DDoS attacks hit Sony’s PlayStation Network and other gaming services
Sony's PlayStation Network and other gaming services reported disruptions at the weekend in a suspected cyber attack campaign
Sony's PlayStation Network (PSN) was forced offline and other gaming services reported disruptions at the weekend in what appears to have been a co-ordinated cyber attack campaign.
Microsoft’s Xbox Live, Blizzard’s Battle.net, Grinding Gear Games and others also reported disruptions to their services.
The disruptions coincided with a bomb scare involving an American Airlines jet carrying a Sony executive.
Claims that the flight from Dallas Fort Worth to San Diego was carrying explosives were made via a Twitter account that was also used to claim responsibility for the online attacks, reports the BBC.
Ahead of the flight, Sony Online Entertainment president John Smedley had tweeted that Sony was tackling a “large-scale” distributed denial of service (DDoS) attack.
DDoS attacks are commonly used by competitors or activists to take services offline using a variety of techniques that make services impossible to reach.
more on DDoS attacks
- Neustar to host first DDoS awareness day
- Thirteen plead guilty to Anonymous DDoS attack on PayPal
- DNS amplification, application-layer attacks drive DDoS attack trends
- DDoS attacks more than treble in the past year, report reveals
- Largest Bitcoin exchange reports heavy DDoS attack
- New threat portal pegs DDoS attacks at 2,570 a day
- DDoS attacks up in size, speed and complexity, study finds
The Twitter account that claimed responsibility for the attacks on the gaming services linked the attacks to the jihadist group Islamic State.
But an earlier tweet on the account said: "Sony, yet another large company, but they aren't spending the waves of cash they obtain on their customers' PSN service. End the greed."
Responsibility for the attacks has also been claimed by a hacker linked to the Anonymous hacktivist collective, who said the attacks were aimed at highlighting vulnerabilities in Sony's system.
Sony’s PlayStation Network was taken offline for more than three weeks in 2011 after a hack that compromised the personal information of millions of customers.
Sony has sought to reassure users after the weekend disruptions.
"We have seen no evidence of any intrusion to the network and no evidence of any unauthorised access to users' personal information," said Sony’s social media manager, Sid Shuman, in a blog post.
Commenting on the disruptions, Dave Larson, CTO at Corero Network Security, said the drivers for launching DDoS attacks are far ranging and difficult to pinpoint in many cases.
As DDoS attacks continue to become stronger, longer and more sophisticated, businesses that rely on their online web applications as a revenue source cannot become complacent
Dave Larson, Corero Network Security
“Anyone can become a victim at any time and, as the attacks continue to become stronger, longer and more sophisticated, businesses that rely on their online web applications as a revenue source cannot become complacent,” he said.
Larson said the latest DDoS attacks underscore the importance of including a DDoS first line of defence as a component of network security architecture.
“Any online business can be a target for misguided activism, and any organisation that has not taken the necessary steps to protect against these types of attacks could be at serious risk,” he said.
In April 2014, a report said the average peak bandwidth of DDoS attacks increased by 114% from the last quarter of 2013 and the first quarter of 2014.
According to Prolexic, new reflection and amplification attack tools can deliver a powerful punch.
The report said that the first quarter saw a 39% increase in average bandwidth and the largest-ever DDoS attack to cross the Prolexic DDoS mitigation network.
This attack involved multiple reflection techniques combined with a traditional botnet-based application attack to generate peak traffic of more than 200Gbps and 53.5 million packets per second.