A Year in Review: The Top Ten Cyber Attacks of 2016 in The Gaming Industry

pokemon-1575834_960_720

Political parties and figures, international banks, and big hosting corporations were not the only ones subject to cyber attacks this past year. Hackers also set their eyes on the gaming and entertainment industry by carrying out massive attacks year-round. In fact, a security report by Akamai revealed that more than half of the DDoS attacks during the first quarter were targeted at gaming companies. And when it comes to cyberattacks in the gaming industry, DDoS attacks are a popular choice among hackers. This is not all too surprising since DDoS attacks aim to overwhelm servers and disrupt services for a limited or indefinite time by preventing legitimate traffic requests from being fulfilled.

For gamers, the disruption caused by DDoS attacks directly touches upon the emotional aspect of online gaming, greatly affecting the user experience who depend on connectivity at all times. Cyber attacks against other industries typically translate into immediate financial loss and identity or data theft. In fact, it’s been reported that for one-third of companies, an hour of downtime (caused by a DDoS attack for example) can cost up to $20,000.

This is not to say that gaming and entertainment companies aren’t losing money. In reality, these gaming companies are losing just as much financially, but it is the emotional blow caused by cyber-attacks that attract hacktivists and trolls who take advantage of this weakness in the gaming world. Here is a look back at the top ten cyber-attacks targeting gaming networks, consoles, and online games in the year 2016 and the suspected motives behind them:

1. Sony’s PlayStation
With the holiday spirit still in the air, many were not expecting to have issues with their new PlayStation in January. Owners of the popular game console were wildly disappointed as PSN’s online gaming services went offline worldwide for most of the day on January 5. The hacking group Phantom Squad claimed responsibility for disturbing services through a DDoS attack, announcing via Twitter that they were “back for more action” after threatening to knock off services over Christmas.

Update: Phantom Squad struck again during the holiday season in the last month of the year by targeting PSN once again. Gamers in the United Kingdom were especially affected by this incident as DDoS attacks caused three severs to fail and caused games like NBA 2K17, EA’s Battlefield 1, and GTA V to experience login difficulties. There were also reports of hacked accounts.
Suspected attacker: Phantom Squad
Motive: Unclear

2. Microsoft’s Xbox Live
As an online multiplayer gaming and digital media delivery service, Xbox Live users cannot afford to experience downtime issues. Unfortunately, on February 22, users in North America, Europe, Australia, South Africa faced difficulties logging into and playing their online games due to a DDoS attack. The attack made it impossible for users to engage in multiplayer games and buy new content, among other things.
Suspected attacker: New World Hackers
Motive: Hacktivism – Demand better cybersecurity

3. Digital Extremes’ Warframe
Warframe, a popular free-to-play title, became a target of several DDoS attacks, subjecting users to connectivity issues and leaving Digital Extremes to battle with sustained attacks between March 12 and 14. Because the game features time-sensitive items, many players expressed concerns via online forums and social media when Warframe went offline. Regrettably, connectivity issues continued to persist for several days. The company handled the situation well, however, by keeping their users in the loop with updates and even adding a DDoS safeguard feature to their current security platform to protect against future attacks.
Suspected attacker: Unknown
Motive: Unclear

4. Blizzard Entertainment’s Website Battle.net
Blizzard Entertainment is a popular publisher for many high ranking and well-designed games, including its Warcraft, Diablo, and StarCraft series. Sadly, fans of these games were in for a surprise on April 14 when Blizzard Entertainment suffered an outage due to massive DDoS attacks. Users were not able to login or access any of their games online for several hours. As the attacks were being carried out, the infamous Lizard Squad took to their Twitter and Battle.net forums to claim official responsibility for the attack.
Suspected attacker: Lizard Squad
Motive: Unclear

