Sony recently acknowledged that its PlayStation Network and Sony Entertainment Network had been taken offline due to a distributed denial of service (DDoS) attack, stating that the networks had been “impacted by an attempt to overwhelm our network with articifically high traffic.”
“We are under attack by a large scale DDoS,” Sony Online Entertainment president John Smedley tweeted at 4:59 a.m. on August 24, 2014. “Being dealt with but it will impact games until [it’s] handled.”
Soon after, the company announced that the networks were back online, stating, “We have seen no evidence of any intrusion to the network and no evidence of any unauthorized access to users’ personal information.”
Reuters reports that Lizard Squad, which claimed reponsibility for the Sony DDoS attack as well as a similar attack on Blizzard Entertainment, also tweeted a bomb threat to American Airlines on August 24 regarding a flight on which Smedley was flying from Dallas to San Diego, stating, “@AmericanAir We have been receiving reports that @j_smedley‘s plane #362 from DFW to SAN has explosives on-board, please look into this.”
The flight was then diverted to Phoenix. Smeedly later tweeted, “Yes. My plane was diverted. Not going to discuss more than that. Justice will find these guys.”
Marc Gaffan, co-founder and chief business officer at Incapsula, said by email that DDoS attacks like the one that hit Sony have already increased by 240 percent in 2014. “Attacks like this will continue to plague big name companies, thanks to the greater availability of resources for hackers,” Gaffan said.
“Persistent DDoS attacks can sometimes last for weeks and in a time when anyone can Google up a ‘botnet for hire’ and use it to execute a 20-40 Gbps attack, from several [thousand] sources, organizations across the world need to reevaluate their DDoS protection or risk the consequences,” Gaffan added.
A recent BT survey of 640 IT decision makers in 11 countries and regions found that 41 percent of organizations surveyed were hit by DDoS attacks over the past year, and 78 percent of those organizations were targeted more than once.
Fully 58 percent of organizations worldwide described DDoS attacks as a key concern, and 59 percent said such attacks are becoming more effective at subverting their organization’s IT security measures.
Following a DDoS attack, survey respondents said customer complaints and queries increased by an average of 36 percent.
“Reputations, revenue and customer confidence are on the line following a DDoS attack, not to mention the upfront time and cost that it takes an organization to recover following an attack,” BT Security president Mark Hughes said in a statement.
At the recent Infosecurity Europe 2014 conference, Neustar DDoS product specialist Susan Warner noted that DDoS attacks are also increasingly being used as a smokescreen for other cyber attacks.
“If a company is caught flat-footed by the DDoS attack, IT staff are tied up in the moment of crisis,” Warner said. “That is an ideal opportunity for hackers to attack.”
For detailed advice on fighting DDoS attacks, read eSecurity Planet’s five tips here.