Block chain security consulting firm warp future said: "The game is not to go" "has been stuck in the login screen" "Caton payment and a" ...... accompanied by the sound of complaining, April 15 famous American game company Electronic Arts announced on social media that many of its games could not be logged in due to a DDoS attack. After 2 hours of emergency maintenance, the gaming giant, which had nearly $5 billion in revenue last year, allowed the server to return to normal.
The company suffered from the infamous DDoS attack in the game industry and the Internet as a whole. As an attack method with a "long history", DDoS is accompanied by the development of the Internet, leaving people with only nightmares and the infamy of "Internet thugs".
The victim is not only the game company
DDoS attacks, called Distributed Denial of Service (Distributed Denial of Service) attacks, are one of the most common network attack methods. The attacker launches an attack on the target server by manipulating multiple computers in different areas. The purpose is to force the other party's network or system resources to be exhausted and to suspend the service, making normal users inaccessible.
"To use a popular analogy, the server is like a restaurant. The attacker called 50 people to occupy all the tables but did not order food. Instead, they let the waiter serve tea and the restaurant could not operate normally," said Zhang Tongjiang, a senior software engineer. DDoS attacks often last for days or even weeks, and the damage can be imagined."
"The most direct harm of DDoS is that the victims cannot provide services to their customers." However, the victims of DDoS attacks are not just game companies.
According to statistics, in addition to game companies, government websites, corporate service websites, and even financial companies have long been the preferred targets of DDoS attacks. "During the attack, online games cannot be logged in normally, and online payments cannot even be completed. If the attack continues for many years, it will reduce the user experience and turn to other providers for services, which will affect online game companies or Internet service provision. The direct interests of the business."
According to the released "DDoS Threat Report 2019", in 2019, the situation of DDoS attacks is still severe, and the proportion of DDoS attacks in emerging hot industries such as live broadcasting and e-commerce has also increased significantly. In terms of peak attacks, since the industry discovered a peak of 1.94 Tbps in 2018, it is no longer an accident that DDoS attacks enter the TB level. At the same time, overseas attacks accounted for 15%, almost doubled from 8% in 2018.
Anti-black and gray production needs to be carried out for a long time
Compared with other attack modes, the "industrial" chain of DDoS appears more mature, which is particularly worrying. From the perspective of traditional methods, a DDoS attack requires several elements: a "broiler" (invaded personal computers and other devices), a server that controls the "broiler", and an attack target with a "reward".
Almost all of the above elements can be purchased through online channels. In 2018, Wenzhou Ouhai police cracked a cyber-criminal case in which the suspect used 20 servers to remotely control 5,000 "broilers" for mining, launching DDoS attacks, stealing data and other crimes. In 2019, Jiangsu Suining police cracked a hacking cybercrime. The suspects were involved in more than 100 DDoS attacks. The illegally invaded and controlled websites included government, enterprise, and school websites in Beijing, Hebei, Shandong and other places, totaling nearly 20 More than ten thousand. What's more, some criminals simply organize teams abroad, use social software, mobile payment software, dark web and other channels to buy "broilers" and build servers, and finally complete their attacks.
What is more worrying is that with the massive deployment of IoT terminal devices, the risk of DDoS attacks is further increased. In 2016, three hackers used IoT devices to form a "zombie army" and used DDoS attacks to paralyze Dyn's domain name management system, causing many well-known websites and public service websites such as Twitter, Netflix, and Amazon to fail to log in .
With the escalation of network attacks, various security protection measures have been released, and functions such as network security insurance and DDoS cloud protection have gradually formed an emerging market. According to a report from the China Academy of Information and Communications Technology, by 2020, the global network security premiums will reach nearly US$10 billion.
According to reports, in the face of DDoS attacks, the current mainstream defense methods on the market are divided into several types according to the attack traffic: "First is DDoS cloud protection. There are many such vendors, and they can usually resist attacks below 100Gbps, which is enough to meet the needs of small and medium users. Demand; if it is a large-scale enterprise, you need to consider self-purchasing special equipment for defense, and at the same time set up a plan to promptly seek carrier-level traffic cleaning services when the attack exceeds 100Gbps."
In recent years, with the increasing awareness of cyber security, my country's crackdown on cyber hacking has become more severe. By monitoring the activity of the DDoS botnet, it can be seen that with the attack of the public security organs, the technical indicators of the entire underground industry chain have begun to shrink, but it must be admitted that the entire anti-black and gray production work needs to be continued for a long time.
Block chain security consulting firm warp future , said: objective point of view, to prevent DDoS attacks do have some difficulties, mainly due to economic reasons. Under the current circumstances, the cost of an attacker to launch an attack is always less than the cost of a defender against attacks of the same level. Usually the cost difference will reach the order of 1:100 or even 1:10000. However, a special attack by the public security organs will effectively reduce the scale of its underground market.
In this article from the warp future (WarpFuture.com) finishing compiling security consulting firm, please indicate. Qusu Future provides related blockchain security consulting services including main chain security, exchange security, exchange wallet security, DAPP development security, and smart contract development security.