Author | Sina Technology, Luo Ning

On the evening of August 24th, the Steam platform was hit by a DDoS attack, causing many users to be unable to log in or access games. As of today, the platform has restored login. This incident has attracted widespread attention, and the related topic "Steam crashed" briefly trended.

Many netizens speculated that the server crash was due to the large number of online players of the game "Black Myth: Wukong", and some players on the Perfect World competitive platform received a system pop-up message indicating "Steam is currently receiving a ddos attack, causing players to experience game dropouts due to Steam disconnection. Players can restart Steam to reconnect."

Following the incident, Sina Technology approached Perfect World for verification, and an internal source stated, "The issue with Steam should be directed to V Studio." However, in terms of data, this DDoS attack still affected the release of "Black Myth: Wukong" this week. Since the release of "Black Myth: Wukong", the peak online player count on the Steam platform has been steadily increasing, reaching over 2.4 million on August 22. However, on the Saturday night when the player count was expected to be the highest, the relevant online player count was only 0.35 million, showing a significant decline.

It is reported that DDoS, also known as Distributed Denial of Service attack, increases the power of denial of service attacks exponentially by using multiple computers as attack platforms to target one or more targets. The game industry faces various types of DDoS attacks, including SYN flood attacks, traffic-based attacks, and CC attacks, and new tactics emerge endlessly. Hackers control a large number of 'zombie computers' to send useless data packets to the target host, causing normal users trying to access the page to be unable to open the page or even crash the host.

Regarding the intensity of DDoS attacks, Zhou Hongyi, the founder of 360 Group, commented, 'Every day, companies and institutions are being targeted by hackers. Every day, there are information leaks. No one, whether it's a country, a company, a website, or an individual, is exempt.'

The reason why DDoS attacks are so fierce is because the attacks from hackers are very covert. In order to evade detection, malicious websites usually constantly change their addresses, and different malicious websites sometimes share the same IP address. There have been instances where a malicious website has used dozens of IPs located in different countries such as Russia, Mexico, Chile, and the United States. It is difficult to quickly identify and intercept them due to the rapid change of addresses and geographical locations.

In the past, there have been game companies that went out of business due to DDoS attacks. According to industry insiders, a game platform in Northeast China was hit by a large-scale DDoS attack, with an attack volume of 600Gbps for several consecutive days, making it unable to open the server normally. It was persuaded to give up by a well-known competitor in China, resulting in a daily loss of nearly 3 million yuan. Another game platform in Southwest China encountered a DDoS attack for half a month shortly after its launch, which forced it to shut down the website. As a result, the attitude of investors towards the platform changed, and it failed to secure the next round of funding.

Data shows that the number of DDoS attacks in the first half of 2024 has significantly increased. A report released by the cybersecurity company Gcore points out that the number of attack incidents has reached 0.445 million, a year-on-year increase of 46% and a quarter-on-quarter increase of 34%. The gaming and gambling industries are the main targets of DDoS attacks, accounting for 49% of the total number of incidents in the first half of 2024. The number of attacks on the technology industry has also significantly increased, accounting for 15% of the total. Andrey Slastenov, the chief security officer of Gcore, warned that even small-scale increases in attacks can have a serious impact at high bandwidth levels.

Regarding the governance of DDoS attacks, Zhou Hongyi pointed out the need to establish the capability of security big data. 'All network activities leave traces, and where there are traces, there is data. Security big data is the foundation for the ability to see. After obtaining the data, we also need the ability to connect the data and analyze it, combining it with security experience to form the ability to see.'

Game industry analyst Zhang Shule stated to Sina Technology, 'Some hackers often like to demonstrate their existence and technical capabilities by attacking hotspots in networks. This kind of attack is temporary for platforms. The influx of players brought by "Black Myth: Wukong" indeed exceeded the industry's expectations. Steam was also unprepared, resulting in overwhelming pressure. This gave hackers the opportunity to use the not-so-clever method of DDoS attacks to target the 'hotspot.' However, once the platform responds and makes some technical adjustments, it is not difficult to solve it, and the economic losses caused by this kind of attack are not large, but the negative effects on the gaming experience are significant.'