by Mendy Newman
Posted on April 11, 2023
Want to interview Mendy?
ContactOnline gaming and gambling companies are increasingly being targeted by cybercriminals.
According to a report from Akamai, cyberattacks on gaming companies were up a hefty 167% last year. The Michigan Attorney General, Dana Nessel, also warned residents to be careful when using online gambling sites after cyberattacks hit several popular sites including DraftKings, FanDuel, and BetMGM.
Several factors are behind the surge in attacks on gaming companies.
Gaming companies are vulnerable to the same kind of attacks as any other business including, for example, ransomware attacks. Due to the nature of gaming, companies – and individuals – are also vulnerable to additional forms of exploitation by cybercriminals.
Gaming has gained popularity as a way to launder money. Criminals can get an account, buy in-game currency, and then resell the account at a discount, masking the source of the ill-gotten gains. In addition, the small dollar value of in-game micropurchases makes it easy for criminals to stay under the radar of law enforcement.
Distributed Denial of Service (DDoS) attacks target gaming more than any other industry, with gaming accounting for 37% of all DDoS traffic. Financial services were in a distant second place with 22% of DDoS traffic.
What DDoS means in gaming varies. DDoS attacks can be broad, bringing down an entire network, as was the case in the 2014 Christmas DDoS attack on PlayStation and Xbox that impacted 160 million gamers. Or they can be narrow. A narrow attack can create a latency advantage for one single player, which can be just enough for them to win. Given the very high stakes of some games, these attacks can have significant financial impact on players.
Akamai describes web application attacks as the “800-pound gorilla in the security operations center, accounting for more than half of all data breaches.” These attacks can have many different goals: stealing in-game assets from users, stealing source code to facilitate cheating (which brings real money rewards), and stealing stored data including user logins, game details, or personal information.
A new threat to cyber security in gaming and gambling industries is known as “Ice Breaker.” Ice Breaker attacks start by using social engineering approaches such as phishing to install a JavaScript backdoor on a platform.
The attacker then contacts the game’s customer service, posing as a legitimate customer having problems registering for a new account. In a chat session with a customer service agent, the attacker convinces the agent to click on a Dropbox link that they enter in the chat or email to see a screenshot of the supposed problem the fictitious user is having. When the unsuspecting customer service agent clicks on the link, it retrieves malware in the form of an LNK payload or VBScript file. The backdoor provides all the usual access, including the ability to steal passwords, run VBScript from a remote server, open a reverse proxy, and more.
With so many different ways to attack gaming companies, online gaming security teams need to rely on a state-of-the-art Zero Trust cybersecurity approach. With Zero Trust, every user, every transaction, is viewed as potentially dangerous unless validated as safe.
A comprehensive Zero Trust platform, such as ZTEdge, provides many tools that can enhance cybersecurity in gaming:
Serious gamers know that gaming is serious business. Cybercriminals know it, too, and know that the profits to be gained from hacking gaming apps is serious as well. The best way for companies in the industry to stay ahead of the attackers is by trading in yesterday’s cybersecurity solutions for an up to date Zero Trust based platform.
Air Gapping Your Way to Cyber Safety
Physically air gapping enterprise networks from the web is a great way to protect operations, keep data safe … and squelch productivity. Virtual air gapping is a better approach.
Motion Picture Association Updates Cybersecurity Best Practices
The MPA recently revised its content security best practices to address, among other challenges, the issue of data protection in the cloud computing age.
FTC Issues Cybersecurity Warning for QR Codes
QR codes on ads are a simple way to grab potential customers before they move on. No wonder cybercriminals are using QR codes, too.