Cheating Hack Halts Apex Legends E-Sports Tourney
Electronic Arts is trying to track down the RCE exploit that allowed hackers to inject cheats into games during the recent Apex Legends Global Series.
March 19, 2024
During two separate Apex Legends Global Series live streams this week, hackers were caught dropping so-called "cheat tools" into the game to illegally benefit players. Electronic Arts, publisher of Apex Legends was then forced to postpone the remainder of the tournament — with prize money totaling $5 million — while they try to figure out how the cyberattack happened.
"Due to the competitive integrity of this series being compromised, we have made the decision to postpone the [North American] finals at this time," the Apex Legends Esports social media account announced March 17. "We will share more information soon."
There are questions about where the remote code execution (RCE) vulnerability that allowed hackers to interrupt Apex Legends Global Series play resides. The popular shooter game's anti-cheat system provider, Easy Ant-Cheat, denied its systems contained the RCE flaw in question, according to the company's tweet from March 18.
"At this time, we are confident that there is no RCE vulnerability within EAC being exploited," the Easy Anti-Cheat's statement said.
However, the game's volunteer "Anti-Cheat Police Department" advised players to avoid not just Apex Legend, but indeed any games using Easy Anti-Cheat, in a tweet this week following the tournament hacks.
"Currently, the RCE is being abused to inject cheats into streamers' machines, which means they have the capabilities to do whatever, like installing ransomware software and locking up your entire PC," the group's statement advised.
Gaming Tournaments Are a New Attack Surface
The gaming industry has a uniquely challenging attack surface to defend against cybercrime and is only getting tougher to protect. In 2021, hackers were able to steal the source code for EA's game FIFA 21 with a craft social engineering attack. Now, e-sports tournaments have emerged as a new aspect of the gaming attack surface, something cyber teams will need to consider more carefully, according to an emailed statement from Jamie Boote, associate principal security consultant at Synopsys Software Integrity Group.
"Moving forward, e-sports organizers should consider participants' gaming computers to be part of their attack surface that needs to be secured," Boote said. "Future e-sports tournament organizers will have to assume that it's a matter of when, not if, an event will happen like this again and how to prevent or minimize disruption if it does."
About the Author
You May Also Like
DevSecOps/AWS
Oct 17, 2024Social Engineering: New Tricks, New Threats, New Defenses
Oct 23, 202410 Emerging Vulnerabilities Every Enterprise Should Know
Oct 30, 2024Simplify Data Security with Automation
Oct 31, 2024