The online gaming space has exploded in recent years and is expected to spawn up to $200 billion in revenue by 2022. This industry boom is seeing considerable growth, mostly due to the pandemic, with many turning to online gaming to evade some of the realities that consumed many of us over the past year.
However, an increasing reliance on connectivity such as online gaming isn’t necessarily immune to cybersecurity threats. The video game industry has become a major target for cybercriminals and a great risk for both developers and players. As the online gaming and consumer sides alike rely on connection and technology, they are growing even more prone to attacks.
Recently, Motherboard reported that hackers had stolen a source code for FIFA 21 from EA sports. The attack was based on a post from a criminal forum from 6th June, where a forum user posted a 780GB dump of the files arguing to be from EA Sports. The developer confirmed a data breach had taken place, but without any customer data being stolen.
However, the EA sports breaching scenario isn’t the first of its kind. There is plenty of data in the gaming industry that is appealing to a broad swath of hackers. It’s clear and evident that these attacks will perpetuate and likely, worsen with time.
Why Online Gaming and Why Now?
The targeting of online gaming is no news. A few months back, APT 27 reportedly targeted five gambling operators that have become targets of such attacks for successfully marketing gambling services to Chinese nationals. Sensitive data, both financial and personal, that is stored and linked to online accounts represent an invitation for cybercriminals. Yet, in order to dodge these attacks while in-game, users need to become aware of cybersecurity threats.
Despite being a massively enjoyable and friendly environment, the online gaming community isn’t without its flaws. Unfortunately, cyberbullying is still an ongoing and pressing issue for players of all ages.
In some cases, those in-game cyberbullying have claimed verbal harassment in-game chats and in-game lobbies, even having their gameplay experience targeted.
Griefers or the perpetrators are those who often sabotage or interfere with another player’s gameplay, steal their virtual belongings (aka greed play), verbally harass or deliberately irritate others in in-game chat lobbies.
Online multiplayer games often cost hundreds, even thousands, of concurrent users. Within this space, among a number of distant strangers, it’s quite easy for a player to feel a sense of anonymity. However, this huge anonymity can be perceived by cyberbullies as an ideal smokescreen for deviant behavior.
When launching a new game, it’s critical to ensure you can access and relish the content without interruption. That’s why you need protection against DDoS attacks. However, if the game is built on AWS, you’re already protected against many common DDoS attacks.
But what exactly are DDoS attacks? A DDoS attack hinders the performance or ability of your game by targeting it with more traffic than it can actually handle. For instance, an attacker can send a massive volume of traffic that is not valid for the program and attempt to deplete available service or network capacity. You may also notice traffic that appears to be valid but which doesn’t come from an actual player.
While DDoS seem to be a less complicated attack mode than other types of cyber-attacks, they are growing more sophisticated and stronger. The most popular categories of DDoS attacks are:
- Protocol attacks: This form of attacks target firewall resources, load balancer, and server resources. Most common examples include SYN flood, Ping of Death, and Smurf DDoS.
- Volume-based attacks: These attacks focus mostly on flooding the bandwidth between the user and the ISP. Some popular examples are ICMP floors and UDP floods.
Because in-game currency is increasingly popular, attackers rely on several in-game currency scams to access player’s credit card information, steal their identity, and eventually turn their mobile devices into bitcoin-mining tools.
These currencies give players the chance to upgrade to better weapons, better suppliers, and even cheat codes. Others simply care about the aesthetics of their characters and rely on cryptocurrencies to purchase new skins, outfits or add furniture to their in-game virtual homes.
Currently, the most popular games all offer some form of in-game currency. Battle Royale type of games like Fortnite offer V-bucks, Valorant uses Radiant Points, while massively popular multiplayer games like Dota require fans to collect Shards.
Players, then, often seek shortcuts to obtain these in-game currencies. But that’s where scammers come in. They promise players that they will provide them with free coins, Shards, or V-bucks if they download a pack that contains that currency. But once naive players complete the download, that’s when the trouble starts. More often than not, these downloads contain malware that allows scammers to access the usernames and passwords players use to access their baking portal or online credit card.
Phishing and Stolen Accounts
Phishing attacks are ever-present, and online gaming is no exception. These attacks often target the customers of these gaming platforms, aiming to access their credit card data or credentials to be seen on to other cybercriminals. In some cases, these phishing attacks will also be used to propagate malware.
For example, players receive an email asking them to confirm a password change. However, the link found in the message may take them to a tricky sign-on page (notably for a massively popular game) that requires their ‘’ old’’ sign-on details.
Once they have this, attackers immediately log on to the victim’s account, download their virtual gold or credit, which they then sell online.
However, when phishing attacks take place, customers aren’t the only victims, gaming companies are in the firing line as well. Recently this year, it was reported that half of million records belonging to Ubisoft were already in circulation online. As of the EA Sports breach, it’s claimed that attackers used stolen cookies to access the Slack channel.
Given the ongoing success, the online gaming industry should expect these cyber threats to become more prevalent. Therefore, both game developers and players should be aware of these attempts and proactively engage in preventive measures to avoid any risk.