Gaming Industry Plagued by Hackers
8 July 2021
With the recent and very public attacks on several high-profile game companies, we felt it was time to address the topic. There is a worrying lack of modernity in the security of the gaming industry.
We have talked about why the games industry would be targeted by hackers. And for many years we have warned that these attacks will only continue. Most likely, they will only get more frequent and grow in the damages caused.
The rising trend of hacking
It’s no secret the gaming industry has been hit several times quite recently. Starting with the huge CDPR ransomware attack, then dependency hijack of Halo Waypoint, now we find a much more worrying case in the breach of Apex Legends and Titanfall 2.
These attacks aren’t just denying services or damaging reputation. They represent the vulnerabilities that lead to loss of secure and sensitive data. The CDPR breach is one of the biggest examples, with not just source code to every title being leaked. But also personal details and documents of the entire staff.
What does this mean?
The big news isn’t just that Microsoft and EA suffered significant breaches. Really, the biggest news is the latter of these hacks.
Typically, the injection points and common attack vectors that black hat hackers take advantage of have been network related. DDoS, searching for open ports or public domains that could potentially leak sensitive data. They would aim for anything on network level or perhaps outdated operating systems and servers. Things that would be weak or prone to known vulnerabilities.
Now, we are seeing a clear transition into targeting the games and platforms themselves. We’ve discussed gameplay security before and the misconception that it is rarely attacked.
The software and the applications are being compromised. As we’re seeing with the Respawn hack, with the public messages displayed on Apex Legends and Titanfall 2, the game itself was compromised. And worryingly, it doesn’t seem like a great conspiracy conducted by a hacking group or savvy cybercriminals. It looks like one or maybe a small handful of disgruntled players, upset about the number of hackers on the original Titanfall.
What’s the next step?
The issue is the gaming industry is a multi-billion dollar that spans the globe. And yet its security is not even close to what it could or should be. We have, unfortunately, encountered the same mentality over the last years of work. Proper security is considered “nice to have” and not a key requirement. We are continuously fighting this mentality and creating awareness around the topic, but it seems widespread. It hurts games, developers, and players to view it as “just a game”.
A good comparison to games would be the financial industry. They are both billion-dollar industries that reach across almost every corner of the world, overlap in features and functionalities. And yet, the difference in security maturity is fields apart.
The mentality of “it’s just a game” seems to hamper the idea that players’ and developers’ information and financial data are at risk. They are very much at risk and, therefore, are in need of proper security.
We are hoping to move the games industry towards the level of security maturity as others, such as the financial industry. As all things, it will take time. Security must be fundamental to business operations, as games are very lucrative targets for hackers.
As long as the security of the games industry refuses to keep up with modern trends, these attacks won’t stop. They will continue, grow, and increase in frequency and severity.