Vulnerabilities / Threats

5/13/2016
10:30 AM
Matthew Cook
Matthew Cook
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

Why Online Video Gaming Will Be The Next Industry Under Cyber Attack

As more money flows into games, criminals are targeting this new and lucrative market with the tools and techniques they once used to hack online banks and Internet retailers.

Late last year, Steam, one of the world’s largest online video game platforms, admitted that 77,000 of its gamer accounts are hacked every month. This revelation represented the first time that a major video game company acknowledged cyber crime.

In response, Kaspersky Lab researcher Santiago Pontiroli led an investigation into how adversaries were exploiting so many gamers. After three months of research, Pontiroli and his team discovered the existence of a new type of malware developed specifically to hack Steam accounts. Dubbed Steam Stealer, the malware can bypass the Steam client’s built-in multifactor authentication (MFA) protocols, thus enabling adversaries with the access necessary to compromise the integrity of a player’s account.

Cyber threats to online video games aren’t entirely new, but they are severely underreported. What’s ironic is that the video game industry is as big, if not bigger, than any industry in the world. Of the 1.2 billion video game players worldwide, nearly 700 million of them play online. For the video game industry, providing entertainment for one seventh of the world’s populace equates to revenues of more than $86.8 billion annually. This is nearly double the amount of the film industry, yet the Sony Pictures hack was covered for months. For financially motivated hackers, and fraudsters, there is perhaps no bigger opportunity to profit than the video game industry provides.

The Vulnerability of Online Video Games

As more money comes into online games, cyber criminals are shifting their efforts to exploiting games. Why the change in behavior? For one reason, the tools and techniques once used to hack online banks and Internet retailers are now, more than ever, directly applicable to breaking into game worlds. Techniques such as hijacking player accounts and draining real-money value from the game are reminiscent of the methods that once plagued the financial services industry. Second, the video game industry hasn’t yet fully come to terms with the reality that cyber attacks are a systemic problem, leaving thousands of games exposed to front-end, backend and the most damaging, in-game attacks.

In-video game attacks occur when a player’s account is hijacked using readily available malware that enables man-in-the-middle exploits, keylogging, remote access, and other hacks. Once inside, cyber criminals can steal player credentials, gain access to a player’s game account, transfer in-game assets to other accounts, and sell those assets on the ‘grey market,’ an unauthorized, but not necessarily illegal place that is used to sell virtual items and currency for real money. 

 The ‘grey market’ is perhaps the greatest unintended consequence of video games moving online. The demand for virtual items is so large that people ranging from U.S. college students working for beer money to Chinese children sitting at Internet cafes for 20 hours a day, are working to amass virtual items through regular game play and sell them for real money. This practice, known as ‘gold farming,’ is so widespread and lucrative that the World Bank wrote a report estimating that it generated $3 billion a year for people in developing countries.

To keep up with today’s demand for virtual items, gold farmers now automate their operations by running hundreds or thousands of bots to speed up the accumulation process. These actions have flooded games’ online economies, losing publishers as much as 40 percent of in-game revenue per month and irreversible reputational damage.

What’s the Fix?

To date, online video game cybersecurity is focused on protecting and monitoring the login and monetary transaction processes. This approach is similar to those taken by banks to eliminate online fraud, a method so ineffective that it cost them billions of dollars over time. Online games today also rely on MFA to protect the login process, although this safeguard is easily defeated by widely available keylogging and screen-scrape technology. Device reputation technology, which verifies that an IP address and device are known for a user, is also commonly used by game publishers, but is susceptible to man-in-the-middle hacks.

Additionally, some publishers have built internal solutions in which games are monitored for gold farmers, bots, and spammers. Many have also developed and implemented rules-based systems that define specific patterns of bad activity based on forensics and after-the-fact investigations. But rules-based security is deeply flawed, as most cybersecurity practitioners know.

As it stands now, either gamers will need to put pressure on publishers or a massive, crippling attack will need to occur for the video game industry to ‘get smart’ on cybersecurity. One thing is for certain: cyber criminals will not stop targeting an industry as lucrative as video games, unless someone makes them. 

Related Content:

Matthew Cook is a veteran security and risk professional and a lifelong gamer. He is currently the co-founder of Panopticon Laboratories, the first and only cybersecurity company for video game publishers. View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
fredweiser
50%
50%
fredweiser,
User Rank: Apprentice
1/9/2019 | 12:09:22 AM
Re: Beyond gold farming
Nowadays, with the help of advanced technology and popularity, the online video gaming industry has expanded rapidly over these years. There are a variety of video games that have been launched last year which has increased the popularity and growth of this industry. There are many online gaming sites like Instant Gaming, FIFA Coin, etc., are also available which have become extremely popular, and gives very high quality of games.
Panopticon_Matt
50%
50%
Panopticon_Matt,
User Rank: Author
5/16/2016 | 10:31:41 AM
Re: Beyond gold farming
Yeah, a big attack, exspecially if it manages to catch the notce of the mainstream press, would be a terrible thing, both for players as well as publishers. Thanks for calling out the additional vectors you've noticed; we've definiely seen evidence of some of these as well. Appreciate it!
tingfangyen
100%
0%
tingfangyen,
User Rank: Author
5/13/2016 | 3:55:00 PM
Beyond gold farming
Let's hope the answer isn't a "massive crippling attack" and we can get some attention before then! I agree that video games (and mobile games) are definitely a new and fruitful frontier for fraudsters. A few additional attack techniques we've observed at DataVisor in addition to the ones you list above are: renting out proxy servers to bypass reputation-based detection systems and simulate presences in different locations, virtual currency arbitrage, and criminals acting as in-app purchase brokers. The list keeps growing and I agree we need to shout "rules-based security is deeply flawed" from the rooftops. If game publishers don't start paying attention now, they will pay deeply from their own pockets.
Government Shutdown Brings Certificate Lapse Woes
Curtis Franklin Jr., Senior Editor at Dark Reading,  1/11/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
The Year in Security 2018
This Dark Reading Tech Digest explores the biggest news stories of 2018 that shaped the cybersecurity landscape.
Flash Poll
How Enterprises Are Attacking the Cybersecurity Problem
How Enterprises Are Attacking the Cybersecurity Problem
Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-6455
PUBLISHED: 2019-01-16
An issue was discovered in GNU Recutils 1.8. There is a double-free problem in the function rec_mset_elem_destroy() in the file rec-mset.c.
CVE-2019-6456
PUBLISHED: 2019-01-16
An issue was discovered in GNU Recutils 1.8. There is a NULL pointer dereference in the function rec_fex_size() in the file rec-fex.c of librec.a.
CVE-2019-6457
PUBLISHED: 2019-01-16
An issue was discovered in GNU Recutils 1.8. There is a memory leak in rec_aggregate_reg_new in rec-aggregate.c in librec.a.
CVE-2019-6458
PUBLISHED: 2019-01-16
An issue was discovered in GNU Recutils 1.8. There is a memory leak in rec_buf_new in rec-buf.c when called from rec_parse_rset in rec-parser.c in librec.a.
CVE-2019-6459
PUBLISHED: 2019-01-16
An issue was discovered in GNU Recutils 1.8. There is a memory leak in rec_extract_type in rec-utils.c in librec.a.