It’s been 17 years since Xbox Live was first released. While it was not the first online gaming network, it did become a cornerstone of things to come. Fast forward almost two decades, and we find ourselves completely immersed in a culture of online multiplayer games and digital content.
For example, this year, Dota 2 The International, the annual Dota 2 World Championship, was viewed online by close to a million people around the world, while thousands attended the matches in person at Mercedes-Benz Arena in Shanghai Chain. The 9th annual Dota 2 championship hosted 18 teams this year and featured over $34 million in cash prizes!
Young adults with corporate sponsorships winning millions of dollars in cash prizes at eSporting event is just the tip of the iceberg for the industry. A recent report estimated that the video game market will become a $300 billion industry in the next five years.
With these kinds of projections and valuations, it’s fair to say that the threat towards gamers and those that support gaming networks will grow in lockstep with the market size.
At the moment, there are many risks currently facing the gaming industry, but three seem to be fairly common: Account Takeovers, Malicious Virtual Goods, and traditional DDoS attacks on both user platforms and corporate servers.
- ATO – Also known as Account Takeover, this attack is a type of identity theft where a criminal gains unauthorized access to an account for online fraud. Typically, this attack is carried out with a vector known as credential stuffing.
- Virtual Malicious Goods – More commonly known as a Trojan, virtual malicious goods are lures like in-game cheats, services, or items designed to conceal a malicious payload. Once executed by the user, their system becomes infected with malware.
- DDoS Attacks – A Distributed Denial-of-Service attack occurs when multiple infected devices flood a targeted system to make it or network resources unavailable. Typically, attackers will target gaming networks or the users themselves.
Users Bear the Brunt
While companies deploy advanced defense solutions to protect their gaming infrastructure, cyber criminals seek their own level. Cyber criminals don’t have to find a way to bypass your security solutions to cause a problem; they just need to find a new level to operate on. Unfortunately, this typically means targeting the user who is less likely to have an advanced security solution in place.
Recently, Mortal Kombat 11 Developers had to address a series of DDoS attacks plaguing users in their ranked online game mode. Mortal Kombat 11 features a ranked online competitive leader board where top players compete and are ranked globally. As a result, users looking to cheat the system launched DDoS attacks against their opponents — not the gaming infrastructure — to disconnect them from the match up. Once the opponent was disconnected, the attacker would gain ranking points for the forfeiture and effectively cheat their way to the top rank of ‘Elder God.’
In one case, a streamer was threatened by an attacker who was able to discover his home address. Unfortunately, in this case, the victim was sent links that were designed to capture his IP address. In the image below, you can see an example of the domains used. One domain is a URL hijack of what appears to be a YouTube link, but instead of a traditional ‘u’ in the URL, the logging service uses an ‘ü’ in an attempt to trick their victims.
This month, Security Firm Cyren also released a report detailing how cyber criminals are now leveraging open-source ransomware variants to target Fortnite users who are looking to cheat the game by downloading malicious goods such as aimbots.
Given the recent popularity of Fortnite, it’s no surprise that cyber criminals have begun using its reputation as a lure to target unsuspecting users. In this specific case, once a user has downloaded and ran the Fortnite aimbot, a malicious payload is deployed on the victims PC. This payload is a ransomware variant of Hidden Cry with a .Syrk extension.
Users are becoming heavily targeted in the gaming industry as companies around the world work to harden their system. While corporations work on securing their infrastructure from new and evolved attack vectors, we need to take the time to help educate not only gamers but users in general. Awareness, training, and education can go a long way.
How to Protect Yourself
One of the first things a gamer can do to secure their privacy and game play is to practice proper password hygiene. I know, it sucks. Especially for console players without a keyboard but this is the low hanging fruit cyber criminals target. To prevent online identity fraud from ATO bots, use unique and secure passwords for all accounts. This way, if an account is compromised, criminals will not be able to access other accounts that use the same password.
Second, if a service offers multi-factor authentication, use it! Considering the amount of money that’s on the table for eSports and in-game items, treat your account like you would a bitcoin wallet.
Last, but most definitely not least, be aware of phishing as well as cyber-bullying in game. You do not have to engage with toxic users. Do not click on their links or respond to them, no matter how tempting it may be. If you are being pressured, threatened or intimidated in game Report, Block and Disconnect. Most of the time, these criminals are looking for streamers that they can get a live reaction out of. If you do not provide them with their desired response, they will move on to someone who will.
Download Radware’s “Hackers Almanac” to learn more.
Daniel Smith is an information security researcher for Radware’s Emergency Response Team. He focuses on security research and risk analysis for network and application based vulnerabilities. Daniel’s research focuses in on Denial-of-Service attacks and includes analysis of malware and botnets. As a white-hat hacker, his expertise in tools and techniques helps Radware develop signatures and mitigation attacks proactively for its customers.