Any new, connected, data-powered technology, including the latest virtual reality (VR) applications, come with security risks. Known methods of attack such as DDoS are given a new platform in the virtual world, so any organisations looking to entice its customers with new VR-enabled experiences needs to ensure that it doesn’t inadvertently open itself up to cyber-attacks.
Imagine this: you are sitting in the corner of a cosy café chatting with your friend, catching up and just relaxing and having a good time. All of a sudden everyone around you starts moving strangely, jittering, before finally freezing on the spot. What on earth just happened?
Well, it is 2018 and your VR application has just been subject to a DDoS attack while you were using a VR chat application.
This is not science fiction: as demonstrated by the emergence of a number of VR headsets and VR-enabled games and other apps in the market recently, virtual technologies are on the rise. Analysts at Gartner predict that it only needs five to ten years until truly mainstream adoption.
Despite headset advances by the likes of Microsoft, Samsung and Oculus, the VR software market will grow even faster than the hardware market. Yet, the more content such as games, films and apps we will see dedicated for VR, the more people will embrace these technologies – and the more attractive they will become for cyber-attackers too.
Connected technology under threat
VR applications face similar security threats as any other connected technology. Unlike other forms of media consumption such as streaming standard video, immersive experiences such as those enabled by VR, may have more noticeable physical and mental effects when disrupted. If you are streaming a film and your Internet connection drops for an instant, you might see jitter or reduction in the video resolution, but you may still be able to continue to watching the film. For VR, jitter is unacceptable: the quality of an online VR experience relies entirely on a low-latency and high-speed connection.
So, as long as it is possible to attack a smartphone or server, it is hypothetically possible to attack and disrupt a VR experience. This could mean destroying the simulation by overloading it with information through a DDoS attack – like in my example above – or taking control of the simulation and changing the ‘reality’ which the consumer is experiencing. That is why part of maintaining the levels of connectivity required for a truly immersive experience is maintaining network security, so that it cannot be undermined by malicious threats.
Impact on the brand
Staging a successful attack on a VR platform at a crucial time when your business simply cannot afford for its networks to fall over gives attackers far more leverage. Soon, sports like football could be offered as a VR experience, transporting fans from anywhere in the world to the middle of the action on the pitch thousands of miles away. Imagine the impact to sponsors and broadcasting rights holders if the match in the virtual world was brought to a standstill due a DDoS attack.
There have already been examples of companies effectively being held to ransom under the threat of a DDoS attack in exchange for sums of bitcoin and other forms of extortion. So, as VR platforms become more widespread, we are likely to see cyber-criminals threaten more and more organisations with large-scale DDoS attacks in the virtual realm too.
The best form of defence is attack
DDoS attacks are increasing in volume and frequency, while also becoming more sophisticated. They are exposing vulnerabilities in networks and exploiting these vulnerabilities by infecting any IP-enabled devices such as VR applications to rapidly form botnet armies which grind networks to a standstill. These attacks can also be used by cyber-criminals as a distraction, with the aim of penetrating other parts of an enterprise’s IT set-up while the IT team is busy trying to restore networks.
Given the sophisticated and global nature of DDoS attacks, the best form of defence is attack. Rather than waiting for attacks to hit your network and relying on the ability of your security systems to stand up to them, you need to anticipate them, and deal with them in real-time. This process is known as scrubbing. Designated scrubbing centres mitigate and break up attacks, ensuring that the network acts as the first line of defence. This approach means that legitimate traffic always gets through, and malicious traffic is mitigated at the source, so it does not choke bandwidth.
Network security is a continuous state of evolution. As new connected technology innovations such as VR emerge, the greatest challenge for organisations looking to capitalise on the opportunities that they offer is to stay one step ahead of malicious threats.
Want to learn more about the challenges of network security? Read John Hayduk’s blog on the challenges of securing a global network.