Final Fantasy XIV’s seemingly unstoppable DDoS attack is the new norm

Cyberattackers are assaulting the servers for Square Enix’s popular Final Fantasy XIV online role-playing game, and the publisher is struggling to deal with the problem.

Square Enix confirmed on Final Fantasy XIV’s official website today that someone (or a group of people) has barraged its servers with a distributed denial-of-service (DDoS) attack since June 16. In a DDoS, a network of devices overwhelm a server with junk data, which causes performance problems for standard packet transfers. The publisher says the source of the DDoS is anonymous, so no one has given the company a reason why this is happening (like demanding that Square Enix add bunny girls to its MMORPG). This is primarily affecting the North American data center for the game. The publisher says it has a team working to address the problem, but that may not help.

“Our technical staff is taking every possible measure to address this issue,” reads the Square Enix blog post. “But the attack is still continuing to take place by changing their methods at every moment. We will continue to monitor and work on recovery from every possible angle.”

Put more simply: DDoS assaults are capable of mutating to bypass most countermeasures, and that is because the attackers run connected swarms of smart devices (often called botnets) that contain more than just computers.

“Today, botnets like the one that has plagued Final Fantasy XIV’s servers don’t have any boundaries,” Avast strategy director Jonathan Penn explained in a note to GamesBeat. “Every printer, gaming console, and anything else connected to the internet can be used by a botnet to launch DDoS attacks.”

And as the “internet of things” (IOT) continues spooling up with Wi-Fi cameras, smart refrigerators, and Amazon Echo-like devices, botnets and DDoS attacks become more and more difficult to stop.

“The reality is, the power of these kinds of attacks will only continue to evolve moving forward,” said Penn. “Soon we will see fully autonomous, artificial intelligence-based attacks that will operate independently, adapt and make decisions on their own — putting our digital devices and web infrastructure at even greater risk.”

Penn suggests that people keep their devices updated and protected behind strong and unique passwords. Of course, he also suggests anti-malware software like the kinds of products that Avast sell. But people tend to take the path of least resistance, and remembering unique passwords, keeping firmware up-to-date, and spending money on extra software is against our nature. So companies like Square Enix and others will have to figure out new ways to deal with DDoS threats, or their internet-dependent products could end up losing customers.