Massive DDoS Attack Cripples Steam Across 13 Countries: What Happened?
Sun, Aug 25, 2024 ET
2min read LI --
PERF --
WB --
On the evening of August 24th, "#SteamDowned" trended on Weibo, as numerous users reported being unable to log in or access their games. Steam's Chinese proxy, Perfect World eSports Platform, issued an announcement attributing the issue to a massive DDoS attack. As of today, access to Steam has been restored.
In a statement released this afternoon, Qi An Xin's XLab revealed that nearly 60 botnets orchestrated the DDoS attack, with attack commands surging by more than 20,000 times overnight. This wave of attacks targeted Steam's global website, spanning 13 countries and regions and affecting 107 Steam server IPs.
"Both the scale of attack commands and the multitude of botnets, coupled with the intensity and organization of the attack, make this DDoS incident one of the most extraordinary we have observed in recent years," noted Qi An Xin XLab.
DDoS attacks involve multiple computers from various locations launching simultaneous attacks on one or several targets, depleting the target server’s performance or network bandwidth. This results in the server becoming slow or crashing, thereby rendering it unable to provide normal services.
The game industry veteran Li Weichen remarked to a reporter that DDoS attacks are common in the gaming sector, especially during the release of blockbuster games. Hackers might utilize DDoS attacks to deprive game companies or platforms of revenue opportunities, using the attack as leverage for extortion. Other motives for such attacks could include influencing stock values, receiving payments from competitors, or exploiting financial leverage.
DDoS has a long history but remains an effective form of attack, Li added. There are now mature SaaS services that offer DDoS attacks under the guise of stress testing, which can be used by paying customers. These services are relatively inexpensive, causing significant financial damage within seconds.
Qi An Xin highlighted that complete defense against DDoS attacks is incredibly challenging. It ultimately depends on whether attackers or defenders can marshal more bandwidth resources. Ordinary internet businesses cannot reserve thousands of times their usual bandwidth just to counter potential attacks, making it nearly impossible for them to cope on their own during an actual attack.
As for the most effective countermeasure against DDoS attacks? Using anti-D services from cloud defense companies is key. During an attack, these platforms can mobilize global resources to counteract the hackers effectively. Additionally, game companies typically collaborate with cloud defense services and have backup strategies such as alternative domains and servers. The use of cloud-native and container technology also allows for rapid scaling to meet surges in demand.
According to Gcore's report, DDoS attacks surged by 46% in the first half of 2024, with the gaming and gambling sectors being the most heavily targeted, accounting for 49% of all incidents. Due to the competitive nature and substantial economic interests involved in online gaming, this sector is particularly vulnerable to such attacks.
In a statement released this afternoon, Qi An Xin's XLab revealed that nearly 60 botnets orchestrated the DDoS attack, with attack commands surging by more than 20,000 times overnight. This wave of attacks targeted Steam's global website, spanning 13 countries and regions and affecting 107 Steam server IPs.
"Both the scale of attack commands and the multitude of botnets, coupled with the intensity and organization of the attack, make this DDoS incident one of the most extraordinary we have observed in recent years," noted Qi An Xin XLab.
DDoS attacks involve multiple computers from various locations launching simultaneous attacks on one or several targets, depleting the target server’s performance or network bandwidth. This results in the server becoming slow or crashing, thereby rendering it unable to provide normal services.
The game industry veteran Li Weichen remarked to a reporter that DDoS attacks are common in the gaming sector, especially during the release of blockbuster games. Hackers might utilize DDoS attacks to deprive game companies or platforms of revenue opportunities, using the attack as leverage for extortion. Other motives for such attacks could include influencing stock values, receiving payments from competitors, or exploiting financial leverage.
DDoS has a long history but remains an effective form of attack, Li added. There are now mature SaaS services that offer DDoS attacks under the guise of stress testing, which can be used by paying customers. These services are relatively inexpensive, causing significant financial damage within seconds.
Qi An Xin highlighted that complete defense against DDoS attacks is incredibly challenging. It ultimately depends on whether attackers or defenders can marshal more bandwidth resources. Ordinary internet businesses cannot reserve thousands of times their usual bandwidth just to counter potential attacks, making it nearly impossible for them to cope on their own during an actual attack.
As for the most effective countermeasure against DDoS attacks? Using anti-D services from cloud defense companies is key. During an attack, these platforms can mobilize global resources to counteract the hackers effectively. Additionally, game companies typically collaborate with cloud defense services and have backup strategies such as alternative domains and servers. The use of cloud-native and container technology also allows for rapid scaling to meet surges in demand.
According to Gcore's report, DDoS attacks surged by 46% in the first half of 2024, with the gaming and gambling sectors being the most heavily targeted, accounting for 49% of all incidents. Due to the competitive nature and substantial economic interests involved in online gaming, this sector is particularly vulnerable to such attacks.
