Malicious hackers are increasingly mobbing the video game industry, with major companies suffering data breaches, having their source code sold or leaked online and games serving as playgrounds to push malware or mine cryptocurrencies.
This week, cybersecurity firm Akamai said they have observed more than 246 million web application attacks levied against the gaming industry in 2020. That represents a 340% increase year-over-year, a 415% increase since 2018 and accounted for about 4% of the more than 6.3 billion attacks tracked by the company across different countries.
The numbers stand out even more when put into the context of worldwide web application attack trends over the same timeframe.
“In fact, the year-over-year change globally for web application attacks was only 2%, meaning that gaming saw more growth in attack traffic than any other industry in 2020,” researchers wrote.
Other forms of attack, like credential stuffing, have also seen their frequency double or triple over that same timeframe.
That group also likely also includes criminal hackers, and the vocation may have given them more opportunity to talk to other hackers or coordinate efforts to target the companies behind those titles. Akamai cited group chats on Discord – a social media app largely geared towards gamers – dedicated to SQL injection, cross-site scripting and other attack methods, though it doesn’t specify if those discussions focused on attacking game companies themselves.
Other recent research and a number of high-profile incidents in the past month reinforce the heightened peril facing the industry and its customers. The latest, released today by Avast Threat Labs, outlines a new type of malware embedded in cracked versions of some popular video games, such as Grand Theft Auto V, Far Cry 5, The Sims 4 and others, that disables antivirus programs and installs XMRig to mine Monero cryptocurrency. The campaign, which has been ongoing since 2019 and targets victims beyond the gaming industry, has infected over 222,000 systems and earned the hackers behind it more than $2 million in mined currency.
Two other incidents this month highlight how even industry titans are getting battered. Electronic Arts, the top video game maker in the world and owner of almost 40% of the industry’s total market share, saw hackers advertise as much as 780 gigabytes of company data – including source code for the engine that powers their most popular sports games – advertised for sale online. After CD Projekt Red, maker of The Witcher franchise and CyberPunk 2077, suffered a ransomware attack earlier this year, source code for several of their games were leaked online this month.
However, there doesn’t appear to be a simple explanation or motive that explains these different attacks. Akamai noted that some of the increases they’re seeing can be attributed to increased visibility from their tooling, but they and others also speculated that a year of pandemic, lockdowns and social distancing created a lot of free time that many filled with gaming.
“With the pandemic I am sure there are more people gaming and for more time,” John Bambenek, a cybersecurity investigations and intelligence consultant who has done previous research into DDoS attacks on gamers, told SC Media. “People are more invested in their games because so much of their social lives were restricted.”
There’s also the possibility that many of these increases are simply part of a broader trend of increased cyber attacks observed across virtually every industry and sector in recent years as society becomes more digitized and more systems and devices are connected to the internet. As software (and its insecurity) continues to eat the world, it shouldn’t be surprising that video game companies, which are essentially software companies, would see the same increased attention from hackers as other developers.
"What we’re seeing through intel sources is the continued growth of underground ecosystems that can both launder game passes as well as resell high-value player accounts," Rey Bango, a security-focused software developer at Veracode, told SC Media. "The market for that is clearly growing and I’m sure the at-home scenarios we’ve faced during the pandemic added to the growing demand for online gaming, hence the growing demand for black market gaming assets."
It’s not clear how straightforwardly stolen source code could be used or monetized, or what a competitor would get out buying stolen code in some of these instances. Many of the games powered by EA’s Frostbite, like the Madden NFL football series, are created under exclusivity agreements with the leagues that specifically prohibit other companies from making the same game, and stealing and using another company’s code could potentially open a rival up to lawsuits. Additionally, EA Sports titles in particular are notorious for recycling much of their code from older versions of the franchise.
Still, Todd Moore, vice president of encrypted solutions at cloud, data and software security firm Thales Group, said there are likely many different ways hackers could make use of stolen data.
“The fact that gaming companies are storing vast and increasing amounts of data, including usernames, passwords and credit card information as well as their own intellectual property, makes them a treasure trove for hackers,” Moore told SC Media.
Correction: A previous version of this story made reference to 246 million web application attacks "between 2019 and 2020." The numbers were from 2020 alone.
