Given that the gaming industry continues to be plagued by hackers we felt it was time to address the very public attacks on several high-profile game companies. Unless it is addressed and taken seriously, the games industry will continue to be a target by hackers. There is a worrying lack of modernity in the security of the gaming industry.
Due to the game industries continued growth, it should come as no surprise that it will remain a easy target by hackers. Most likely, these hacks will only become more frequent and grow in the damages caused.
It is no surprise that the gaming industry has been attacked several times in the recent months. Starting with the huge CDPR ransomware attack, then dependency hijack of Halo Waypoint, now we find a much more worrying case in the breach of Apex Legends and Titanfall 2.
These attacks do a lot more than just deny services or damage reputations, they represent vulnerabilities that can lead to the loss of secure and highly sensitive data. The CDPR breach is one of the biggest examples, as it was not just the source code to every title being leaked but the personal details and documents of the entire staff.
Now it might come as a shock that companies like Microsoft and EA suffered significant breaches, however the biggest surprise is the latter of these hacks.
Surprisingly, the injection points and common attack vectors that black hat hackers tend to take advantage of are network related. DDoS, searching for open ports or public domains that could potentially leak sensitive data. Hacker’s aim for anything on a network level and strive for outdated operating systems and servers. This is because these things are commonly known to be weak or prone to vulnerabilities.
Gameplay security tends to be a topic of discussion that is often overlooked, mostly there is a misconception that it is rarely attacked. However, through research we are now seeing a clear transition into targeting the games and platforms themselves.
Both the software and the applications are being compromised in today’s hacks. As we’re seeing with the Respawn hack, with the public messages displayed on Apex Legends and Titanfall 2, the game itself was compromised. However, the worrying part is that it doesn’t seem like a great conspiracy being conducted by a hacking group or savvy cybercriminals. It seems to be one or maybe a handful of disgruntled players who are upset about the number of hackers on the original Titanfall.
The gaming industry is a multi-billion dollar that spans the globe, and yet the issue is that its security is not even close to what it could or should be. Unfortunately, we have encountered the same mentality over the last years of work time and time again. Proper security is considered “nice to have” and not a key requirement. Which is why we are continuously fighting this mentality for our clients and trying to create awareness around the topic. We want to break through the widespread misconception and get people to understand it hurts games, developers, and players to view it as “just a game”.
When you take into consideration the comparison between both the financial and the gaming industries its hard to understand why security isn’t a priority. They are both billion-dollar industries that reach across almost every corner of the world, overlap in features and functionalities. However, the difference in security maturity is worlds apart.
The mentality of “it’s just a game” seems to hamper the idea that players’ and developers’ information and financial data are at risk. Therefore, escalates the need proper security straight away.
Our goal is to move the games industry towards the level of security maturity as the other industries such as the financial industry. We know that this is no easy task and that it will take time. Nonetheless, security must be fundamental to business operations, given the fact that games are very lucrative targets for hackers.
If security within the games industry continues down the path its going and refuses to keep up with modern trends, these attacks won’t stop. They will continue, grow, and increase in frequency and severity for years to come.
If you’d like to discuss cybersecurity, gaming or otherwise, don’t hesitate to get in touch!