Online video game security: How to protect sporting events
It has become customary for major sporting events to be the target of distributed denial of service (DDoS) attacks.
With the sole aim of saturating request equipment in order to render it out of service, it is not uncommon to see DDoS attacks launched during these events persistently or repeatedly. Attacks affecting a multitude of services: from ticket sales to live streaming, including official event and sponsor websites, and even the stadium refreshment bar.
Faced with this resurgence, several questions arise: which sporting events were most affected? What are the different modes of operation that cybercriminals use to launch this type of attack? What solutions exist to protect against these threats? Decryption.
Sporting events are priority targets for cybercriminals
Whether it is to harm the image of the organizing country, economically impact the event or even alter the viewer experience, a DDoS attack, if successful, can instantly paralyze an infrastructure.
If launching such an attack previously required skill, this is no longer the case today. Thanks to the emergence of DDoS-as-a-service (DaaS) platforms, cybercriminals can rent a network of botnets to launch cyberattacks. Ease of use which has contributed to its wide adoption by many cybercriminal groups.
This trend was observed by experts from the Imperva company from 2021 during Euro Football. With botnet attacks up 96% compared to the month before the competition, experts also found that the volume of attempts to access online punter accounts with stolen credentials had tripled compared to normal.
In addition to the events themselves, sports betting sites are also targeted. In June 2022, as the Wimbledon tennis tournament began, denial of service attacks increased, affecting 10% of them. The interest of cybercriminals? Increase downtime with the aim of extortion or even cause a loss of user confidence. It is also not uncommon to see this last strategy being sponsored directly by competing sports betting sites in a market with little or no regulation.
But if there is one place where the effect of a DDos attack is spectacular, it is on TV and this is what Polish viewers unfortunately experienced during the UEFA football championship Euro 2024. A DDoS attack targeting Polish public television, TVP, disrupted the online broadcast of the opening match between Poland and the Netherlands. Although the origin of the attack remains uncertain, there is suspicion of the possible involvement of Russian hackers. Despite these difficulties, the Polish authorities quickly brought the situation under control, allowing the match to go ahead as planned.
DDoS-as-a-service: platforms for sending denial of service campaigns available for rental
With the development and collaboration of cybercriminal groups, the difficulty of launching DDoS attacks has drastically reduced. According to a study by cybersecurity publisher Kaspersky, analysts identified, during the first half of 2023, more than 700 announcements of services allowing the launch of DDoS attacks on various dark web forums.
Platforms make it possible to bring international companies to their knees from $20 per day if they do not use protection services. Sophisticated, these platforms offer several operating modes:
1. Volumetric attacks
They aim to saturate the victim's bandwidth by sending a large volume of traffic. The goal is to consume all available bandwidth, thereby preventing legitimate traffic from accessing the servers.
One of the most widely used involves exploiting misconfigured DNS servers to generate a disproportionate amount of traffic to the victim.
It is this same mechanism that makes it possible to saturate the official website of a sporting event or an online ticket office.
2. Attacks targeting protocols
So-called protocol attacks exploit flaws in communications protocols to exhaust the resources of network equipment such as firewalls and load balancing equipment. They mainly target layers 3 and 4 of the OSI model, disrupting the processing of network connections.
From a technical point of view, this is a method found in SYN Flood attacks, where the attacker sends numerous SYN requests to establish TCP connections, but never completes the handshake process, thereby saturating the target's resources and preventing legitimate connections.
As an example, imagine you run a small store with just one checkout. Many people enter the store, pick up a product and head to the cash register as if they are going to pay. However, once they arrive at the checkout, they put the product down and leave without saying anything. New people keep coming in and doing the same thing, which prevents real customers from checking out.
It is this type of attack that allows cybercriminals to render equipment at the edge of networks (firewalls) inoperable, blocking any connection to the outside world.
3. Attacks targeting the application layer
This type of attack targets applications, web services, or DNS servers by sending seemingly legitimate requests in large numbers to exhaust the application or server resources by exploiting a processing asymmetry linked to the very functioning of the abused protocol.
A method found in attacks using the Slowloris script, which aims to exhaust a web server's resources by keeping many HTTP connections open and incomplete.
Rather than overwhelming the network with a high volume of traffic, this program uses slow, partial HTTP requests. The attacker then sends incomplete requests and continues sending small parts at regular intervals to keep these connections open. This technique saturates the server's connections, reaching its maximum limit and preventing new legitimate connections.
Another drawback of this method is that it imitates legitimate clients, making it difficult for security systems to differentiate malicious traffic from normal traffic.
A particularly effective method of poisoning the functioning of the sporting event APIs on which many mobile applications are based.
What protection measures should you adopt against DDoS attacks?
To help professionals deal with DDoS attacks, Orange Cyberdefense offers a complete solution called DDoS Protection. Led by CyberSOC experts from Orange Cyberdefense, this offer is made up of three complementary services.
The first, Web Guardian, protects websites and applications using Akamai Kona Site Defender technology. It protects against DDoS attacks and intrusions through an application firewall (WAF) coupled with a massively distributed and highly resilient content delivery network (CDN).
The second service, Cleanpipe, protects all the IP addresses of an infrastructure connected to the Internet via the Orange operator's transit service (OpenTransit). It uses a scrubbing center to filter malicious traffic before sending it back to destination IP addresses.
The third service, Site Guardian, protects the company's site by cleaning traffic upstream of equipment and aims to contain denials of service of an application nature, including those targeting DNS servers.
Orange Cyberdefense's CyberSOC plays a central role in this process. It defines the defense strategy, detects incidents 24/7, manages remediation in constant communication with the company, and performs post-incident analyzes to continually improve protection.
A major advantage of this solution is its ability to detect attacks in advance through the identification of weak signals, allowing action to be taken before the threat materializes. The analysis and remediation time is quick, varying from 0 to 30 minutes depending on the service subscribed.
Conclusion
Cyberattacks aimed at disrupting and discrediting sporting events can have disastrous consequences on their reputations and finances. Thanks to comprehensive solutions like those offered by Orange Cyberdefense, it is possible to prevent and counter these threats before they paralyze network infrastructures.
It is also important to note that these means of protection can be imposed by regulatory bodies for online games and sports betting such as the National Games Authority.
This is why, by adopting advanced defense strategies, organizers can guarantee the security and continuity of their events, both inside the stadium and online.
With Orange Cyberdefense, you can benefit from solid protection against DDoS attacks. Ensure the security of your business today by contacting our experts.