Companies are being warned to protect themselves against a new wave of DDoS attacks after Sony's PlayStation and Entertainment Network online games services were brought down over the weekend by DDoS hacktivists who could be trolls or Islamic extremists.
Other games networks – including Microsoft's Xbox Live service, Blizzard's Battle.net (which hosts World of Warcraft) and Grinding Gear Games – were also disrupted.
Sony, which suffered one of the worst data breaches in history in 2011, was specially targeted. A group called Lizard Squad claimed responsibility for the DDoS attack on the company and also tweeted a bomb threat on Sunday which forced American Airlines to divert an internal US flight carrying Sony Online Entertainment president John Smedley.
Lizard Squad made a number of claims on their Twitter feed associating themselves with the Islamic militant group ISIL, which was previously known as ISIS.
They claim to have “planted the ISIS flag on Sony's servers” and tweeted “Kuffar (non-believers) don't get to play video games until bombing of the ISIL stops”, “all Kuffar shall die” and other messages referring to Jihad.
But the group also tweeted the more mundane: “Sony, yet another large company, but they aren't spending the waves of cash they obtain on their customers' PSN service. End the greed.”
Smedley himself poured scorn on Lizard Squad's ‘political' claims, adding: “I wish the national media would stop letting these DDoS trolls' occasional use of the ISIS cr*p be taken seriously.” He added: “Yes. My plane was diverted. Not going to discuss more than that. Justice will find these guys.”
Meanwhile, another hacker, Fame, also claimed responsibility for the Sony attack and accused Lizard Squad of stealing the credit.
The Sony attack follows last week's revelation by IP security firm Incapsula that a video games company had been hit by 38-day DDoS assault.
Later on Sunday, Sony social media manager Sid Shuman blogged to say the PlayStation and Sony Entertainment networks were back online, saying: “We sincerely apologise for the inconvenience caused by this issue.”
But CISOs everywhere are being warned that DDoS attacks are becoming very common – because they are so easy to carry out.
Cyber security expert Brian Honan of BH Consulting, a special advisor on internet security to Europol, told SCMagazineUK.com: “If you're a target, your network is designed to cope with a certain amount of traffic, so it can be quite easy to flood that capacity by using different types of DDoS attacks - whether that's using a botnet to send multiple requests to it, or using reflection attacks against protocols such as DNS etc to send large packets to a target to bring it down.
“Also many organisations until now have not seen DDoS attacks as being a potential threat and therefore don't have the adequate protections in place. They haven't contacted their ISPs, their data centre providers or any other DDoS mitigation services to help them deal with those types of attacks.”
Lancope CTO TK Keanini agreed, telling journalists via email:"Distributed Denial of Service attacks used to be a resource held by a few of the elite groups on the net, but today this method of attack is available to anyone as it is offered as a service. If you know where to look, and you have some crypto currency in hand, just point and shoot.
“If you, or more likely your business, is connected to the internet, you will at some point fall victim to a DDoS attack.”
On the question of whether the latest attackers were political or not, Honan said. “Based on the information we have at the moment it's very hard to definitely say whether they're trolls looking for attention, or they are connected to jihadists and have a political motivation. Some groups often claim to have some sort of political connection to legitimise what they're doing or to try and big themselves up.”
Dave Larson, CTO of Corero Network Security, told journalists via email that the Sony attack “appears to be part of a larger trend of disruptive and destructive attacks by apparently politically motivated groups. The drivers for launching attacks are far-ranging and difficult to pinpoint in many cases - anyone can become a victim at any time.”
He added: “This example strongly underscores the importance of including a DDoS first line of defence as a component of your network security architecture, as any online business can be a target for misguided activism. Any organisation that hasn't taken the necessary steps to protect against these types of attacks, could be at serious risk.”
To protect your organisation, Honan said: “Look at what services you can deploy on your network or equipment you can directly buy to help manage a DDoS attack. Contact your ISP or your hosting provider to see what services they can put in place; or there are third-party providers out there, such as CloudFlare, Akamai, etc - solutions that companies could subscribe to depending on their own particular risk profile.”
Microsoft declined to confirm the cause of the disruption to its Xbox Live online gaming service.