New Mirai botnet could make PSN and Xbox Live "sitting ducks" at Christmas

Seth Barton
New Mirai botnet could make PSN and Xbox Live "sitting ducks" at Christmas

Security experts say that gaming networks, such as Xbox Live and PSN, will be high on the list of potential targets for the new generation of botnet attacks.

That could spell disaster for the industry during one of its key gaming seasons, again.

Igal Zeifman, security evangelist at Imperva said: From an attacker's point of view it makes perfect sense to strike during this time of year, which is when gaming services are busiest and an assault is both most notable and most likely to succeed.”

The much-publicised Mirai malware is the big new weapon available to hackers.

It exploits the default passwords in Internet-of-Things (IoT) devices (such as webcams and digital video recorders) to create a huge network of devices, which can then be used to spam online services with requests and effectively make them unusable for regular users.

Similar Distributed Denial of Service (DDoS) attacks have taken down Xbox Live and PSN before, most famously by Lizard Squad in 2014. Such attacks have also hit individual games, including Destiny.

Another such attack would upset huge numbers of gamers, resulting in a PR nightmare for platform holders, publishers and retailers, not to mention the potential loss in digital revenue over the period.

Gaming companies depend on service availability, so any interruption results in a loss of customer loyalty and brand reputation,” said Sean Newman at Corero Network Security, adding: Reduced availability equals reduced revenue.”

Those attacks are even more likely this year, however, as the Mirai malware has been publicly released, making it a far more prevalent threat.

That increases the number of potential attackers and also increases the likelihood that the malware itself could have been tweaked to recruit yet more vulnerable IoT devices.

Games companies are virtually ‘sitting ducks' unless they have the protection offered by the latest generation of DDoS protection hardware. If they are using a legacy DDoS solution, it's not sufficient because legacy solutions just don't have the capacity, intelligence, or reaction times to deal with today's attacks,” said Newman.

Platform holders should be able to mitigate against such attacks then, Zeifman agreed: DDoS is countered by the over provisioning of server and network resources, in combination with security solutions that can identify and weed out malicious traffic. Service providers should invest in both, as I'm sure they're doing already.”

Hackers have historically targeted such platforms, as the effects are highly publicised and the enraged response is instantly apparent on message boards. Notoriety and exposure often drive such attacks, though blackmail is a possible motivation.

Attacks without a financial motivation will hit without warning, said Zeifman: Money's one of the reasons behind DDoS attacks but I'm not sure it will be the case with attacks on Christmas Eve, which are usually flamboyant assaults looking for media attention.”

Sean Sullivan, security advisor at F-Secure, said: The real measure of success is whether or not the service is back up to full speed once the attack is over. That is where Microsoft succeeded in 2014 and Sony failed.”

Sullivan suggests the companies set expectations early, talk about the possible threat, and declare if they are threatened.

The question, then, is whether platform holders should speak out about their precautionary measures. It would help to reassure the industry and consumers but it may also fan the flames of publicity that hackers seem to bask in.

Such uncertainty means both physical media and titles with strong single-player offerings look a safer bet come the holidays. Even if the networks fail come the big day, there would still be entertainment to be had from such games.

GET EMAIL UPDATES

Subscribe