5. Pokémon Go
Undoubtedly one of the most talked-about games this past year, the growing hype surrounding Pokémon Go made it a prime target for cyber attacks. The hacking group PoodleCorp claimed responsibility for taking down Pokémon Go’s servers with a DDoS attack on July 16. A few days later, the game became went offline once again and was unavailable for much of the weekend due to an attack by another hacking group, OurMine. Unlike PoodleCorp’s attack whose motive was unclear, OurMine claimed responsibility for the game’s outage in an effort to get the attention of the developers of Pokémon Go, encouraging them to make the app more stable.
Suspected attacker: OurMine
Motive: Hacktivism – Raise awareness to prevent future cyber attacks

6. Minecraft
Games aren’t just getting knocked offline by DDoS attacks; data breaches are also common in the gaming industry. The hacking group OurMine, famous for breaking into the social media accounts of high-profile executives like Facebook and Google, hacked into Minecraft accounts by targeting the user login page, specifically those users who rely on the PC and Mac versions rather than mobile versions of the game. OurMine exposed vulnerabilities associated with Internet cookies and how hackers can take advantage of this flaw.
Suspected attacker: OurMine
Motive: Hacktivism – Raise awareness about today’s cybersecurity problems

7. Grand Theft Auto
While popular, forums can also be the target of cyberattacks. A popular Grand Theft Auto fansite known as GTAGaming was hacked on August 25, compromising sensitive information of approximately 200,000 users. The admin of the site remedied this data breach by prompting users to change their password upon login.
Suspected attacker: Unknown
Motive: Unclear

8. Blizzard Entertainment
The month of August was not a good one for the entertainment company as it suffered from two separate DDoS attacks on August 2 and another on August 23rd. Blizzard Entertainment announced via its official Twitter account that they were under a DDoS attack and that games such as Overwatch and World of Warcraft were unavailable for play. While Lizard Squad claimed responsibility for Blizzard’s attack in April, no individual or hacking group stepped up to claim responsibility for the August attacks.
Suspected attacker: Unknown
Motive: Revenge for being banned due to cheating

9. The notorious Mirai botnet attack against Dyn
The DDoS attack against Dyn, a major DNS hosting provider, made headlines for being the largest of its kind. The attack caused major Internet disruptions across the U.S. and Europe, capping at an incredible strength of 1.2 Tbps according to some reports. Known as the Mirai botnet, this newly discovered cyber “weapon” utilizes IoT devices including cameras and DVR players. While this massive DDoS attack wasn’t targeting specific websites or online gaming sites, video and game systems like RuneScape, PlayStation, and Xbox Live were affected. In fact, in an ironic twist, Forbes reported that the attack was accredited to a single angry gamer who was unsatisfied with Sony’s PlayStation Network.
Suspected attacker: Unknown
Motive: Unclear

10. Blizzard Entertainment – once again!
Blizzard Entertainment deserves another stop on our list for being the target of even more DDoS attacks during the last months of the year. It seems Blizzard cannot catch a break as their servers were attacked on September 19 and between December 5 and 7. This makes it the fourth and fifth attacks after hackers launched multiple DDoS attacks in April and in August. Blizzard’s servers went down for several hours during the September attack but the outage lasted 12 hours on December 5, causing major connectivity and technical issues.
Suspected attacker: PoodleCorp and Phantom Squad
Motive: Unclear

Final thoughts

With the new year quickly approaching, cyber-attacks are expected to evolve and rise in frequency, meaning no industry is safe. But it is the gaming industry that will likely continue to be a repeated target of cyber attacks, for hackers’ motivations behind the cyberattacks strayed away from seeking traditional financial or political gains and instead leaned more toward pure hacktivism and internet “trolling,” which may be a stronger motivator.

Compared to other big industries like healthcare and finance, cyber attacks warrant an emotional and social impact on users who are invested heavily in gaming. They simply cannot afford to experience downtime or errors due to the nature of online gaming, oftentimes constrained to time-sensitive environments, placing an invaluable price on the lost connections. In this way, cyberattacks against the gaming industry are amplified in a rather emotional way that hurts gamers, attracting hackers who hack for the “lolz.”

What are your thoughts? Can we expect to see more action from hacktivists and “trolls” in the gaming industry in the new year?