Attacks/Breaches
9/17/2013
11:54 PM
Lori MacVittie
Lori MacVittie
Commentary
50%
50%

Grand Theft Oh No: When Online Gamers Attack

A new report says the tactics players use to slow down the competition may be trained on your site. Here's how to protect yourself.

The volume of distributed denial-of-service attacks is holding steady, with vendors and researchers pointing to statistic after chilling statistic about how many, how often and how successfully such exploits occur. Most blame the ability of attackers to leverage vast networks of compromised PCs, often procured at volume-discount prices on the resource black market. But are zombie armies getting the blame for attacks originating from dark, seedy online gaming networks?

Maybe, says a recent white paper with the deceptively tame title "An Analysis of DrDoS and DDoS Attacks Involving the Multiplayer Video Gaming Community." In it, DDoS mitigation service provider Prolexic tells a tale of revenge, exploitation and extreme competition among gamers.

The report explains how vulnerable game servers become launch points for DDoS attacks against both third-party and in-game targets. It's become so common that the gaming community has its own term for the practice: "packeting." These attacks are most often reflection-based, using compromised servers to take down a target by spoofing requests to public services that return responses, flooding the target's network connection or overwhelming available resources. Gamers initiate attacks for a variety of reasons, including inducing enough lag to achieve a strategic advantage over rivals.

[ DDoS attacks can cost serious money and are nearly impossible to repel with standard defenses. Should you buy protection? ]

What's disconcerting, however, is the potential use of these often-vulnerable servers to carry out DDoS attacks against enterprise networks. Downtime and disruption caused by DDoS attacks is expensive, costing victims an average of $172,238, according to the Ponemon Institute, and you don't even get to blow up any virtual cities for your trouble.

Both IT organizations and game platform providers can take action to minimize the impact of such attacks, as well as prevent their servers from being used as an attack platform. Above all, remain vigilant and have monitoring and alerting systems and processes in place to rapidly detect and respond to an attack in progress. Specifically:

-- Close open resolvers: A significant number of DDoS attacks are carried out against DNS due to the public nature of the servers they provide. It's a rare organization that needs to act as an open resolver -- in most cases, these systems are misconfigured. Turning off open recursion is a good first step toward mitigating the effects of a DNS DDoS attack.

-- Mind your bandwidth: Reflective attacks work because the response, which is sent to the victim, is many orders of magnitude larger than the request itself. The sheer volume and size of responses can consume every bit of available bandwidth and cause network outages and service disruptions. Ensuring that you have spare network capacity -- both available bandwidth and packets-per-second processing power -- will buy you time to take action in the face of an attack. 


-- Consider rate limiting on perimeter network elements: Response-rate limiting as well as inbound packet filtering, particularly when network-layer anomalies indicative of an attack can be identified, will help reduce the impact of a DDoS attack on other services.

Gaming platform providers can -- and should -- do more to monitor and guard against abuse of their resources. Packet-filtering, rate limiting and, of course, addressing server vulnerabilities will go a long way toward eliminating the ability of gamers to exploit systems for their own gain.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Thomas Claburn
50%
50%
Thomas Claburn,
User Rank: Ninja
9/19/2013 | 12:28:24 AM
re: Grand Theft Oh No: When Online Gamers Attack
What evidence does the report provide that gaming community behavior spills over to affect businesses outside that sector?
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-1774
Published: 2015-04-28
The HWP filter in LibreOffice before 4.3.7 and 4.4.x before 4.4.2 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted HWP document, which triggers an out-of-bounds write.

CVE-2015-1863
Published: 2015-04-28
Heap-based buffer overflow in wpa_supplicant 1.0 through 2.4 allows remote attackers to cause a denial of service (crash), read memory, or possibly execute arbitrary code via crafted SSID information in a management frame when creating or updating P2P entries.

CVE-2015-3340
Published: 2015-04-28
Xen 4.2.x through 4.5.x does not initialize certain fields, which allows certain remote service domains to obtain sensitive information from memory via a (1) XEN_DOMCTL_gettscinfo or (2) XEN_SYSCTL_getdomaininfolist request.

CVE-2014-6090
Published: 2015-04-27
Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) DataMappingEditorCommands, (2) DatastoreEditorCommands, and (3) IEGEditorCommands servlets in IBM Curam Social Program Management (SPM) 5.2 SP6 before EP6, 6.0 SP2 before EP26, 6.0.3 before 6.0.3.0 iFix8, 6.0.4 before 6.0.4.5 iFix...

CVE-2014-6092
Published: 2015-04-27
IBM Curam Social Program Management (SPM) 5.2 before SP6 EP6, 6.0 SP2 before EP26, 6.0.4 before 6.0.4.6, and 6.0.5 before 6.0.5.6 requires failed-login handling for web-service accounts to have the same lockout policy as for standard user accounts, which makes it easier for remote attackers to cause...

Dark Reading Radio
Archived Dark Reading Radio
Join security and risk expert John Pironti and Dark Reading Editor-in-Chief Tim Wilson for a live online discussion of the sea-changing shift in security strategy and the many ways it is affecting IT and business.