AI & Machine Learning Products
Edge Network
Platform as a Service
Virtual & Dedicated Servers
Video Streaming Platform
Cloud for Mobile
Custom Services Products
Media & Entertainment
Financial Services
IT / Technology
Retail
Education
Web Acceleration
Video Streaming
Security & Protection
Cloud
Availability
Partnership Solutions
Corporate Solutions
Wargaming is one of the world’s largest publishers and developers in the free-to-play MMO market.
Wargaming games’ audience, including the flagship projects World of Tanks and World of Warships, consists of more than 200 million users on all major gaming platforms.
In 2020, the structure of global traffic changed significantly. Our research has shown a dramatic increase in content consumption in the online gaming and entertainment industry. Along with the growing interest in these industries, the number of DDoS attacks targeting infrastructure and game servers has grown.
One of the targets of the cybercriminals was our customer, Wargaming.
In the recent years, attacks have become smarter and more sophisticated.
Increasingly, they are directed at web applications themselves, rather than at specific servers (L7 of the OSI network model). At the same time, attackers very often try to imitate legitimate gaming traffic, which makes it difficult to detect and repel such attacks.
To prevent an attack and separate legitimate and malicious traffic, the traffic must be received and processed. Therefore, high network capacity and a large number of high-speed channels are the main requirements in the fight against DDoS attacks. If the channels are overloaded, the traffic simply cannot get to the DDoS protection system for subsequent cleaning. In such a case, not only the protected customers suffer, but the entire location.
On February 18, 2021, the Gcore defense systems detected an attack aimed at Wargaming servers.
The total volume of the attack was 253 Gbps, and it lasted about 15 minutes. The attackers used the UDP Flood method.
UDP Flood is distributed, artificially generated traffic. The attacker, as a rule, first studies all the subtleties of the gaming application and then generates UDP packets from fake IP addresses (on average, more than 100,000 unique IP addresses can be used in one attack).
By using filter rules to protect against well-known amplification attacks, we deflected some of the malicious traffic at our border routers. We redirected the other part to our cleaning system in order to analyze this traffic deeper and make a more informed decision about blocking.
Andrey Slastenov
Head of Web Security at Gcore
Our method is based on the transfer of a secret key between the client application and the cleaning center, which is guaranteed to separate legitimate and malicious traffic. This way, we ensure the safety of the customer’s infrastructure and the high-quality cleaning of malicious traffic. If a powerful attack of several hundred gigabits per second is detected, traffic is distributed across several servers and several cleaning centers, thus avoiding overloading the server or even an entire server cluster.
Andrey Slastenov
Head of Web Security at Gcore
Attacks are detected and traffic is cleaned automatically in traffic validation mode.
Online education has become a cornerstone for knowledge acquisition in the fast-paced, digital-first era. However, ensuring seamless content delivery and…
Sandbox Interactive is a Berlin-based game development studio that specializes in creating massively multiplayer online role-playing games (MMORPGs). One of…
Gcore helped OnlineChannel.TV overcome challenges with its platform’s performance, resulting in an improved user experience, increased customer base, and higher…
Gcore Edge Network provides jsDelivr, a free open-source CDN with unlimited CDN bandwidth, reliable DNS hosting, and on-the-fly image optimization…