Industry Insights • 10 MIN READ
Cyber Security Threats in Gaming Industry at an All-time High
by Eleanor Barlow, George Kitson, Sam Mannox, Dennis Munro, Amber Cullen • Oct 2022
There has been a monumental surge in targeted cyber-attacks against the gaming sector, with a 167% increase in web application attacks in 2021 alone. 2022 has seen the industry become most targeted industry with respect to Distributed Denial of Service (DDoS) attacks. And as threats increase, and as the industry continues to grow, the financial reward of a successful attack continues to entice bad actors.
This blog looks at a variety of different forms of attacks that the gaming industry has seen, with recommendations provided to mitigate against such threats, to both gamers and organisations in the industry.
Electronic Sports (Esports) Targeted for Financial Gain
Since 2019 the viewership for Esports, also known as Electronic Sports, has grown from 397.8M total viewers to 532 million in 2022, with prize-pools and betting equally increasing. So far in 2022, Esports betting has been valued at an estimated $300 million, with an increasing number of betting vendors targeting its demand. Enthusiasts can bet on the team of their choosing, with a designated odds pay out, equalling other sports bets such as football or boxing.
Due to the rising number of betting vendors involved with Esports, it has become a very lucrative platform for hackers to conduct DDoS tournaments. Classic tactics from threat actors involve placing larger bets on undervalued players, whilst compromising their contestants’ systems.
An example of this can be observed during a 2015 League of Legends match (Denial VS Dignitas) whereby the favoured contestant, Denial, was hit via a DDoS attack. By locking the player out the game and denying re-entry, his team had to forfeit the game, and consequently any chances of winning. Assuming the threat actor had placed a wager on Dignitas to win (only 8% had placed for them) at 12:1 odds, they would have been heavily rewarded.
In-Game Phishing Extracting PII Data
Gaming company, 2K, recently experienced a breach on their helpdesk resulting in malicious content being sent out to all players. In-game phishing, via chats, is a frequent attack that can leave a company or player extremely vulnerable, particularly when examining older platforms and their cross-site scripting.
Neopets recently announced a breach where an attacker had been active within their systems for 18 months, exposing 460mb of source code and 69 million members’ Personally Identifiable Information. In an announcement from Neopets, they stated: “We have determined that for past and present Neopets players, affected information may include the data provided when registering for or playing Neopets, including name, email address, username, date of birth, gender, IP address, Neopets PIN, hashed password, as well as data about a player’s pet, game play, and other information provided to Neopets.”
Bandai Namco, the company behind Tekken and PacMan, was hit by ransomware, with a consequent warning to their players that their data may have been stolen. ‘There is a possibility that customer information related to the Toys and Hobby Business in Asian regions (excluding Japan) was included in the servers and PCs, and we are currently identifying the status about existence of leakage [sic], scope of the damage and investigating the cause.’ Bandai Namco said.
Combined with the revenue the gaming industry makes, and the PII that is stored, it is a significant target. Ensuring security is a key thought within the entire lifecycle is crucial to reduce the impact of these breaches.
Grand Theft Auto Breach via Social Engineering
Forbes have made a note of more than 323,000 complaints of social engineering attacks in 2021 – three times more than 2019. And many news sources have described the effect of working from home, and with it an increase in gaming culture, that has led to increased risks in the gaming industry.
An example of a social engineering attack within the gaming world can be observed when Rockstar, a prolific gaming company, confirmed a network intrusion by which an attack gained access, was able to infiltrate Rockstars internal slack channel, pretend to be a member of the IT team and, as a result, gained access to login credentials. From there the attacker dropped over 90 videos of early development footage for GTA VI.
In a report by PCGamer, ‘In the two decades plus I’ve covered gaming, I’m not sure I can recall a leak more startling than this weekend’s dump of 90 videos from a test build of GTA 6 […] we can imagine how aggrieved Rockstar’s developers must be feeling at seeing their unvarnished work stolen and shared.’
The attack was allegedly conducted by a 17-year-old hacker, known as Teapot hacker. Alongside the Rockstar attack, Teapot has also taken responsibility for the recent uber data breach. This attack exemplifies the danger of social engineering, in addition to the proliferation of cyber-attacks conducted by young gamers who now have the technology at their fingertips.
Log4J Minecraft Compromise
Specific software applied within gaming production can also be exploited by threat actors. An infamous example can be seen throughout the Log4J attack, which was first discovered by security researchers within Microsoft-owned Minecraft. The severity of the vulnerability was widespread, as the Java library that was impacted was used across most enterprise servers and apps. According to IndianExpress,’the vulnerability allowed the adversary to gain control and execute arbitrary code over a computer system, furthermore, hold a Minecraft server hostage.’
To secure accounts, users had to be proactive in ensuring their software was updated and patched regularly. Those not hosting Minecraft Java Edition on their own servers had to close all running instances of the game and restart the launcher with a patched version. The outcome of not making such actions can be sever without such actions can be severe.
Another example seen in 2019 was when a major incident occurred on the renowned gaming platform, Fortnite, which exposed over 80 million users PII. The revealed data allowed hackers to take over accounts, make purchases with the game’s virtual currency, and eavesdrop and record conversations among players.
x3 Recommendations to Gamers, to Enhance Safety Online
- To protect themselves from targeted threats, it is recommended that gamers use a VPN, to spoof location, and safeguard against DDoS attacks.
- Use appropriate protection around Personally Identifiable Information (PII) and data. Avoid publishing or sharing your PII such as phone number, email, address, etc. online. While uploading documents on public file storages such as public buckets, Google Drive, Dropbox, ensure that you restrict/limit access to them. Read more on how to reduce your digital footprint, here.
- Don’t download or click on any cheat sheets that could contain malware. Read more about Phishing attacks here.
x3 Recommendations to Gaming Organisations to Improve Security Measures
- Vulnerability Management to view and act on all vulnerabilities across all your digital platforms, including internet, applications, systems, cloud, and hardware. Identify your weak points, monitor your online identity, verify issues, and remediate in rapid time.
- Managed Detection & Response (MDR) to rapidly identify and limit the impact of security threats and risks with 24/7 threat monitoring, detection, and targeted response, powered by real-time log analytics, with security orchestration, automation & response tooling for investigation, threat hunting and response. Combine threat intelligence and human expertise for advanced analytics and contextualised events.
- Endpoint Detection & Response (EDR), to continually monitor endpoints, gain full visibility of your whole IT environment, detect incidents, mediate alerts, stop breaches, and receive instant advice.
Having conducted incident response investigations across a wide range of industries, and with clients across the globe within the sector, SecurityHQ are best placed to work with gaming organisations both large and small, and across numerous technical environments to reduce the impact of a cyber security incident. For more information on how to improve your security, or if you have a question about a service, speak to an expert here.