The current technological proliferation and innovation in both computer hardware and software are driving the growth of the gaming industry. Grands View Research Market Analysis Report state that experts value the global video game market size at $151.06 billion USD in 2019. At the same time, the increased penetration of the Internet and the readily available online games keep the industry’s prospect upbeat, with the sector expected to grow at a compound annual growth rate (CAGR) of 12.9% between 2020 and 2027.
Players and vendors alike understand that cheating and cybercrime are becoming widespread and expensive in the gaming industry. Such malicious activities affecting both companies and players are sophisticated and difficult to mitigate. The industry should, therefore, understand cybercrime, hacker motivation, attack techniques, and collaboration among threat actors.
Prevalent Attacks and Impacts in the Gaming Industry
Malicious cyber actors targeting the gaming industry have built informal structures that emulate the efficiencies of standard enterprise operations. The threat groups consist of developers, quality assurance personnel, managers, and marketing and PR experts who publicize gaming products and vendors.
PC and mobile games are more vulnerable than console-based games that use proprietary technology. In most cases, mobile-based games vendors aim to deliver lightweight programs that might overlook security during the development process.
Threat actors deploy diverse tactics to target gamers globally:
Cheats: They sell virtual malicious goods, such as cheats as a product, which help improve game levels and performance. Cybercriminals apply cheats to conceal malicious payloads and links that cause ransomware attacks in the gaming sector. Unsuspecting players automatically download and install ransomware programs once they open the URLs. Syrk is an example of the ransomware attack in the gaming industry that comes disguised as a cheat hack. It encrypts players’ PC files, including videos, images, and documents, and deletes them every two hours unless a player pays a ransom.
Account takeovers (ATO): This is another widespread attack that hackers use to steal victims’ virtual items, weapons, and other accessories that players purchase for in-game avatars. Account takeovers threat is common in lightweight mobile games that hackers achieve through direct message phishing attacks. ATO is also popular in apps that allow in-game purchases that use third-party payment aggregators. Hackers can exploit the payment code and trick players to divulge their credentials and account information to extract financial and personal information or steal in-game items. Malicious actors can then use the stolen information to move laterally into other online accounts or to perform identity theft.
Distributed denial of service (DDoS): These attacks are used to halt or manipulate gameplay in a boastful manner to demonstrate power and control over other players. Cyber criminals purchase cloud computing infrastructure to install servers and domain controllers needed to run bots. Threat groups’ experts develop and assess the quality of malicious programs aimed at causing DDoS attacks to disconnect opponents and gain ranking points.
Malware Threats: Games are also prone to malware threats that steal personal information. A case in point is the Badr malware that hackers circulated through links to cheating software promoted on popular social media platforms such as Telegram, Discord, and YouTube. Security analysts reveal that Badr was a fast attack that extracted massive data amounts in less than a minute. The malware targeted personal details such as players’ location, credentials, browsing history, saved credit card information, FTP logins, bitcoin wallets, and configuration files for various system services.
Social Engineering: This common tactic is used to target teenage players who lack adequate knowledge about online threats. Gamers are active in social communities and have high disposable income, which makes them easy prey for cybercriminals.
Credential Stuffing: Attackers can also deploy gaming accounts using leaked password lists. This threat targets easy-to-crack credentials and player accounts with reused passwords. In this attack, cybercriminals use automated tools to crack user credentials by parsing all possible combinations of characters. The gaming sector recorded 12 billion credential stuffing attacks between November 2017 and March 2019.
A Fresh Take at the Gaming Industry’s Cybersecurity Strategy
Indeed, everyone is aware of current cyberattacks due to their frequency and sophistication. Organizations and individuals must put in place strategies to ensure the protection of information and systems. For the gaming industry, stakeholders can consider a multilayered security approach to proactively safeguard applications and players’ data. Some strategies to consider:
+ Game creators should deploy tools such as security information and events management (SIEM) solutions that churn out actionable information to empower security personnel to detect and mitigate threats.
+ Organizations can deploy a dedicated bot management tool integrated into a web application firewall to prevent DDoS attacks. Likewise, developers should add a CAPTCHA, IP rate detection, device fingerprinting, and in-sessions detection to block credential stuffing by identifying human users and blocking automated bots.
+ Game developers should ensure they have incident response and disaster recovery plan strategies to handle account recovery processes and anti-fraud procedures. In a previous article on Preparing an Incident Response Plan, it is recommended to have a set of activities that game developers can consider while preparing an incident response plan. They include conducting a risk assessment, identifying risk tolerance, getting executive support and buy-in, identifying the internal and external response teams, and developing communication templates.
+ Players, on the other hand, should apply password hygiene to secure their privacy. Using unique passwords and multifactor authentication prevent online identity theft and account takeovers. Users should be aware of social engineering attacks such as phishing. They should be wary of tempting links or attachments from strange addresses.
ISA can provide expert guidance and assistance with the planning and implementation of cybersecurity solutions, ranging from network security, system security, data security, mobile security, and governance, risk, and compliance initiatives. Our team offers reliable cyber threat intelligence by accessing global information that aids in the planning, discovery, assessment, mitigation, and response of cybersecurity incidents. Contact ISA today to learn more.