Actually, they love attacking every industry, but gamers and gaming platforms—especially those in Asia—are especially attractive prey

As the current largest market in the world by revenue (valued at US$70bn), Asia’s gaming industry continues to be a prime target for financially-motivated cybercriminals, and home to over half of the world’s three billion gamers.

According to Dean Houari, Director of Security Technology and Strategy (APJ) Akamai, as a result of the booming popularity of cloud gaming platforms, web application attacks on the gaming industry have more than doubled over the past year.

CybersecAsia finds out some of the latest attack motives and trends from Houari.

CybersecAsia: Do gaming-industry ransomware attacks target just anybody, or specific profiles?

Dean Houari, Director of Security Technology and Strategy (APJ) Akamai

Dean Houari (DH): As the saying goes, “If you want to know who online criminals target, follow the money.” Although some ransomware attacks are random, large ransomware attacks are often carefully planned.

Cybercriminals choose targets based on their potential victims’ ability to pay a ransom and the impact of shutting down the victim’s operation. The larger the impact, the greater the glory for the attacker.

As gaming companies move their operations to the cloud, new threat surfaces have been created. We are seeing incidents in the industry where cybercriminals are hacking into gaming companies to steal source codes and encrypt systems for double-threat ransoming.

With a huge market for game micro-transactions growing by the day, cybercriminals are eyeing the booty for successful account takeovers of gamers, to steal anything from in-game currencies and assets to account information, or to hold assets hostage in exchange for a ransom.  

CybersecAsia: What kind of gamer-specific attack campaigns has Akamai observed?

DH: First, there are “long running attack campaigns” that can also be considered an advanced persistent threat (APT). These are sophisticated, long-term and multi-stage attacks, usually orchestrated by well-organized criminal enterprises. Attackers are not after short term gains but are focused on intelligence gathering on a gaming platform, to steal valuable source code or sensitive data from gamers which could be sold on the Dark Web.

Then there are the short-burst attacks. These do not have to be carried out by sophisticated or organized cybercriminal gangs but rather bursts of activity from attackers that have acquired attack toolkits or stolen credentials to hijack gamer accounts or defraud them via micro-transactions. 

Typically, attacks target gamers’ login credentials by creating lookalike sites to trick unwary gamers into entering account details. Other types of attacks attempt to scam gamers trying to buy hard-to-get in-game items cheap. Spearphishing is also increasingly being used to target gamers.

All the above mentioned schemes can also allow hackers to exploit vulnerabilities of the gaming platforms, whereby they can create fake identities, steal intellectual property and personally identifiable information—in order to defraud more gamers’ financial accounts.

Such attacks have become so profitable that attackers have created online black market gaming sites to monetize stolen gamer credentials.

CybersecAsia: What measures is the global gaming industry taking to protect gamers? Gamers themselves will probably be protected if they follow the usual cyber hygiene rules?

DH: As an intelligent edge platform for the gaming industry, we work with gaming firms of all sizes in the region to establish proactive measures to safeguard their infrastructure.
    • The first step is to establish a baseline of cyber hygiene, by using password managers and multi factor authentication
    • With the rise in credential stuffing attacks using malicious bots, and bulk lists of username and passwords that cybercriminals use to access gamer accounts, it is important for gaming companies to secure both their internal and external users. Measures could include assessing the strength of passwords or preventing the reuse of credentials
    • It is also important to educate internet users and gamers on the best practices for preventing ransomware attacks, and how to safeguard against phishing tactics that allow hackers to break into the platforms
    • The majority of gamers are there to play, have fun, and find an escape from the stresses of daily life. They are thus less likely to embrace additional security measures, which would slow their access to games. The challenge for gaming platforms is to find a balance between security and ease of use

Finally, in addition to the safeguards that gaming providers put in place, gamers themselves should be mindful to take preventive measures and make cyber hygiene an automatic habit in every aspect of work and play, both inside and outside gaming platforms.

CybersecAsia thanks Dean Houari for his insights.