Protect local e-sports before it's game over

Issued by icomm for Arbor Networks
Johannesburg, 12 Aug 2016

At the start of this year, South Africa announced its first R1 million prize money in an e-sports tournament, the Telkom DGL Masters tournament.

E-sports, or electronic sports, is competitive gaming via electronic systems. It's a growing industry in South Africa, with local e-sports companies on the rise. Johann Von Backstr"om, from the Digital Gaming League (DGL) Management Company, noted during the aforementioned tournament's launch: "Gaming has seen phenomenal growth over the past few years as players become ever more engaged. We already have more than four million gamers in South Africa. By professionalising the sport and developing new players, we can look forward to seeing more local talent compete on the same footing as international teams."

Its growing popularity and resulting profitability has, however, also made e-sports a prime target for volumetric distributed denial of service (DDOS) attacks and, as the industry grows, so will the attacks, says Bryan Hamman, territory manager for sub-Saharan Africa at Arbor Networks.

According to market research firm, Newzoo, 205 million people watched or played e-sports in 2014, and ESPN.com stated in January 2016: "If the e-sports nation were actually a nation, it would be the fifth largest in the world." In Newzoo's latest quarterly update of its Global Games Market Report, the research firm found gamers worldwide will generate a total of USD99.6 billion in revenues in 2016, up 8.5% compared to 2015. Today, in response to its growing popularity, ESPN has a Web site completely devoted to e-sports.

"DDOS attacks are a serious threat for all businesses, and due to the mainly virtual network infrastructure that e-sports and sport betting sites rely on - they are no exception," continues marketing insight analyst at Arbor Networks, Jamal Bethea. "A volumetric attack can leave some of the more sophisticated security systems down and vulnerable to further attacks. The LizardStresser (a type of botnet) is a DDOS attack that targets IOT devices, including gaming devices/consoles. By gaining access to random IPs and using user credentials, the client program can compromise the targeted user and flood their network. Some recent attacks against gaming sites have been as large as 400Gbps."

He explains that what looks to be an exotic attack of a comprehensive network can easily and often be triggered with something as simple as a user's IP address. "This can be extremely frustrating for those gamers who spend countless minutes and hours performing factory resets or moving to different locations in an attempt to fix the issue. It's not that easy of a fix. Individuals and teams of gamers can be targeted with the intent to disqualify them for not having enough members for a fair match. It's never an isolated incident and if the threat is not properly addressed, further attacks should be expected," Bethea points out.

E-sports competitions are typically played from a user's home, which means they are at the will of a firewall and whichever IPS devices the affiliated service provider or e-sports provider has installed. Unfortunately, that's not a real solution. IPS devices and firewalls are excellent solutions for network integrity and confidentiality, but to truly protect against botnet attacks, e-sports providers need to adopt a solution that can fully protect against volumetric attacks and provide visibility into how the attack is happening, when it is happening, and where the attack is originating from. The key is to have true hybrid protection - on-premises and cloud-based - and industry best practice for the most comprehensive protection from the modern-day DDOS attack.

Hamman recommends southern African gaming companies deploy an on-premises, purpose-built DDOS protection solution, such as Arbor APS, at the network perimeter, which can disrupt botnet communications and detects and blocks application-layer DDOS attacks, including those specifically designed to compromise stateful inline tools like firewalls, IPS devices and load balancers.

And, in the event that the on-premises Arbor APS device detects a large DDOS attack that will overwhelm the local Internet connection, it can automatically contact the upstream/in-cloud MSSP and reroute the attack traffic to their scrubbing centre via a powerful feature called Cloud Signaling. This stops the attack before it happens, and provides the intelligence needed to plan for the next attack.

"Let's all take some time to address the seriousness of this threat before its game over!" exclaims Bethea.

For more information about Arbor in Africa, please contact Bryan Hamman at bhamman@arbor.net.

Arbor Networks

Arbor Networks, the security division of NETSCOUT, helps secure the world's largest enterprise and service provider networks from DDOS attacks and advanced threats. Arbor is the world's leading provider of DDOS protection in the enterprise, carrier and mobile market segments, according to Infonetics Research. Arbor's advanced threat solutions deliver complete network visibility through a combination of packet capture and NetFlow technology, enabling the rapid detection and mitigation of malware and malicious insiders. Arbor also delivers market-leading analytics for dynamic incident response, historical analysis, visualisation and forensics. Arbor strives to be a "force multiplier", making network and security teams the experts. Its goal is to provide a richer picture into networks and more security context so customers can solve problems faster and reduce the risks to their business.

To learn more about Arbor products and services, please follow the company on Twitter @ArborNetworks. Arbor's research, analysis and insight, together with data from the ATLAS global threat intelligence system, can be found at the ATLAS Threat Portal.

Editorial contacts