Ashley Stephenson, CEO of Corero Network Security said, “The Distributed Denial of Service (DDoS) attack against Battlefield 3 is yet another in a long line of attacks aimed at disrupting gamers. The attack conforms with what our clients in the gaming industry have experienced, persistent and over several days. In this case it has impacted Battlefield 3’s back-end servers and prevented players from accessing multiplayer features in the game.
So far it appears, according to EA that the attack was aimed at knocking the multiplayer servers offline and not as a diversion to pilfer data. The attack, however, has dealt a blow to EA, forcing it to cancel their planned “double XP weekend”. Whether it was timed to coincide with this event is unclear, and neither according to EA are the motives, but we have seen an uptick in what appears to be competitors trying to disrupt their competition as well as attackers carrying out attacks just for fun, or “lulz”. Another motive our clients in gaming and across other sectors continue to experience is cyber extortion. Malicious users specifically threaten gaming and other sites, demanding to be paid a ransom or be the victim of a Distributed Denial of Service attack. More often than not these blackmail threats go unreported as some companies opt to pay the ransom rather than go public with the attack in the hope that this will satisfy the hackers, though this is rarely the case and may lead to the site continually being targeted.
EA and DICE are to their credit dealing well with the situation and have kept their users informed, which is a key step in repairing any reputational damage that DDoS attacks can cause. With the growing power and sophistication of DDoS and other attacks aimed at disrupting access, coupled with the relative ease of execution – an attacker can for meagre sums hire botnets -- every organisation no matter how large or small can easily become a victim. With that in mind, new ways of protecting against these types of attacks are needed. EA and DICE noted that they already had, as do most companies with which we engage, security technologies in place but this yet again shows how traditional security technologies, such as firewalls, are unable to defend against these types of attacks at the perimeter. A new First Line of Defence at the edge is needed to protect against DDoS attacks and other unwanted traffic at the perimeter in order to allow traditional security technologies to function as they were intended and ensure availability.”