When Gaming Isn't a Game: 3 Best Practices to Protect Your Hosting Service Against DDoS Attacks

The unprecedented number of security breaches, hacks and DDoS attacks on gaming communities, software manufacturers and even Hollywood studios grew to epic proportions in Q4 of 2014. Gaming sites and their hosting providers are particularly susceptible, and you don’t have to be a giant in the industry to be affected. In this article, we will explore why gaming sites are so hard-hit and how hosting providers can most effectively defend themselves.

Why Gaming Sites are Prime Targets

The reasons game servers frequently experience DDoS attacks are wide and varied. The majority of DDoS attacks sometimes are targeted against servers to cause latency in the network, thus interrupting game play and frustrating users. Some attacks are just for fun – a hacker showing off or trying to prove a point. Others may be motivated by the game itself: some real or imagined slight by other players that leads to retaliation, game mechanics (i.e. “I got cheated out of X”) or the desire for some gain, such as wanting to remain the top player in a particular category.

Some attacks are financially motivated, however; a DDoS attack can shut down game play, which means that the gaming company is losing money every second it is offline. There have even been reports of hackers who have blackmailed organizations, demanding a fee to end the attack.

In addition, attacks against game servers can be used to test proof of concept. When a new type of attack shows up, it has usually been tested within the gaming industry first. Hackers try out new botnets or attack methods on gaming sites because the latency created by DDoS attacks provides them with enough information to see the impact of their attack rather than waiting around wondering, “Did my attack succeed?”

Regardless of the rational, DDoS attacks can be devastating to not only the gaming companies themselves, but also to the providers that host the data.

How Hackers Bypass Firewalls and Other Security Measures

For a DDoS attack, the goal is to “flood the pipe” or exhaust the resources of an application, versus malware or some other method of attack. The attacker is not trying to get into the core systems, which the firewall was created to defend. Firewalls and other defenses really only apply to attacks whose aim is data exfiltration. In an exfiltration attack, the malware has already been injected into the core systems on the back end and DDoS attacks then serve to distract IT security teams so that the attacker can steal the data he or she wants.

As an analogy, there are different medicines that work against specific viruses – for instance, the flu virus. There are a myriad of flu viruses, and only certain medicines will affect a specific one. Similarly, in cyber security, different kinds of attacks are possible, and certain types of technologies are useful against particular attacks, whereas others are not. Even DDoS attacks have multiple variants. In these situations, while firewalls offer some protection, they don’t protect completely against DDoS attacks.

Firewalls such as IPS and DLP solutions are prone to being DDoS’d, can quickly become exhausted by these attacks and, once brought down, can act as the single point of failure in the network. It is imperative that vulnerable data be protected with a layered approach.

Three Best Practices in DDoS Mitigation

It can sometimes be difficult to navigate the cyber security offerings on the market today. In fact, solutions are as vast as the attacks they look to protect. Below are three best practices to keep in mind when building a secure and well-rounded network environment.

• Create a plan of action. While it is important to have the proper security tools in place, the second a DDoS attack is detected, your team should be able to respond to and understand the type of attack that is occurring. Once this is determined they will know which tools are on hand to mitigate the attack properly. Provide your teams with a comprehensive plan on how to react when a DDoS attack happens.  Include accountability and reporting functionality and help them understand that it is less a question of if an attack will occur and more one of when it will happen.
• Protect core defenses. The first thing hosting providers must understand is that attacks are going to happen and, while they can’t prevent them, they can certainly lessen their impact. In a world where a new DDoS attack is born nearly every minute, best practices suggest that organizations and service providers alike look at enhancing existing security portfolios with appliances that are located at the edge of the network, keeping DDoS attacks away from core defenses. This allows them to do what they are designed to do: monitor, clean and restore incoming and outgoing data.
• The layered defense. For advanced persistent threats organizations of all sizes, but particularly data centers, should have implemented a layered defense strategy, one that will watch the back end as well as the front. Security teams must be able to identify, and react in real time to, vulnerabilities regardless of their location in the network. Only then will defenses be sufficient to keep the network up and running and end-users undisturbed by ongoing attacks.
• Watch for back-end exfiltration attacks. Make sure security teams are ready to go into hyper-vigilance mode on the back end, looking for exfiltration attempts. Tighten rules on firewall settings and start closely monitoring the ports in critical databases to make sure there isn’t any unusual activity going on.
• Use reporting mechanisms. To better understand the nature of the attack after the fact, look for solutions that provide your team with detailed reporting on the nature of the attack, where it came from, how large it was and how frequently it occurred so that they are better able to analyze and protect assets in the future.

An Ounce of Prevention…

Overall, it is important to identify solutions that protect data from the various types of DDoS attacks: volumetric, application layer and protocol attacks. Compare the pricing of various solutions as well, since price is a key differentiator in this category.

In the past, many gaming companies and hosting providers didn’t think about adding a DDoS protection layer until after the fact. The reality is that these attacks are growing in number and frequency. It is evident that the financial loss and damage to brand reputation can be significant, while the possible exfiltration of sensitive data and the cost in man-hours that are required to get the system back up and running can make or break a business. Take proper precautions ahead of the “game” and look to security solutions that will provide you with the necessary tools to mitigate these losses before your organization becomed the next big security breach story.