Video-Gaming Is The Next Cybercrime Target

Any endeavor that makes money quickly draws the attention of fraudsters and thieves, and videogames are no exception.

Since their inception and introduction to the consumer market, videogames have been the target of theft, piracy, illegal distribution… But the evolution of the digitized entertainment and its major shift toward online gaming has also changed the way it is being targeted, who it is being targeted by, and the people who are suffering the consequences.

Video-game-related crime is almost as old as the industry itself. But while illegal copies and pirated versions of games were the previous dominant form of illicit activities related to games, recent developments and trends in online gaming platforms have created new possibilities for cybercriminals to swindle huge amounts of money from an industry that is worth nearly $100 billion. And what’s worrisome is that publishers are not the only targets; the players themselves are becoming victims of this new form of crime.

Recent trends prove just how attractive the gaming community has become for cybercriminals and how lucrative the game-hacking business is becoming, which underlines the importance for developers, manufacturers and gamers alike to take game security more seriously.

New features breed new hacking possibilities

The recent wave of malware attacks against Steam, the leading digital entertainment distribution platform, is a perfect example of how game-related crime has changed in recent years.

For those who are unfamiliar, Steam is a multi-OS platform owned by gaming company Valve, which acts as an e-store for video games. But what started as a basic delivery and patching network eventually grew into a fully featured gaming market that counts more than 125 million members, 12 million concurrent users and thousands of games. Aside from the online purchase of games, the platform offers features for game inventories, trading cards and other valuable goods to be purchased and attached to users’ accounts.

The transformation that has overcome the gaming industry, or more specifically the shift toward the purchase and storage of in-game assets, has created new motives for malicious actors to try to break into user accounts. Aside from sensitive financial information, which all online retail platforms contain, the Steam Engine now provides attackers with many other items that can be turned into money-making opportunities.

This has fueled the development of Steam Stealer, a new breed of malware that is responsible for the hijacking of millions of user accounts. According to official data recently published by Steam, credentials for about 77,000 Steam accounts are stolen every month. Research led by cybersecurity firm Kaspersky Lab has identified more than 1,200 specimens of the malware. Santiago Pontiroli and Bart P, the researchers who authored the report, maintain that Steam Stealer has “turned the threat landscape for the entertainment ecosystem into a devil’s playground.”

The malware is delivered through run-of-the-mill phishing campaigns, infected clones of gaming sites such as RazerComms and TeamSpeak or through fake versions of the Steam extension developed for the Chrome browser.

Once the intruder gains access to victims’ credentials, they not only siphon the financial data related to the account, but also take advantage of the possible assets stored in the account and sell them in Steam Trade for extra cash. Inventory items are being traded at several hundred dollars in some cases. According to the Steam website, “enough money now moves around the system that stealing virtual Steam goods has become a real business for skilled hackers.”

Every online game and platform can become the target of cyberattacks.

Steam Stealer is being made available on malware black markets at prices as low as $3, which means “a staggering number of script-kiddies and technically-challenged individuals resort to this type of threat as their malware of choice to enter the cybercrime scene,” the Kaspersky report states. The malware-as-a-service trend is being observed elsewhere, including in the ransomware business, which, at present, is one of the most popular types of money-making malware being used by cybercriminals.

What makes the attacks successful?

A number of factors have contributed to the success of the attacks against the Steam platform, but paramount among them is the outdated perception toward security in games. Developers and publishers are still focused on hardening their code against reverse engineering and piracy, while the rising threat of data breaches against games and gamers aren’t getting enough attention.

“I think it’s because in the gaming world as well as in the security industry, we haven’t paid much attention to this issue in the past,” says Pontiroli, the researcher from Kaspersky, referring to the malware attacks against games.

Gamers are also to blame for security incidents, Pontiroli believes. “There’s this view from the other side of the table — from gamers — that antivirus apps slow down their machines, or cause them to lose frame rate,” he explains, which leads them to disable antiviruses or uninstall them altogether. “Nowadays you just need to realize that you can lose your account and your information.”

A separate report by video-game security startup Panopticon Labs about cyberattacks against the gaming industry maintains that in comparison to financial services and retail, the video-game industry is new and highly vulnerable to cyberattacks. “Whereas other industries now have cybersecurity rules, regulations and standards to adhere to, online video games are just now recognizing that in-game cyberattacks exist and are harmful to both revenue and reputation,” writes the report.

Matthew Cook, co-founder of Panopticon, believes that publishers are putting up with the unwanted behaviors of bad actors and accept it as a cost of doing business. “So often, the publishers we talk to refer to fighting back against these unwanted players as a game of ‘whack a mole’ that they can never win,” he says.

In contrast, he believes, publishers can fight back and eliminate fraudulent or harmful activities, provided they get a head start in securing their games and are dedicated to keeping bad players out after they’re gone. “Unfortunately, slow, manual processes like combing through suspected bad actor reports, or performing half-hearted quarterly ban activities just won’t cut it anymore,” Cook stresses. “The bad guys have gotten too good, and there’s simply too much financial opportunity for them to be dissuaded by reactive rules and reports.”

