Security
DDoS Attacks Are A Growing Threat In Gaming
The cybercriminals behind the attacks have a variety of different motives, from extorting money from gaming companies to causing reputation damage to preventing competing players from winning out of competitiveness.
Imagine you’re about to get a Victory Royale in Fortnite, score a deciding goal in FIFA, or defuse the bomb in Counter-Strike when suddenly a message appears on your screen, informing you that you’ve been disconnected.
Wasting no time, you load the game again and discover that a connection can’t be established. Why? Because either you or the game’s servers are under a Distributed Denial of Service (DDoS) attack.
Such attacks are a growing threat in gaming, and we at Tech Magazine had the opportunity to discuss them with Emad Fahmy, Systems Engineering Manager Middle East at NETSCOUT. Here’s what we learned.
What Are DDoS Attacks In Gaming?
DDoS attacks are a type of cybercrime that makes resources unavailable by overloading the network across which they are transmitted with malicious requests. DDoS attacks first appeared in 2010 amid the rise of “hacktivism,” but they have evolved significantly since then, as observed in the NETSCOUT Threat Intelligence Report H2 2021.
Emad Fahmy, Systems Engineering Manager Middle East @ NETSCOUT
”In gaming, DDoS attacks might be directed at a single user or an entire organization,” explains Fahmy. “While an attack on a single user only affects them by slowing down their gaming experience, an attack on an organization can have a greater impact on the game’s entire user base, resulting in a group of disgruntled players who no longer have access to the game or have had their experience significantly slowed.”
The cybercriminals behind the attacks have a variety of different motives, from extorting money from gaming companies to causing reputation damage to preventing competing players from winning out of competitiveness.
Anyone Can Launch A DDoS Attack
To successfully launch a DDoS attack against a game or its players, attackers need to send so many malicious requests at the same time that the victim can’t possibly answer them all without becoming overloaded.
These requests are typically sent by bots, hacked devices (computers, routers, IoT appliances, and so on) that do what attackers tell them to do. Even a relatively small network of bots, or botnet for short, can be used to launch a massive DDoS attack.
These days, attackers don’t even have to hack vulnerable devices to obtain the DDoS firepower they need to take a target down. They can simply take advantage of DDoS-for-Hire services, which provide DDoS attacks ranging from no cost to greater than $6,500 for terabit-class attacks, according to the NETSCOUT report.
“DDoS-for-Hire services have made attacks easier to launch. We examined 19 DDoS-for-Hire services and their capabilities that eliminate the technical requirements and cost of launching massive DDoS attacks. When combined, they offer more than 200 different attack types,” says Fahmy.
Preventing DDoS Gaming Attacks
In 2021 alone, NETSCOUT recorded 9.7 million DDoS attacks, an increase of 14 percent compared with 2019. To reverse this gloomy trend, both gaming companies and gamers themselves need to take it seriously and adopt specific measures to protect themselves.
“Relying on firewalls and intrusion detection systems is no longer sufficient. This is because DDoS attacks can now manipulate or destroy them. Despite advances in cloud-based detection, the company’s Internet Service Provider (or Managed Security Service Provider) may still struggle to identify threats that wait in the shadows until it is too late,” explains Fahmy. “As a result, an on-premises DDoS risk management solution is critical,” he adds.
Individual gamers, especially eSports players and streamers, can make it harder for cybercriminals to aim DDoS attacks at them using a virtual private network (VPN) service like ExpressVPN, CyberGhost, or NordVPN. Such services channel users’ traffic through their servers, hiding its real origin in the process.
In addition to hiding their IP addresses, gamers should also adhere to cybersecurity best practices. Examples include timely installation of software updates and exercising caution when browsing the web, chatting online, or reading emails.
Conclusion
DDoS, or Distributed Denial of Service attacks, represent a serious threat to the gaming industry because they can compromise the gaming experience and expose developers to the risk of brand damage and potential extortion. DDoS attacks have evolved and become far more sophisticated in recent years. Fortunately, the same can be said about on-premises DDoS risk management solutions that gaming companies use to protect themselves.
Security
Be Cautious Of Malicious Apps Even On Trusted App Stores
Most people trust official app stores like Google Play and the App Store for safety — but even these trusted platforms can host malicious apps. Learn why caution is still essential when downloading mobile software.
Most mobile users know to stick to official app stores to download software — and for good reason. Even though legitimate third-party stores exist, the average user can find everything they need on a first-party platform like the Google Play Store or Apple’s App Store. And while Android — unlike apple — does allow sideloading (downloading installation packages directly off the web) even for regular users, this is usually practiced by people who know what they’re doing and are familiar with the risks.
When publishing an app on the Play Store or App Store, a developer has to pass a robust set of vetting processes, both for themselves and their applications. This vetting process involves both automated and manual testing, making these platforms far safer than third-party app stores and other means of installing software. That being said, users are recommended not to blindly trust even these first-party platforms, as there have been several cases where malicious apps slipped through the cracks in the vetting process. And while both Google and Apple are quick to respond when they detect malicious apps on their stores, the very fact that these malicious apps make it onto these platforms is proof that even their strict vetting processes are not foolproof.
How Do These Apps Make It Onto These Platforms?
No verification system is ever completely airtight, especially when you’re dealing with something as complex as app store vetting. For a malicious actor who knows what they’re doing, slipping past automated checks isn’t particularly difficult. In a lot of cases, it boils down to satisfying a specific list of requirements.
The harder part is clearing a manual review, since that involves human judgment. But even that isn’t impossible. A common tactic is to first publish a legitimate, fully functional app for the specific purpose of passing inspection. Once it’s live and has built some credibility, the app quietly receives an update containing malicious code. This is known as versioning. In other cases, the initial version remains harmless but downloads and executes malicious payloads after installation, either after a specific amount of time or due to certain conditions (like account creation or granting certain permissions) being met. That’s what happened with the Anatsa trojan — a campaign that used innocent-looking document viewer apps to deliver banking malware. Once installed, these apps fetched encrypted malicious code from remote servers, giving attackers access to users’ financial data and even access to their accounts.
It also doesn’t help that human reviewers are under constant pressure. With thousands of apps being submitted daily, there’s only so much attention they can give to each one. And then there’s also the fact that verified developer accounts can be hijacked or sold, allowing attackers to publish apps under legitimate names. Not to mention the cases where malicious software which mimics legitimate and trusted apps also end up being published on these stores. Between automated systems, human fatigue, and social engineering, the cracks in the process are wide enough for malicious apps to slip through.
Knowledge Really Is Power
Just because an application has made it to a first-party app store doesn’t automatically make it a legitimate or safe-to-use app. Like we’ve already discussed, as rigorous as the vetting process is, it’s still possible for malicious apps to end up being published on these platforms. As with any cyberthreat, awareness and good judgment are your strongest defenses. Sticking to well-known apps and developers, keeping your software up to date, and reading reviews (not just on the store) are actions you can take to ensure you don’t end up falling victim to a trojan application that has snuck its way onto the Play Store or App Store.
Saudi Digital Payments Reach 80% As Cash Use Shrinks
Samsung Confirms Galaxy S26 Privacy Display Mode
Lebanon Officially Licenses Starlink Internet
SIRBAI Unveils Autonomous Drone Swarm Technology At UMEX
iPhone 18 Pro Leak Hints At Under-Screen Face ID
Clicks Bets On Physical Keyboards With CES 2026 Launch
Belkin Launches Wireless HDMI Adapter With 131-Foot Range
Deliverect Rolls Out Self-Order Kiosks Across MENA
Emirates Post Issues Stamp Set Celebrating AI In UAE Schools
