DDoS holds a unique place in cybercrime. While many attacks attempt to evade the notice of their victims – finding ever quieter ways to work around defences and stealthily reach data and credentials – DDoS is often meant to make a big, loud statement.
That’s one of the reasons it’s a favorite of hacktivist groups and trolls. Outing services by overwhelming them with traffic can make quite an impression, especially during a live, publicly broadcast event.
DDoS attackers have been seizing upon this particular sensitivity for a long time now. Just this year, attackers hit the Eurovision Song Contest. Against the backdrop of the Russian invasion of Ukraine, 2022’s contest had a starkly political character. The European Broadcasting Union had banned Russia from competing in the contest shortly after the invasion, and European sympathies largely lay with the Ukrainian entrants, Kalush Orchestra.
Against that backdrop, the pro-Russian Killnet Hacker group tried to target the first semi-final with various DDoS attacks on the contest’s voting systems during both the semi-final and final. The intention was clear – Killnet was attempting to derail the victory of the Kalush Orchestra and deny Ukraine a propaganda victory. The attacks were fortunately unsuccessful and Kalush Orchestra’s performance of the song Stefania won with more televoting points than any other entrant in the contest to date.
With the football FIFA World Cup 2022 set to begin later this month (November 2022), this high-profile event is set to also be a tempting target for DDoS attacks.
DDoS has long been an effective weapon against targets that rely on being ‘live.’ Gambling events have also felt the brunt of DDoS attacks. In September 2022, a DDoS attack hit online gambling site PokerStars’ forcing them to cancel a number of hotly anticipated events, including the World Championship of Online Poker (WCOOP).
One of the world’s biggest gaming companies, Blizzard, has been hit with a number of DDoS attacks in recent weeks. These have forced some of the most popular online games – and their countless players – offline, including Overwatch, Call of Duty and World of Warcraft.
Online gamers play in a fast-paced environment – they rely on the connection speed to stay in a ‘live’ game with other players and even a few seconds of downtime can lose or win a game.
The increasing interest in Esports has made these games lucrative propositions for gamblers, gamers, game companies and hackers. By 2028, the global Esports market is set to be valued at over $2.8bn. By seizing upon the necessity of ‘live’ uptime, DDoS hackers and other nefarious parties stand to wreak a lot of havoc and potentially make a lot of money.
DDoS has been a problem in gaming for quite a while. A large number of DDoS attacks are launched against the gaming industry or gamers. This is not just because online gaming is a sensitive target but because DDoS has become an incredibly cheap and easy attack to carry out.
The rise of Booter services has allowed anyone to hire DDoS services for a small price. Customers can pick their targets, duration, frequency and size and pay a pittance to launch DDoS attacks against their chosen victims.
While attacks might be cheap for attackers, they’re surely expensive for victims, who can lose revenue, customers and brand reputation as a result.
DDoS attackers target live events because they know how much attention they can generate from the damage they can do and how much those events value ‘uptime.’ That includes concerts, film premiers and sports broadcasts and other such events. As live events are moving online through webinars, conferences, games, streams and more, attackers see an opportunity to protest, profit and seriously hamstring their targets by exploiting their fundamental need to stay ‘live.’