Following the news that the hugely popular mobile game Pokemon Go was taken offline by a DDoS attack over the weekend, various industry professionals have offered their thoughts and analysis.
Stephanie Weagle, senior director at Corero Network Security:
"The reports that Pokemon GO has suffered service disruptions and outages due to DDoS appears to have left players frustrated. The online gaming industry is highly susceptible to DDoS attacks due to the competitive nature of the games themselves, monetary gains or the notion that organised cyber crime syndicates can grab headlines with their successful attacks.
"DDoS attack tools are easily procured and at low cost allowing any creative attacker the ability to cause service disruptions at a click of a mouse.
"Traditional security infrastructure, or legacy DDoS mitigation solutions are not sufficient to handle the flood of DDoS attacks, especially since attackers have become more savvy in their techniques; launching low-level, multi-vector attacks that evade scrubbing solutions. In-line, automated DDoS mitigation is the only effective defense in the world of online gaming."
Stephen Gates, chief intelligence research analyst at NSFOCUS:
"Organisations that provide this type of online gaming experience must expect to come under the crosshairs of DDoS attackers. A comprehensive plan to defeat DDoS attacks should be implemented before going live! Hybrid cloud and on-premises defenscs can easily defeat these attacks.
"In the world of online gaming, the motivations for DDoS attacks come in several flavours. Notoriety is always at the top of the list. DDoS for ransom is a likely second. However, most don’t expect an attack motivated by competitive advantage. If everyone is playing Pokémon, do other gaming providers suffer?
"Online gaming providers must understand that “availability” is the foundation of the online gaming experience. Take away availability, and so much for the experience."
Paul Heywood, MD EMEA, Dyn:
“Since the launch of Pokémon Go, it’s all people can seem to talk about. But perhaps following this weekend, conversations haven’t been all that positive, as players found themselves unable to log in to the game as the result of a suspected DDoS attack. As we can see, DDoS attacks are not only frustrating for eager Pokémon hunters to deal with, but they can have very real, detrimental consequences for businesses such damaged brand reputation. In today’s digital-first world, such incidents must be eliminated - so what can we learn from this attack to avoid a similar scenario in the future?
“It starts with being prepared and aware. By using tools that allow you to know and understand your company’s network’s normal behaviour, IT teams can be made aware of any abnormal incidents such as DDoS attacks, enabling them to make any necessary remedial actions quickly. Some tools in the market can even pre-emptively understand when a DDoS attack may be about to occur using modelling from past DDoS attacks and alerting companies of the risk.
"Secondly, outsourcing to an internet performance management company with traffic monitoring, failover and rerouting capabilities can ensure users are directed to other hosts that aren’t down to ensure gamers can carry on gaming."
Image source: Zanariah Salam / Shutterstock.com