of DDoS as part of the online gaming environment and engages a willing army of participants who would be keen to access the most effective DDoS tools out there.
Attackers are increasingly innovative in their DDoS techniques, so in order to keep up, defense solutions need to be similarly inventive. Let’s not forget that, in the gaming world, innovation is the way you stay ahead of the competition. Such innovation will likely lead to the evolution of new DDoS techniques, and a series of new attacks.
How Can These DDoS Attacks Be Stopped?
While the motivations for such attacks are endless, the defense is the same, regardless of the technique. Firstly, carriers (Internet Service Providers) have a responsibility to protect their customers from such attacks, by ensuring they have full visibility over their networks and can spot malicious activity.
Indeed, Service Providers are in a unique position to “profitably remove” DDoS attack traffic that targets their subscriber base, and many are moving forward with new initiatives. Technology exists that can detect and automatically defeat all volumetric DDoS attacks, in real-time, and this technology can be easily deployed in a Service Providers’ network, at peering points or subscriber edges. This technology can be deployed in a host of ways and will detect, alert, and block any DDoS attack traffic presented to it. As the landscape of DDoS attacks changes, providers must keep up with the pace of the latest trends, otherwise they risk putting their customers in danger of suffering attacks and could risk damaging their own reputation and revenue in the process.
Comprehensive visibility is essential not only to quickly combat DDoS threats, but also to enable compliance reporting, security audits, and forensic analysis of past threats. Once a DDoS attack has been mitigated, security analysts can learn by conducting a forensic review of the attack and by uncovering hidden patterns and identify emerging threats within the massive streams of security event data. Without such forensic insights, it is impossible to determine how effectively an attack was mitigated and whether there were any false positives that led to collateral damage that may substantiate any customer Service Level Agreement (SLA) claims.