Here’s a holiday tradition to file under “Christmas, bah humbug!” Holiday DDoS attacks. The days and weeks before the Christmas holiday are when hackers historically target gaming providers and e-commerce sites with DDoS attacks.
A dubious tradition of mayhem and greed
In recent holiday seasons, hackers have made it a habit of bringing down popular gaming sites. Infamous hacking groups launched attacks to ruin the Christmas holidays for millions of gamers. They flooded gaming servers and networks with so much fake traffic that there was little joy to the gaming world.
Video gaming networks such as Xbox Live, PlayStation, Steam, and Electronic Arts Online were stricken. Attacks on these systems peak on Christmas and New Year Day, high-traffic days for gamers. The motive for these attacks is usually the pleasure of ruining gamers’ holiday experience. When asked why they do it, hackers give the bogus reply that they are encouraging gamers to spend more face time with their families.
Holiday attacks and a recent turnaround
The holiday distributed denial of service (DDoS) hacking tradition started in 2013 and continued for several years after that. Here’s the timeline:
- December 2013. Derptrolling (aka Austin Thompson) used Twitter to coordinate a massive DDoS attack on high-traffic websites such as Steam, PlayStation Network, and EA Online. The attacks took down game servers around the world for several hours at a time.
- Christmas Day 2014. The Lizard Squad, a black hat hacking group, took credit for a DDoS attack on the PlayStation Network and Xbox Live. In a bizarre turn of events, the squad claimed that the attacks were a publicity stunt. They were marketing their then-new DDoS-for-hire service. (For a fee, this service enables internet users with little or no programming chops to launch DDoS attacks.)
- December 2015. The Phantom Squad hacker group launched powerful DDoS attacks on PlayStation Network, Xbox Live, and Steam Store websites throughout the month. During the Steam Store Christmas Day attack, traffic increased by 2000% over average levels.
- December 2016 and 2017.I.U. Star Patrol and several lone hackers had a bit of holiday “fun” in 2016 and 2017. However, these attacks were less powerful and flamboyant than those in previous years.
- December 2018. There were no noteworthy Christmas attacks on gaming networks. Earlier in the month, the Lizard Squad warned the world that they would take down the PlayStation Network site. However, on December 21st, the FBI and federal agents from the United States and European Union countries took down the squad’s website and arrested the site’s admins. This move was part of an international bust of 15 DDoS attack-for-hire sites. The promised attack never happened.
DDoS attacks on e-commerce sites
Hackers with a love of mayhem weren’t the only bad guys prowling the Internet this Christmas season. E-commerce merchants reported that the number and volume of cyberattacks soared on high-traffic days during the 2018 holiday shopping season. Compared to average DDoS frequencies, attacks increased by more than 70 percent on Black Friday and by 109 percent on Cyber Monday. Reports indicate that some of these attacks measured more than 100 Gbps in bandwidth. Usually, attack volumes approaching 6 Gbps far exceed the capacity of most websites to mitigate on their own.
Often, DDoS exploits on e-commerce sites are low-threshold attacks that don’t bring down a website. However, they can have a massive effect on the user experience and ultimately, customer loyalty. Successful online commerce sites are responsive and always on. Frustrated customers will quickly leave a slow site and find another, more appealing shopping experience. Also, low-level DDoS attacks can be a smokescreen that hides an attempt to steal sensitive data such as customer information and credit card data.
Getting ready for next year’s attacks
The brag and bluster of Christmastime attacks on gaming sites seem to have paused, at least for now. DDoS exploits on e-commerce sites continue unabated, however. So, the harm done to the revenue and customer loyalty of target companies continues, too.
But, there’s no need to wait for disaster to strike. You can get the jump on hackers by engaging DDoS mitigation services. Advanced DDoS attack protection services that help you strengthen your IT assets and infrastructure against DDoS attacks are available commercially. Solutions that use a multi-layer approach provide the most effective protection against hackers. These solutions provide:
- Website protection. Especially when used as an always-on service, website protection should mitigate any DDoS attack targeting your websites and web applications. Rapid mitigation is best. Stopping attacks in 10 seconds or less is the current performance standard.
- Infrastructure protection. You can protect your web assets and underlying server infrastructure by using services with very high-volume scrubbing capacity and high-capacity packet processing capabilities.
- Name server protection. This service protects DNS servers against network and application layer assaults and ensures that your application and network infrastructure are protected against all denial of service assaults.
DDoS exploits aren’t a seasonal phenomenon, so it pays to start now and review website, network, and server capabilities to withstand attacks. If you need to improve your defenses, consider a multi-layer mitigation approach.
Kidal Delonix is a contributor to Mr. Hoffman's blog. The views and opinions are entirely his/her own and may not reflect Mr Hoffman's views.
