Motherboard published a report last week on hackers stealing FIFA 21’s source code form EA Sports. This report was based on an article posted by an unidentified user of a forum on June 6, in which the user claimed to have the backup of a file of 780GB that was provided by EA Sports. EA Sports acknowledged that there was a data breach but denied that any customer data was compromised.
-
Cybercriminals may be interested in information from the gaming industry, aside from the EA Sports hack of their source code. This blog will look at the reasons this industry has caught the eye of criminals and the top threats security professionals should be aware of.
What is the reason for online games and why NOW
This isn’t a new practice to take on online gaming. In Januaryof this year APT 27 targeted five gambling companies that were “victims” of these attacks. They are believed to have targeted them in order to market gambling products to Chinese citizens. APT 41 targeted hundreds of online gambling businesses in Septemberof 2020. This is according to reports. In order to reuse, sell or repurpose onlinethe attackers took customer sensitive data, including software signing certificates and source code.
Online casinos should be worried about intellectual theft of property.
Online gaming companies are concerned about theft of intellectual propertysimilar to the EA Sports case. These companies frequently assist with the development of games and support software.
-
This is understandable as much goes into creating a game or platform. The most difficult thing about making games is the amount of effort and teams required. Some developers might need to put in 3-5 years of effort in order to develop big games that players will enjoy. This can be attractive to threats to corporate espionage. The online gaming market has grownin popularityCybercriminals are also attracted by it, seeking to earn money from online fraud and stolen accounts.
The following section will discuss the most frequently-repeated threats we have seen to the online gambling industry, including:
Data breaches
Online gaming companies often have data breaches that are distributed to criminals, and later sold to them. Already in 2021, we havealready witnessed threat actors who speak Mandarin and English selling data from diverse gaming platforms.
-
Photon saw online gaming data available to be purchased in 2021.
On a dark internet market, information from the online platform for gambling is for purchase.
The breach could involve different types of information. This example shows that the breach was related to payment, forum, and game databases.
INITIAL ACCESS BROKERS RANSOMWARE
As you will see, the previous section provided an example of a cybercriminal selling access to gambling databases online. The “access brokers”, which have been growing in popularity in the last year, are becoming increasingly frequent. They “access brokers” provide access to many databases. “Initial Access brokers” are more popular and can provide credentials to high-value users, such as Domain Administrators.
Access listings for ransomware allow operators access to RDP instances, giving them huge opportunities. Photon recently discovered 90 RDP access lists, with each listing averaging $9,000 This alarming fact is significant when you consider that RDP accounts are responsible for 70-80% to initial footholds for ransomware’s operation, according FBI.
PHISHING and STOLEN ACCOUNTS
Phishing is not the last. Phishing has become a major threat. Phishing is a growing risk according to Verizon DBIR 2021. It is also commonplace to attack online gaming.
These phishing emails target gamers and try to steal their credit card information or payment card credentials to sell on to cybercriminals. In some cases, these campaign may be used to spread malware.
Customers are not the only ones affectedbut also employees. In the year 2000was the first time that over half a billion credentials belonging to top game publishers were in the process of being made available.
In the recent hack at EA Sports hackers used stolen cookie information to gain access into the Slack channel. The kind of information that cookies provide is available to rent at fingerprinting shops like Genesis Market.