Author: Elliot Weisse, Gaming Industry Specialist, OVHcloud
As films are fond of showing us, people are simultaneously the greatest strength and the greatest liability when it comes to cyberattacks. In 2007’s Die Hard 4.0, Bruce Willis succeeds in dismantling a sophisticated hacker ring almost entirely on the strength of sheer bloody-mindedness, occasionally punching things and more often, crashing cars into stuff.
Although the accuracy of the film has about as much in common with technological reality as Jurassic Park’s Unix system, it does make an important point. Hacker behaviours vary, and over time we see a great deal of change in how and where attacks are perpetrated.
According to Cloudflare, gaming and gambling sites and servers are the second most popular target for application-layer DoS attacks, after cryptocurrency, and the third most attacked at the network layer.
This results in some interesting experiences from a protection perspective.
Social Friction
It’s important to look broadly at DoS (and cyber) attacks to get mitigation right. For example, users want services to be as available as possible, so they can access games easily, which means keeping the log-in and authentication process as streamlined as possible. However, from a provider point of view, more comprehensive (and often, slower) security measures help to protect users. Consequently, achieving a balance of the two is important.
More specifically for DoS mitigation, network and security settings do vary by game; different games use different network settings, ports, and have different characteristics for communicating between servers and players, which also has an impact on how the game is protected – or exploited.
From a social perspective, how – and whether – games are attacked tends to vary based on the characteristics of the game and its players. The main variables seem to be whether the game is public or player-owned, and competitive or co-operative. For example, although it’s enormously popular, and public, Valheim servers are less likely to be attacked, simply because of the nature of the game – it’s more about exploration and survival rather than competition. On the other hand, CS-GO and Arma are quite competitive and seem to spawn relatively high rates of disgruntled gamers launching DoS attacks at each other.
Player-owned servers are generally less likely to suffer from DoS attacks, because they’re shared amongst friends and family. If you know you’ll have to face someone socially in the future, you’re much less likely to launch a cyberattack on them. Of course, you might have a shouting match or resort to more amusing pranks, but at least that doesn’t drag your friendly neighbourhood infrastructure provider into the matter. However, servers owned by a game hosting provider but used privately do tend to receive a number of attacks because mischief-makers can bring down many games by attacking the same number of servers.
Finally, these patterns are also intersected by trends. Pre-pandemic, we saw the launch of many massively multi-player games, like Destiny and Fortnite. Post-Covid, we’ve seen more people playing with friends and family – possibly as a result of getting more into gaming during the pandemic but then realizing that they’d rather play with people they know. This also tends to reduce the incidence of DoS attacks – but means that the DoS attacks that do happen are more likely to be run by experienced third parties.
Knowing Your Application
Although attacks on gaming servers can take place at the network and transport layers, DoS attacks often take place on the application layer, bypassing network firewalls. One of the main challenges for blue teams and other cybersecurity professionals is that technology infrastructure and software is hugely complex, and as complexity and scale increases, so do the number of potential avenues for attack.
For example, although application-layer DoS attacks can target the server itself via game traffic, there are other ways to cause disruption. For example, in-game audio and video communications open ports that can lead to vulnerabilities, and any bots (such as anti-cheat bots) also present avenues of attack.
Each game and plugin will have its own characteristics that blue teams need to be aware of, profiling, understanding and in turn, protecting the games in question. Each new mod or update launch can also turn into an arms race as both hackers and blue teams try to understand new vulnerabilities to either protect or exploit them.
Into the Future
It probably goes without saying that the future of DoS – and cybersecurity in general – lies with both AI and people. While DoS tools have been available for hackers to download for years, AI is increasingly being used in this capacity to optimize attacks and get past organizational defenses. On the other hand, AI also has great potential to help protect against DoS and other cyberattacks. However, both rely on smart deployment, management and utilisation by people, and although cyberattacks grow more complex and powerful by the day, so do our defenses.
