Video-Gaming Is The Next Cybercrime Target

Any endeavor that makes money quickly draws the attention of fraudsters and thieves, and videogames are no exception.

Since their inception and introduction to the consumer market, videogames have been the target of theft, piracy, illegal distribution… But the evolution of the digitized entertainment and its major shift toward online gaming has also changed the way it is being targeted, who it is being targeted by, and the people who are suffering the consequences.

Video-game-related crime is almost as old as the industry itself. But while illegal copies and pirated versions of games were the previous dominant form of illicit activities related to games, recent developments and trends in online gaming platforms have created new possibilities for cybercriminals to swindle huge amounts of money from an industry that is worth nearly $100 billion. And what’s worrisome is that publishers are not the only targets; the players themselves are becoming victims of this new form of crime.

Recent trends prove just how attractive the gaming community has become for cybercriminals and how lucrative the game-hacking business is becoming, which underlines the importance for developers, manufacturers and gamers alike to take game security more seriously.

New features breed new hacking possibilities

The recent wave of malware attacks against Steam, the leading digital entertainment distribution platform, is a perfect example of how game-related crime has changed in recent years.

For those who are unfamiliar, Steam is a multi-OS platform owned by gaming company Valve, which acts as an e-store for video games. But what started as a basic delivery and patching network eventually grew into a fully featured gaming market that counts more than 125 million members, 12 million concurrent users and thousands of games. Aside from the online purchase of games, the platform offers features for game inventories, trading cards and other valuable goods to be purchased and attached to users’ accounts.

The transformation that has overcome the gaming industry, or more specifically the shift toward the purchase and storage of in-game assets, has created new motives for malicious actors to try to break into user accounts. Aside from sensitive financial information, which all online retail platforms contain, the Steam Engine now provides attackers with many other items that can be turned into money-making opportunities.

This has fueled the development of Steam Stealer, a new breed of malware that is responsible for the hijacking of millions of user accounts. According to official data recently published by Steam, credentials for about 77,000 Steam accounts are stolen every month. Research led by cybersecurity firm Kaspersky Lab has identified more than 1,200 specimens of the malware. Santiago Pontiroli and Bart P, the researchers who authored the report, maintain that Steam Stealer has “turned the threat landscape for the entertainment ecosystem into a devil’s playground.”

The malware is delivered through run-of-the-mill phishing campaigns, infected clones of gaming sites such as RazerComms and TeamSpeak or through fake versions of the Steam extension developed for the Chrome browser.

Once the intruder gains access to victims’ credentials, they not only siphon the financial data related to the account, but also take advantage of the possible assets stored in the account and sell them in Steam Trade for extra cash. Inventory items are being traded at several hundred dollars in some cases. According to the Steam website, “enough money now moves around the system that stealing virtual Steam goods has become a real business for skilled hackers.”

Every online game and platform can become the target of cyberattacks.

Steam Stealer is being made available on malware black markets at prices as low as $3, which means “a staggering number of script-kiddies and technically-challenged individuals resort to this type of threat as their malware of choice to enter the cybercrime scene,” the Kaspersky report states. The malware-as-a-service trend is being observed elsewhere, including in the ransomware business, which, at present, is one of the most popular types of money-making malware being used by cybercriminals.

What makes the attacks successful?

A number of factors have contributed to the success of the attacks against the Steam platform, but paramount among them is the outdated perception toward security in games. Developers and publishers are still focused on hardening their code against reverse engineering and piracy, while the rising threat of data breaches against games and gamers aren’t getting enough attention.

“I think it’s because in the gaming world as well as in the security industry, we haven’t paid much attention to this issue in the past,” says Pontiroli, the researcher from Kaspersky, referring to the malware attacks against games.

Gamers are also to blame for security incidents, Pontiroli believes. “There’s this view from the other side of the table — from gamers — that antivirus apps slow down their machines, or cause them to lose frame rate,” he explains, which leads them to disable antiviruses or uninstall them altogether. “Nowadays you just need to realize that you can lose your account and your information.”

A separate report by video-game security startup Panopticon Labs about cyberattacks against the gaming industry maintains that in comparison to financial services and retail, the video-game industry is new and highly vulnerable to cyberattacks. “Whereas other industries now have cybersecurity rules, regulations and standards to adhere to, online video games are just now recognizing that in-game cyberattacks exist and are harmful to both revenue and reputation,” writes the report.

Matthew Cook, co-founder of Panopticon, believes that publishers are putting up with the unwanted behaviors of bad actors and accept it as a cost of doing business. “So often, the publishers we talk to refer to fighting back against these unwanted players as a game of ‘whack a mole’ that they can never win,” he says.

In contrast, he believes, publishers can fight back and eliminate fraudulent or harmful activities, provided they get a head start in securing their games and are dedicated to keeping bad players out after they’re gone. “Unfortunately, slow, manual processes like combing through suspected bad actor reports, or performing half-hearted quarterly ban activities just won’t cut it anymore,” Cook stresses. “The bad guys have gotten too good, and there’s simply too much financial opportunity for them to be dissuaded by reactive rules and reports.”

