DDoS Actors are Hitting Multiplayer Games Hard and With New Methods

• The gaming industry is taking massive blows from DDoS actors, losing money and customers.
• DDoS methods have gotten more sophisticated, harder to stop, and almost impossible to manage.
• Ubisoft decided that they’ve had enough, and plan a counterattack, starting with legal letters.

DDoS (Distributed Denial of Service) attacks have grown into an unmanageable problem for gaming companies right now, as all mitigations and precautions that are in place seem to be unable to stop the actors from being successful. This is a huge problem for game developers, as their multiplayer servers are getting overwhelmed and the gaming experience that their customers enjoy gets heavily undermined. This is not a new form of attack, but the methods, scale, impact, and persistence have all reached unprecedented levels.

Akamai published a report yesterday, where they detail a newly observed type of DDoS attack which they call “WSD” (WS-Discovery). This new form of attack is mainly targeting the gaming industry, and it can reach 35/Gbps at peak bandwidth. As the researchers point out, the packet sizes can be amplified by up to 15300%, so the attacks can get entirely unmanageable. We saw something along those lines hitting Wikipedia ten days ago, which we perceived as a large-scale test. A few days before that, came a disruption for “World of Warcraft Classic” which was impacted by a DDoS attack shortly after it got launched. Blizzard was criticized for not doing all they could against DDoS actors, so they have started using Cloudflare since then.

Some online services continue to be impacted by a series of DDoS attacks which are resulting in high latency and disconnections. These disruption effects have been felt by a portion of our players, impacting their gaming experience. Thank you again for your continued patience.

— Blizzard CS - The Americas (@BlizzardCS) September 7, 2019

However, and as the situation remains problematic in the industry, one of its biggest players decided that they’ve had enough. Ubisoft has announced that they plan to send cease & desist letters to operators of DDoS-for-hire platforms. Such platforms were previously targeted by the FBI and the Europol, but apparently, there are still quite a few of them in an operational state. Ubisoft has had trouble in keeping their “Rainbow Six Siege” game servers to perform as they should, resulting in unfair match outcomes and general degradation of the gaming experience.

However, the letters that Ubisoft plans to send are unlikely to have any effect whatsoever. For once, DDoS-for-hire services are already operating in a shady area, so they’re not exactly legal entities who have a department which receives official complaints and deals with such matters. Secondly, these platforms are making money by offering these services, and simply put, they prefer to keep things as they are instead of denying their aspiring customers to DDoS whatever they like. For this reason, Ubisoft has additional undisclosed plans to tackle the problem, and they’re working with the Microsoft Azure team on that.

Have something to say on the above? Let us know of your comments in the section down below, or on our socials, on Facebook and Twitter.