Cyrex Hacking Roundup: August
5 August 2021
The world of cybersecurity is always moving, there is a constant back and forth between the hacking collectives and the security systems in place to stop them.
For those interested in the cybersecurity world, we thought it could be helpful to take some of the bigger hacks that have happened recently and elaborate on them. It can be difficult to understand how a hack happened, or how companies might defend themselves and mitigate against further attacks.
The EA Breach
This is a very high-profile breach, one that has drawn a lot of attention. EA is one of the biggest names in the games industry, a multi-billion-dollar company that spans the globe.
Reportedly, the hackers gained access to approximately 780 GB of data. Including the source code for the FIFA franchise and the Frostbite Engine. FIFA needs no explanation, and the Frostbite Engine has been the basis for countless EA titles. To name a few: Dragon Age: Inquisition, the Battlefield series, Mass Effect: Andromeda. It’s big news and all allegedly up for sale in the hacking circles.
And all of it came from bad password hygiene. It has been reported that the breach occurred due to compromised cookies that contained Slack login information. Once they were in, they impersonated staff to gain authentication tokens via EA I.T support. Twice.
Effectively, had there been proper policies in place for regular password changes – this wouldn’t have happened.
For us, this requires three key steps going forward: revisit password policy, training on social engineering and exchanging sensitive data, and lastly, consider revisiting internal network architecture regarding layered security and access control.
Apex and Titanfall Down
The issues with Apex Legends and the Titanfall series are still ongoing, with most online services on Titanfall 1 and 2 remaining unavailable.
The initial hacks brought down Apex as well. They came alongside a message expressing dissatisfaction with how the developers were handling hackers. The message of frustration was aimed at their alleged lack of action regarding hackers on the original Titanfall.
There had been a bout of DDoS (Distributed Denial of Service) attacks on the Titanfall. Seemingly, it brought enough ire from this hacker or group of hackers to embark on their own crusade.
The Titanfall series and its Battle Royale offshoot, Apex Legends, has been suffering from direct DDoS attacks that were aimed at specific players. The ranked mode of Apex found many legitimate players suddenly disconnected as hackers farmed easy kills and ranks.
While there are no clear details on this vulnerability, based on what we’re seeing it’s an application security vulnerability residing on the server side. Potentially a business logic or access control flaw. This would have allowed them to manipulate and create their own playlist, as well as locking all other playlists out.
CoD Warzone Cheaters
The remarkable number of cheaters in Call of Duty: Warzone is only matched by the huge ban waves dished out by the developers. With over 50,000 cheaters taken out in the most recent wave, taking the tally to over 300,000 cheater bans, it’s a wonder how there are still problems.
One issue with Warzone is that any banned cheaters can simply make a new account and return for free. The main issue however is the type of cheating. Aimbotting is one of the most common cheats we’ve seen. This isn’t an actual security flaw because it’s all client-side abuse – it’s very hard for a developer to control and stop.
For these cheaters to exist, however, means that the anti-cheat isn’t doing its job. And we’ve talked about anti-cheat before, it doesn’t work once it’s been bypassed. A server-side security system is needed to validate the cheating behaviour.
And even with banning, we’re seeing the rise of new solutions for cheating. Such as the new GPU based aimbot being discussed.
Cheating like this is hard to crack down on. Ultimately, there needs to be dedicated cheat detection systems checking player behaviour and analysing their actions. All of this needs to be validated by something server-side to confirm these anomalies. But this is much more complex than it sounds, there’s nothing simple about this solution.