What’s being done to deal with the threats?

Efforts are being made to improve security in software, but there’s still a long way to go. For its part, Steam has rolled out Steam Guard functionality to help block account hijacking, and it is also offering two-factor and risk-based authentication through the Steam Guard Mobile Authenticator. The company is also toughening up the market place and has added new restrictions recently that use email confirmation and put a 15-day hold on traded items in order to mitigate the risks of fraud.

Why bother taking the pains of hacking a banking network when there’s easier cash to be made in the gaming industry?

However, lack of awareness and focus on gaming experience leads many users to forgo activating these features. “While [the security features] do provide a certain level of safety to their users, not all of them are aware of their existence or know how to properly configure them,” says Pontiroli. “Even with all the solutions in the world you still need to create awareness among the gaming crowd.”

Security vendors are also taking strides to provide security for gamers without disrupting the gaming experience. Most security products now offer a “gaming mode” that allows players to keep their antivirus software active but avoid receiving notifications until the end of their session.

Other firms, such as Panopticon, are working on special in-game security solutions that distinguishes suspicious in-game activities from normal player behavior through anomaly detection and analytics. The model is taking after techniques used by fraud detection tools in banking and financial platforms. This approach also helps deal with other fraudulent activities such as “gold farming,” the process of using botnets to generate in-game assets and later sell them on grey markets, an activity that is raking in billions of dollars of revenue every year.

No one is safe

The attacks against Steam are dwarfed when compared to some of the bigger data breaches that we’ve seen in the last year. Nonetheless, it is a stark indication of the transformation and shift that online gaming security is undergoing. Moreover, Steam isn’t the only platform that has suffered data breaches in the past months and years.

A similar attack, though at a much smaller scale, was observed against Electronic Art’s gaming platform, Origin late last year (the gaming giant never confirmed the attacks, however). Several other gaming consoles and networks have been targeted in recent years, and the plague of ransomware has already found its way into the gaming industry. This shows that every online game and platform can become the target of cyberattacks.

Nowadays, online games contain a wealth of financial and sensitive information about users, along with other valuable assets. And as is their wont, online fraudsters and cybercriminals will be following the money and aim for the weaker targets. So why bother taking the pains of hacking a banking network when there’s easier cash to be made in the gaming industry?

Securing the games requires the collective effort of security vendors and publishers. As Kaspersky’s Pontiroli puts it, “Security should not be something developers think about afterwards but at an early stage of the game development process. We believe that cross-industry cooperation can help to improve this situation.”

BDTechTalks

 

« UK’s Cybersecurity Policy For Business
Protecting the Next Generation: Make It Personal »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

National Institute of Standards & Technology (NIST)

National Institute of Standards & Technology (NIST)

NIST is a measurement standards laboratory, and a non-regulatory agency of the United States Department of Commerce. Areas covered include IT and cybersecurity.

Digital Infrastructure Association (DINL)

Digital Infrastructure Association (DINL)

DINL is the leading representative for companies and organisations which are active within the Dutch digital infrastructure sector.

National Cybersecurity Institute (NCI) - Excelsior College

National Cybersecurity Institute (NCI) - Excelsior College

NCI is Excelsior College’s research center dedicated to assisting government, industry, military and academic sectors meet the challenges in cybersecurity policy, technology and education.

CSO GmbH

CSO GmbH

CSO GmbH provide specialist consultancy services in the area of IT security.

AVORD

AVORD

AVORD is a cloud-based security testing platform that allows clients to manage security testing requirements in a far more productive and efficient way.

LSoft Technologies

LSoft Technologies

LSoft Technologies is a leader in data recovery software technologies.

PQShield

PQShield

PQShield are specialists in Post-Quantum Cryptography. We provide quantum-secure cryptographic solutions for software, software/hardware co-design and data in transit.

FirstWave Cloud Technology

FirstWave Cloud Technology

FirstWave Cloud Technology is a global cyber security company which has been delivering Cybersecurity-as-a-service solutions to the market since 2004.

Guardian Digital

Guardian Digital

Guardian Digital makes email safe for business. Threat-ready business email protection. Fully supported.

Vantea SMART

Vantea SMART

Vantea SMART have decades of experience in cybersecurity resulting in an approach of proactive prevention - Security by Design and by Default.

Pristine InfoSolutions

Pristine InfoSolutions

Pristine InfoSolutions is a global IT services and Information Security Company focused on delivering smart, next-generation business solutions.

Def-Logix

Def-Logix

Def-Logix was founded in 2008 to help solve cyber threats being experienced by government agencies of the United States.

Kingston Technology

Kingston Technology

Kingston is a leading global manufacturer of memory and storage solutions including encrypted storage solutions to protect data inside and outside the firewall.

Siometrix

Siometrix

Siometrix addresses digital identity fraud. It steals your attacker's time and prevents many prevalent attack vectors.

FusionAuth

FusionAuth

FusionAuth is the customer authentication and authorization platform that makes developers' lives awesome.

Apex

Apex

We aspire to make the AI revolution run faster, securely, for the benefit of all. We are purposely built for the new AI era and are creating capabilities to safely enable AI.