If your house were repeatedly burglarized, you would probably get a security system. If someone kept eating your lunch out of the work fridge, you would probably store it somewhere else. If a bird pooped on your head every morning, you would probably get a big ol’ hat. As the saying goes, forewarned is forearmed.
So why is it that the industries most targeted by DDoS attacks stay the most targeted by DDoS attacks? Why are we constantly hearing about gaming platforms going down? Or cryptocurrency exchanges? They know the attacks are coming so why don’t they get the cybersecurity version of a big ol’ hat?
As it goes with so many aspects of DDoS attacks, it just isn’t that simple.
Topping The Charts
Each quarter DDoS attack protection provider Imperva Incapsula publishes a report on the DDoS landscape. While the report from Q4 2017 may have showcased many insights and points of interest, there was one section that didn’t hold many surprises: the most targeted industries. Online gaming and cryptocurrency found themselves featured in the top five along with other constant targets like internet providers and IT and software. The last time the most targeted industries had a real shake-up was, well, when cryptocurrency cracked the top 10 in Q3 2017.
Online gaming and cryptocurrency have more in common than the big fat distributed denial of service bullseyes on their backs, and it’s those shared similarities that are largely responsible for the bullseye in the first place. To start with, these are both highly competitive industries with users who are invested in their use of the industry’s online services, both emotionally and financially in many cases. A downtime-causing DDoS attack is attractive to many bad actors as attacks in these industries tend to garner a lot of attention on social media as well as in the mainstream media, causing reputational damage as well as giving attackers an underhanded source of entertainment.
However, what motivates attackers to target these industries is one thing, and what enables these attacks to succeed is another. Unfortunately for gaming and cryptocurrency exchanges, they’ve got that in common as well.
The Central Issue
Gamers and cryptocurrency traders are all over the world keeping all hours. Thus, both online gaming platforms and cryptocurrency exchanges need to always be available. Constant uptime. The very nature of these industries means the platforms within them represent a centralized target, or what’s known as a single point of failure. This is what allows narrow attacks to cause big outages.
These narrow attacks are also helped along by the nature of the legitimate traffic in these industries. Both online gaming and cryptocurrency are hugely susceptible to natural traffic influxes caused by the release of a new game, for example, or the initial coin offering of a new cryptocurrency. With so many legitimate users crowding the platforms to get in on the action, it doesn’t take much for a criminal to tip an already strained server over the edge with a little extra malicious traffic.
Further, to disrupt both online gaming and cryptocurrency services, outright downtime isn’t necessary. Attackers simply must degrade performance to the point that gamers can’t play because of the lag and traders can’t make trades at the exact exchange rates they want. The bar for a successful DDoS attack is much lower than it would be for, say, basic online banking where users can wait a few extra seconds to see an account balance or pay a bill.
Finding A Solution
Getting DDoS protection for these industries isn’t as simple as it is for many other industries. The folks in charge of an exchange or a popular online gaming platform can’t simply type ‘cloud-based DDoS protection’ into Google and go from there. With the high number of attacks aimed their way and the impressive success rate, it takes more than that.
Online gaming and cryptocurrency platforms ultimately need leading cloud-based DDoS protection that considers the specific challenges faced by these industries. Mitigation for these industries requires granular traffic analysis and deep packet inspection when necessary to easily tell attack traffic from legitimate traffic, coupled with impressive processing power that can handle the analysis of massive amounts of traffic – this is especially important as so many attacks are timed to coincide with natural traffic spikes, and because even the slightest lag can disrupt service.
Mitigation services also need to have always-on deployment, real-time information exchange that enables immediate scrubbing directives, and enough strategically located scrubbing servers to effortlessly eliminate traffic from even the beefiest network layer attack. Lastly, to keep anyone from ever suspecting an attack attempt (and for keeping those suspicions off social media) the time to mitigation has to be a guaranteed 10 seconds or less. It’s not exactly a big ol’ hat, but it is what these industries need.