亚洲游戏行业遭遇史上最大黑客 DDoS 攻击，峰值达 3.74Tbps，微软：我给扛下来了The Asian game industry suffered the largest hacker DDoS attack in history, with a peak of 3.74Tbps, Microsoft: I gave it up. Hacker attacks are too rampant, and the game industry is in danger. The latest incident, a DDoS attack on the Minecraft online live game, caused the entire European country of Andorra to be cut off for nearly half an hour. In this country, he has only such a telecommunications company, and mobile phone users also suffer.
[The Asian game industry suffered the largest hacker DDoS attack in history, with a peak of 3.74Tbps, Microsoft: I took it down] In fact, since the second half of last year, many online games have been paralyzed by network attacks. In August, Final Fantasy XIV’s European servers were taken down by an attack, only to be restored 12 hours later. In December, Blizzard’s US servers were attacked continuously for 4 hours at night, and players of Overwatch, World of Warcraft, and Hearthstone had to play.
The domestic mobile game “Yijianxing” was blackmailed by hackers, and the service was suspended on the first day of service. The developer did not pay the hacker a “protection fee”, but refunded all players to recharge the same way, resulting in heavy losses. I even considered changing the online game that had been developed for 3 years into a stand-alone version.
During this period, the games that were targeted were Escape from Tarkov, Dead by Daylight, etc. Titanfall 1 was discontinued by publisher EA due to its inability to resist malicious attacks.
Now, Microsoft also recently disclosed that an Asian customer of the Azure cloud suffered the largest DDoS attack in history last November. This is a distributed attack, with tens of thousands of attack sources from more than ten countries and regions, and the peak bandwidth is 3.74Tbps, 50% higher than the previous record.
Two more massive 2-3Tbps DDoS attacks in December were known until now. Because Microsoft has taken it all down.
In addition to the actual attack and defense, Microsoft also made a statistical analysis of all DDoS attacks in Q3 and Q4. It was discovered that the game industry is the primary target of hackers, and China, Japan, South Korea and India, where mobile games are popular, have become the hardest hit areas.
Why DDoS Attacks Target Game Hacker gangs use DDoS methods to attack games, many of which are for ransom. Online games are more profitable and have a short life cycle. In order to make money, game companies can easily bow to hackers and pay “protection fees”. Like the developers of “Yijianxing” mentioned above, there are not many people who have to bear more losses and hackers. DDoS attacks are cheap enough to hit an unprotected site for as little as $300/month.
The defense cost of the game side is very high. Multiplayer games are afraid of network problems. Hackers don’t need to spend a lot of effort to paralyze the server. Just the delay can affect the player’s experience. The game server needs to be online 7*24 hours, and the stability of the server is very high. Once attacked, it will easily cause the loss of players, and then the game reputation will decline.
Among the DDoS attacks against games, the most common is “UDP flood”. In the second half of 2021, UDP floods accounted for 55% of all attacks, a 16% increase from the first half.
[The Asian game industry suffered the largest DDoS attack by hackers in history, with a peak of 3.74Tbps, Microsoft: I took it down] UDP is the User Datagram Protocol, which can send data without establishing a connection. The advantage is that the overhead is small and the speed is fast. The disadvantage is security Not as high as the TCP protocol. An attacker can use UDP to send large amounts of data to multiple ports on the target server without having to obtain communication permissions in advance. In turn, the target server must send packets of the same size telling each attack source that this port is unavailable. In the end, it was submerged in the flood of data, and the access requests of normal users were also blocked.
Of course, there are ways to prevent it. Major cloud service providers and network security companies have security services for DDoS attacks. But these services are often more expensive and less affordable for smaller companies, and hackers extorting game companies are on the rise.
An option for smaller projects is a security service like Cloudflare, which ranges from free to $200/month. What else can be done, one is to try to protect the real IP address of the server, and the other is to actively call the police.
