Ubisoft, the £1.5 billion (by 2017-2018 sales) French gaming giant, saw the launch of one of its much-hyped premier titles disrupted by distributed denial of service (DDoS) attacks over the weekend, the company admitted.
The attacks come as a report by NETSCOUT Arbor found online gaming to be the number one motivation for DDoS attacks, following by criminals “wanting to demonstrate attack capabilities”, and extortion.
Hello everyone. We’re experiencing a series of DDoS attacks, which may impact latency or connections to our games. Stay tuned for the latest here: https://t.co/t1g2ObIvvl
— Ubisoft Support (@UbisoftSupport) October 5, 2018
The launch of Assassin’s Creed: Odyssey came as Ubisoft reported €1,732 in sales for 2017-2018, and earlier this year completed a bond issue totaling €500 million. The five-year bond with an annual coupon of 1.28 percent was four times oversubscribed.
In the same annual report, the company emphasised the extent to which a poor launch can damage financial performance, but added that “the growing share of the back catalog and digital, offering higher repeat revenue and better profitability, enable it to gradually be less dependent on these new launches.”
Nobody appears to have claimed responsibility for the attacks.
See also: Protonmail DDoS Attacks: British Bomb Threat Teenager Blamed
Last week, as Computer Business Review reported, the company announced that it was teaming up with Google to offer in-browser streaming of the game, in which players can take the role of either as Kassandra or Alexios, outcast Spartan mercenaries fighting amid the Peloponnesian War.
The DDoS attacks left games lagging and users unable to buy the latest titles for several hours, as well as unable to connect to the sites for other titles.
can't conect to Ubiclub from ingame, what's wrong with your servers?
— Brother Andrej (@BriGGySmaLLzb) October 5, 2018
Computer Business Review has contacted the company – which has been the repeated victim of DDoS attacks – for comment.
Kirill Kasavchenko, principal security technologist, EMEA, NETSCOUT Arbor, said in an emailed statement: “The reasons for DDoS attacks in the gaming industry are varied – from those looking to disrupt accomplished gamers, to those simply wanting to prove their capabilities – and gaming companies know they are at risk. They also know they are at their most vulnerable around game launches, when an inaccessible service can have serious consequences on the game’s shelf-life. For this reason, gaming companies put a lot of effort into planning for an attack and implementing anti-DDoS strategies.”
See also: Hipster Hackers turning to Retro Protocols for DDoS Attacks
He added: “To prevent future launches being marred by disruption, gaming companies must understand how simple it is to launch DDoS attacks and how varied DDoS techniques can be. The right solution should consider several things. Firstly, when choosing or building a data centre, gaming companies must evaluate whether it has the capacity, connectivity and readiness to weather a DDoS attack. Then, to stand against large scale volumetric attacks, upstream service providers or cloud services can provide extra defences. Finally, an on-premise application-layer mitigation can be used to further minimise potential service issues. This hybrid approach is vital to keeping services online, despite any untoward actions by hackers.”
The attack comes after a report from Akamai revealed that there was a 16 percent increase in the number of DDoS attacks recorded since last year, with the largest DDoS attack of the year setting a new record at 1.35 Tbps.
Akamai said in its State of the Internet report: “To understand the scale of such an attack, it helps to compare it to the intercontinental undersea cables in use today. The TAT-14 cable, one of many between the US and Europe, is capable of carrying 3.2 Tbps of traffic, while the Japan-Guam-Australia cable, currently under construction, will be capable of 36 Tbps. Neither of these hugely important cables would have been completely swamped by February’s attack, but an attack of that magnitude would have made a significant impact on intercontinental traffic, if targeted correctly.”
One simple starting point to building resilience against a DDoS attack is to check your DNS Time to Live (TTL): the value determining how long a piece of data is valid.
In the DNS world, TTL limits how long your current DNS settings are cached with ISPs. This means that if your website’s TTL is set at three hours, other DNS servers won’t bother checking for a DNS update for your domain over that duration.
If you’re using an on-demand, DNS-based DDoS mitigation solution, your TTL needs to be lowered prior to experiencing a DDoS attack. A lower TTL equates to a faster reaction; this is the time it takes to get traffic routed through your DDoS solution.
There are a range of homegrown solutions, cloud-based services, and appliances deployed within the data center to help mitigate DDoS attacks.
As Ubisoft’s travails show, even those well-used to such incidents can get caught off-guard however.