What’s being done to deal with the threats?

Efforts are being made to improve security in software, but there’s still a long way to go. For its part, Steam has rolled out Steam Guard functionality to help block account hijacking, and it is also offering two-factor and risk-based authentication through the Steam Guard Mobile Authenticator. The company is also toughening up the market place and has added new restrictions recently that use email confirmation and put a 15-day hold on traded items in order to mitigate the risks of fraud.

Why bother taking the pains of hacking a banking network when there’s easier cash to be made in the gaming industry?

However, lack of awareness and focus on gaming experience leads many users to forgo activating these features. “While [the security features] do provide a certain level of safety to their users, not all of them are aware of their existence or know how to properly configure them,” says Pontiroli. “Even with all the solutions in the world you still need to create awareness among the gaming crowd.”

Security vendors are also taking strides to provide security for gamers without disrupting the gaming experience. Most security products now offer a “gaming mode” that allows players to keep their antivirus software active but avoid receiving notifications until the end of their session.

Other firms, such as Panopticon, are working on special in-game security solutions that distinguishes suspicious in-game activities from normal player behavior through anomaly detection and analytics. The model is taking after techniques used by fraud detection tools in banking and financial platforms. This approach also helps deal with other fraudulent activities such as “gold farming,” the process of using botnets to generate in-game assets and later sell them on grey markets, an activity that is raking in billions of dollars of revenue every year.

No one is safe

The attacks against Steam are dwarfed when compared to some of the bigger data breaches that we’ve seen in the last year. Nonetheless, it is a stark indication of the transformation and shift that online gaming security is undergoing. Moreover, Steam isn’t the only platform that has suffered data breaches in the past months and years.

A similar attack, though at a much smaller scale, was observed against Electronic Art’s gaming platform, Origin late last year (the gaming giant never confirmed the attacks, however). Several other gaming consoles and networks have been targeted in recent years, and the plague of ransomware has already found its way into the gaming industry. This shows that every online game and platform can become the target of cyberattacks.

Nowadays, online games contain a wealth of financial and sensitive information about users, along with other valuable assets. And as is their wont, online fraudsters and cybercriminals will be following the money and aim for the weaker targets. So why bother taking the pains of hacking a banking network when there’s easier cash to be made in the gaming industry?

Securing the games requires the collective effort of security vendors and publishers. As Kaspersky’s Pontiroli puts it, “Security should not be something developers think about afterwards but at an early stage of the game development process. We believe that cross-industry cooperation can help to improve this situation.”

BDTechTalks

 

« UK’s Cybersecurity Policy For Business
Protecting the Next Generation: Make It Personal »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

CyTech Services

CyTech Services

CyTech provides unique services and solutions complemented with professional subject matter experts to both the Federal and Commercial sectors.

Tresorit

Tresorit

Tresorit helps teams to collaborate securely and easily by protecting their data with end-to-end encryption.

LogicManager

LogicManager

LogicManager offer a complete set of IT governance, risk and compliance software solutions and advisory services.

CodeOne

CodeOne

CodeOne provides solutions for website and web app security.

ReFirm Labs

ReFirm Labs

ReFirm Labs provides the tools you need for firmware security, vetting, analysis and continuous IoT security monitoring.

Ecubel

Ecubel

Ecubel is the market leader in Belgium in buying and selling used IT harware guaranteed by a certified data erasure.

Thomsen Trampedach

Thomsen Trampedach

Thomsen Trampedach offers a tailored-made brand protection solution to each customer using a proprietary enforcement automation and reporting tool and a multilingual enforcement team.

Trust Stamp

Trust Stamp

Trust Stamp provide Identity and Trust as a Service to answer two fundamental questions: “Who are you?” and “Do I trust you?"

Cybriant

Cybriant

Cybriant Strategic Security Services provide a framework for architecting, constructing, and maintaining a secure business with policy and performance alignment.

CyberNet Albania

CyberNet Albania

Cybernet Albania has been providing IT support and services to small businesses since 2016. We strive to eliminate your IT issues before they cause downtime and impact your operations.

Red Sky Alliance

Red Sky Alliance

Red Sky Alliance (Wapack Labs Corp) is a cyber threat intelligence firm that delivers proprietary intelligence data, analysis and in-depth strategic reporting.

Noetic Cyber

Noetic Cyber

Noetic provides a proactive approach to cyber asset and controls management, empowering security teams to see, understand, and optimize their cybersecurity posture.

Verisign

Verisign

Verisign is a Global Leader in Domain Names & Internet Security, providing protection for websites and enterprises around the world.

XpertDPO

XpertDPO

XpertDPO provides data security, governance, risk and compliance, GDPR and ISO consultancy to public and private sector organisations.

Hexagon

Hexagon

Hexagon is a global leader in digital reality solutions. We are putting data to work to boost efficiency, productivity, quality and safety.

Telenor Cyberdefence

Telenor Cyberdefence

Telenor Cyberdefence is a newly established (2024) cloud-born Managed Security Service Provider focused on the Nordic markets.