DDoS Actors are Hitting Multiplayer Games Hard and With New Methods

Last updated September 19, 2019
Written by:
Bill Toulas
Bill Toulas
Cybersecurity Journalist

DDoS (Distributed Denial of Service) attacks have grown into an unmanageable problem for gaming companies right now, as all mitigations and precautions that are in place seem to be unable to stop the actors from being successful. This is a huge problem for game developers, as their multiplayer servers are getting overwhelmed and the gaming experience that their customers enjoy gets heavily undermined. This is not a new form of attack, but the methods, scale, impact, and persistence have all reached unprecedented levels.

Akamai published a report yesterday, where they detail a newly observed type of DDoS attack which they call “WSD” (WS-Discovery). This new form of attack is mainly targeting the gaming industry, and it can reach 35/Gbps at peak bandwidth. As the researchers point out, the packet sizes can be amplified by up to 15300%, so the attacks can get entirely unmanageable. We saw something along those lines hitting Wikipedia ten days ago, which we perceived as a large-scale test. A few days before that, came a disruption for “World of Warcraft Classic” which was impacted by a DDoS attack shortly after it got launched. Blizzard was criticized for not doing all they could against DDoS actors, so they have started using Cloudflare since then.

However, and as the situation remains problematic in the industry, one of its biggest players decided that they’ve had enough. Ubisoft has announced that they plan to send cease & desist letters to operators of DDoS-for-hire platforms. Such platforms were previously targeted by the FBI and the Europol, but apparently, there are still quite a few of them in an operational state. Ubisoft has had trouble in keeping their “Rainbow Six Siege” game servers to perform as they should, resulting in unfair match outcomes and general degradation of the gaming experience.

However, the letters that Ubisoft plans to send are unlikely to have any effect whatsoever. For once, DDoS-for-hire services are already operating in a shady area, so they’re not exactly legal entities who have a department which receives official complaints and deals with such matters. Secondly, these platforms are making money by offering these services, and simply put, they prefer to keep things as they are instead of denying their aspiring customers to DDoS whatever they like. For this reason, Ubisoft has additional undisclosed plans to tackle the problem, and they’re working with the Microsoft Azure team on that.

Have something to say on the above? Let us know of your comments in the section down below, or on our socials, on Facebook and Twitter.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: