Combining Cybersecurity with Gaming: Cheats, Insider Threats, Ransomware and More

The video game industry has grown significantly since its introduction in the early 1970s, with analysts predicting the market will be worth $321 billion by 2026. As such, the gaming industry faces a wide variety of cyber and even physical threats as malicious actors are attracted to rising profits. Whether it’s vulnerabilities, account takeovers, distributed denial-of-service (DDoS) attacks, software piracy or in-game cheats and hacks, recent events such as the Grand Theft Auto 6 data breach show that gaming companies are targeting sophisticated cybercrime gangs and other malicious actors.

The gaming industry, as well as its customers, are facing the following threats:

  1. In-game cheats, hacks and modifications (mods)
  2. Threats from within
  3. Software piracy
  4. Account takeovers and compromised credentials
  5. ransomware
  6. Distributed Denial of Service (DDoS) attacks
  7. Radicalization and extremism

Understanding the dangers of in-game cheats and hacks

The most common threats are in-game hacks, cheats, and mods, which allow users to change certain elements of the game. However, for those unfamiliar with gaming, they can be the hardest to understand.

So what if a person cheats in a video game? How important or dangerous is that for organizations in space? If not addressed, rampant hacking or cheating can seriously affect the profits of gaming companies and introduce the potential for threats from within.

Threat actors sell a number of goods and services to customize or enhance gaming experiences, usually at the expense of other rules-abiding players. Cheats perform a wide variety of actions depending on the genre, but they usually come in the form of automatic aiming (aimbots) or “stat boosts” that increase a player’s in-game abilities. This often breaks the terms of the service agreement and is generally sold on illegal marketplaces and chat services.

To fully understand their impact, it is important to understand the industry’s go-to-market strategy. Unlike most retail-oriented environments, success in the gaming industry is not just represented by the number of units sold. While popular titles sell millions of copies, the vast majority of revenue comes from the adoption of a Games-as-a-Service (GaaS) model, also known as live service gaming.

Under this model, most of the revenue comes from players purchasing in-game items or other downloadable content. And since GaaS titles are often “free” to download, the success of these games depends on an active player base willing to participate in microtransactions. As such, video game hacks and cheats can cause discontent within the community, forcing them to abandon these titles in favor of more balanced experiences. This means major problems for developers, given the high cost of game development and other overheads.

Potential Threats From Within

In addition, in-game cheating and hacking services also open the organization to potential threats from within. Many cheat developers are, or were at one point, legitimate game developers who now make cheats for financial gain. And depending on their level of expertise or authority, they may have access to a game’s source code, or have a deep understanding of the company’s systems, which allows them to develop services that bypass a game’s anti-cheat features.

It is alleged that several threat actors create original games while operating on illegal forums, with their projects appearing on common distribution channels such as Steam. And if we look at cyber-attacks experienced by gaming companies as a whole, many of them can be traced back to their employees.

Software piracy causes financial loss

Software piracy is a problem worldwide, but even more so in the gaming industry. Threat actors will take video game data from the original medium and distribute it for free, and millions of dollars are lost every year due to piracy-related copyright violations.

Account takeover and compromised credentials

In addition to in-game cheats and hacks, account takeover is a rampant concern for gamers and organizations alike. There are many illegal services dedicated to selling accounts whether they are generated automatically or stolen.

While there is a good chance that a game account is well beyond the systems of most organizations, a compromised account still carries risks. Threat actors use credential stuffing attacks, where they attempt to use compromised credentials to access other accounts owned by that person.

Compromised credentials for gambling companies are a common offering on illegal account stores, such as Russian Market and Genesis Market. These sites sell stolen login credentials and browsing data, which are collected via information-stealing malware. A 2021 report noted that more than 500,000 compromised credentials came from twenty-five major gaming companies, including management positions and other departments such as Human Resources and Purchasing.

Credentials can be used for a range of cyber-attacks, including BEC (Business Email Compromise) attacks or providing initial access for ransomware or data breach attacks. In 2021, for example, stolen cookies were used to access a corporate communication channel at gaming publisher EA. From there, hackers socially engineered an IT worker to give them further access to the corporate network. They then successfully exfiltrated the source code, development tools, and game engine data.

Ransomware and Data Extortion Groups

While almost all industries face ransomware and data extortion attacks, gaming companies are becoming an attractive target for threat actors. Analysts note that this is likely because gaming companies hold a significant amount of sensitive information, such as company documents, source code and large amounts of customer and customer data.

The following ransomware gangs, as well as Advanced Persistent Threat (APT) groups have targeted gaming organizations:

  • “ALPHV” (aka “Black Cat”) – The ransomware gang attacked Bandai Namco on July 11, 2022.
  • SLIP$ The ransomware group attacked video card company Nvidia and stole 1TB of internal information.
  • “HelloKitty” gang – This group was suspected by investigators of compromised video game publisher CD Projekt Red.
  • “Ragnar Locker” The ransomware group claimed to have stolen 1TB of data from gaming publisher Capcom.
  • APT41 (aka “Wicked Panda”) – The Justice Department has indicted the group in 2020 for attacking nine video game companies.
  • APT38 (aka “Lazarus Group”) – This APT Group Was Responsible For Hacking A Cryptocurrency Based Game Axie Infinity.

DDoS attacks targeting the gaming sector

Distributed denial-of-service (DDoS) attacks are quite common in the gaming industry, whether targeting gaming infrastructure, individual players, video game streamers, or esports events. Interestingly, the growing number of DDoS-for-hire services, as well as variations of botnets available on the Deep and Dark Web, can be traced back to the gaming industry.

For example, the prolific “Mirai” botnet was originally created as a DDoS tool by a team of Minecraft server operators who wanted to take rival server providers offline. The original version of Mirai featured an attack mode specifically designed to target gaming servers running Valve’s Source Engine. Even after the arrest of many Mirai developers, it has spawned numerous variants readily available on illegal channels. DDoS attacks are still used by threat actors, with it being used by Russia targeting Ukrainian government websites and banking institutions.

Radicalization and Extremism in Gaming Communities

Online gaming communities and gaming-affiliated communication platforms are often used for extremist discourse and inter-ideology recruitment. Contributing factors to extreme groups preferring to use gaming platforms include their lack of content moderation, as well as the sheer number of young players.

Gaming communities are not proven to be more susceptible to extremist activities. The magnitude of extremist activity in gaming communities is difficult to quantify because of the difficulties in accessing extremist communication channels and their overlap with other vectors and factors leading to radicalization, such as social isolation and pre-existing sympathies.

Protect against threats with Flashpoint

To mitigate and protect against these types of threats, organizations need comprehensive intelligence, as well as tools that provide insight into threat actors’ chatter, in addition to auditing compromised credentials. Get a free trial today to see Flashpoint’s comprehensive collection platform in action.

Leave a Comment