As much as online gaming literally involves fun and games, it’s a serious industry. Ninety-one billion dollars in revenue in 2016 is pretty serious. It’s an intensely competitive industry that lives and dies with its users’ happiness, an industry that’s been one of the biggest DDoS attack targets for years. So by now a game as big as Final Fantasy would have every safeguard in place to prevent these devastating attacks, right? Wrong.
The list of online gaming platforms hit by outage-causing DDoS attacks include major players like the PlayStation Network, Xbox Live, Nintendo, League of Legends, Blizzard and Steam. It would actually be strange if the Final Fantasy franchise was somehow not included in this list. Rest assured, there is nothing strange to be seen here.
Just as the hotly anticipated Stormblood expansion pack hit the market, the Final Fantasy XIV servers were slammed by a distributed denial of service attack. According to Final Fantasy’s publisher Square Enix, Final Fantasy XIV’s network equipment, network connection and game servers were all targeted by a sophisticated attack in which the vectors and methods were being switched from moment to moment, making mitigation difficult. As a result, many users were unable to log in, and the ones that were able to log in were disconnected. This went on for over five days – an eternity in this age of connectivity.
DDoS or distributed denial of service attacks seek to do exactly what the attacks on the Final Fantasy server did: deny online services to their legitimate users. They do so by bombarding those services with malicious traffic or requests, overwhelming the server and other essential infrastructure.
Due to DDoS attack groups, DDoS for hire services, DDoS ransom notes and bigger than ever IoT botnets, the last few years has seen the rise of DDoS attacks, making targets out of almost every website on the internet. There is perhaps no industry beleaguered by these attacks like online gaming is, however, and there are three main reasons for that.
The first is illustrated by the timing of the attack on Final Fantasy XIV. Online gaming platforms naturally experience major spikes in traffic, usually accompanying new releases. Servers are already stressed from these influxes, so it doesn’t take a massive attack to do bigtime damage. Even a moderately sized attack can push a gaming server over the edge when hundreds of thousands of legitimate users have already piled on.
The second reason the gaming industry suffers also has to do with the servers. Since online gaming has to offer constant connectivity, it requires an always available centralized gaming platform. This is what’s known as a single point of failure, which allows attackers to launch a narrow attack that causes widespread damage.
The third reason online gaming has been so hurt by distributed denial of service attacks leaves technology behind and focuses on emotions. Gamers often become emotionally invested in their games, and when those games are unavailable due to DDoS downtime, there is a lot of frustration to be vented. That frustration is seen all over social media and popular forums like Reddit, gaining the successful attackers plenty of attention. Whether the attackers were trying to gain publicity for their DDoS for hire services or they simply did it for ‘fun’, this is a major motivating factor.
A different approach
In their blog post on the attack, Square Enix vowed they would work on recovery from every possible angle. Square Enix and other game publishers are certainly deserving of sympathy, but the best angle they could approach these attacks from is the preventative one. With botnets getting bigger, attackers getting smarter, and the resultant outcry always increasing, these attacks aren’t going to do anything but get worse, and users aren’t going to wait around endlessly for uptime when there are so many other games on which they could be spending their time and money.
Professional DDoS protection has become a must for every business earning any kind of revenue from the internet, but for an industry like online gaming it’s imperative. A failure to meet this ever-growing threat head on could leave a game company deader than General Shepherd in Call of Duty: Modern Warfare 2.