Cheating Hack Halts Apex Legends E-Sports Tourney

During two separate Apex Legends Global Series live streams this week, hackers were caught dropping so-called "cheat tools" into the game to illegally benefit players. Electronic Arts, publisher of Apex Legends was then forced to postpone the remainder of the tournament — with prize money totaling $5 million — while they try to figure out how the cyberattack happened.

"Due to the competitive integrity of this series being compromised, we have made the decision to postpone the [North American] finals at this time," the Apex Legends Esports social media account announced March 17. "We will share more information soon."

There are questions about where the remote code execution (RCE) vulnerability that allowed hackers to interrupt Apex Legends Global Series play resides. The popular shooter game's anti-cheat system provider, Easy Ant-Cheat, denied its systems contained the RCE flaw in question, according to the company's tweet from March 18.

"At this time, we are confident that there is no RCE vulnerability within EAC being exploited," the Easy Anti-Cheat's statement said.

However, the game's volunteer "Anti-Cheat Police Department" advised players to avoid not just Apex Legend, but indeed any games using Easy Anti-Cheat, in a tweet this week following the tournament hacks.

"Currently, the RCE is being abused to inject cheats into streamers' machines, which means they have the capabilities to do whatever, like installing ransomware software and locking up your entire PC," the group's statement advised.

Gaming Tournaments Are a New Attack Surface

The gaming industry has a uniquely challenging attack surface to defend against cybercrime and is only getting tougher to protect. In 2021, hackers were able to steal the source code for EA's game FIFA 21 with a craft social engineering attack. Now, e-sports tournaments have emerged as a new aspect of the gaming attack surface, something cyber teams will need to consider more carefully, according to an emailed statement from Jamie Boote, associate principal security consultant at Synopsys Software Integrity Group.

"Moving forward, e-sports organizers should consider participants' gaming computers to be part of their attack surface that needs to be secured," Boote said. "Future e-sports tournament organizers will have to assume that it's a matter of when, not if, an event will happen like this again and how to prevent or minimize disruption if it does."