It is worth mentioning that DDoS attacks are punishable in many countries. In my country, it is the crime of sabotaging computer information systems, and shall be sentenced to fixed-term imprisonment of not more than five years or criminal detention. If the consequences are particularly serious, they shall be sentenced to fixed-term imprisonment of not less than five years.
黑客攻击太猖獗，游戏行业危了。最新事件，一次针对我的世界线上直播赛的 DDoS 攻击，让欧洲国家安道尔全国接近断网半小时。这个国家，他就只有这么一个电信公司，手机用户也遭殃。
[亚洲游戏行业遭遇史上最大黑客 DDoS 攻击，峰值达 3.74Tbps，微软：我给扛下来了]
事实上，从去年下半年开始，不少网络游戏都曾因网络攻击而瘫痪。8 月，最终幻想 14 欧洲服务器遭攻击瘫痪，12 个小时后才恢复。12 月，暴雪美国服务器遭 4 小时持续攻击夜袭，守望先锋、魔兽世界、炉石传说玩家都没得玩了。
国产手游《弈剑行》遭黑客勒索攻击，开服首日即停服。开发商没有给黑客交“保护费”，而是原路退款所有玩家充值，损失惨重。甚至一度考虑把研发了 3 年的联机游戏改成单机版。
这期间被盯上的游戏还有逃离塔科夫、黎明杀机等。泰坦陨落 1 因无力对抗恶意攻击，发行商 EA 直接选择下架停售。
现在，微软还最新披露，去年 11 月 Azure 云的一个亚洲客户遭遇了史上最大规模 DDoS 攻击。这是一次分布式攻击，有来自十多个国家和地区的上万个攻击来源，带宽峰值达 3.74Tbps，比上一次最高纪录高出 50%。
2-3Tbps 的大规模 DDoS 攻击在 12 月还有两次，直到现在公布才被人所知。因为微软自己都给扛下来了。
攻防实战之外，微软也对 Q3 和 Q4 两季度所有 DDoS 攻击情况做了统计分析。发现游戏行业是黑客的首要目标，手游流行的中日韩和印度成了重灾区。
黑客团伙用 DDoS 手段攻击游戏，很多是为了勒索赎金。线上游戏比较吸金，生命周期又短，游戏公司为了能赚到钱，很容易向黑客低头，支付“保护费”。像上面提到的《弈剑行》开发商这种，自己承担更大损失和黑客硬刚的其实不多。DDoS 攻击的成本足够低廉，攻击未受保护的站点只需 300 美元 / 月的成本。
游戏一方的防御成本却很高。多人游戏就怕网络问题，黑客都不需要花大力气把服务器搞瘫痪，仅仅是出现延迟都能影响玩家体验。游戏服务器又需要 7*24 小时在线，对服务器的稳定性要求很高，一旦受到攻击很容易造成玩家流失，进而游戏口碑下降。
针对游戏的 DDoS 攻击方式中，最常见的是“UDP 洪水”。2021 年下半年，UDP 洪水攻击占所有攻击的 55%，比上半年增加了 16%。
[亚洲游戏行业遭遇史上最大黑客 DDoS 攻击，峰值达 3.74Tbps，微软：我给扛下来了]
UDP 即用户数据报协议，无需建立连接就可以发送数据，优点是开销小速度快，缺点就是安全性不如 TCP 协议高。攻击者不必事先获取通信权限，就可以使用 UDP 向目标服务器的多个端口发送大量数据。反过来，目标服务器必须发送相同大小的数据包，告诉每个攻击来源这个端口不可用。最终淹没在数据洪流里，正常用户的访问请求也被堵塞。
防范的办法当然也有，各大云服务商和网络安全公司都有针对 DDoS 攻击的安全服务。不过这些服务通常价格较贵，小公司也很难负担得起，勒索游戏公司的黑客也就越来越猖獗了。
小型项目有一个选择是像 Cloudflare 这样的安全服务，价格从免费至 200 美元 / 月都有。还能做的，一个是尽量保护住服务器真实 IP 地址，一个是积极报警。