Two high-ranked Apex Legends players have been banned from the platform for cheating by launching distributed denial-of-service (DDoS) attacks on an Xbox server.
The players, who had achieved the rank of “Apex Predators” in the console version of the game haven’t been named, but the whole thing went down publicly on Reddit’s r/apexlegends forum over the weekend.
Confirmation of the ban came from the game’s security analyst, Connor Ford, on Reddit, who first posted a video showing “undeniable proof that the No. 4 and No. 6 Xbox Preds are DDoSing servers after we knock them,” Ford wrote. “I’m posting on Twitter for more attention but please help get this traction. Console Ranked is literally unplayable with five of every six gamed being DDoSed in Pred lobbies.”
The video was taken down following the ban, but Ford, who works for Apex Legends parent company Respawn, signaled more sweeping actions to come in a March 22 tweet.
“Console reckoning for DDoSers and DDoS customers incoming,” he tweeted. “You can’t hide any of it.”
The now-removed videos showed the top-ranking players get knocked down, then the game lost connectivity. When the honest players were able to rejoin, they were the ones knocked down and the offending ranked players were instead standing over them.
Threatpost reached out to Respawn and Connor Ford for additional details but hasn’t yet received a response.
Cyberattacks On Gaming Are Like ‘Digital Doping’
Cyberattacks against gaming aren’t anything new, but the stakes are higher than ever, which is driving innovation in gaming the games.
“eSports is a market where the top 10 teams are valued at about $2 billion in total, and where money is involved, there are folks trying to use dirty tricks,” Dirk Schrader from New Net Technologies told Threatpost. “We might want to call it ‘digital doping,’ since as the tournaments and the prize pools are getting bigger, the likelihood of attacks and hacks is also growing. For businesses already affected by recent attacks (CD Projekt Red), it is time to include essential controls and protection mechanism to an appropriate level.”
The rise of mobile gaming is also driving cyberthreats, including account takeover (ATO) attacks, according to Hank Schless with Lookout, a mobile security solutions provider.
“They often achieve this by sending targeted mobile phishing links to steal their login credentials. What happens a lot is that threat actors will send a phishing link through the in-game messaging system, directing the player to a fake login page,” Schless told Threatpost. “Usually, the actor will pose as a member of the game’s support team to convince the target to go to that fake page. This is just another iteration of mobile phishing. Malicious links can be sent to you through any app now, not just in emails.”
Attackers are also expanding into building alternate versions of games for distribution on third-party app stores without the same security protections as Google Play or iOS App Store, Schless explained.
“These alternative apps are often trojanized, meaning they function like the legitimate version but have malicious code injected in them,” Schless said.
Gaming Security Too Invasive?
Tim Wade who serves as the CTO of Vectra, which uses AI to find cyberattackers, said he becoming increasingly concerned about the flip side of the equation — that gaming companies becoming too aggressive and are developing anti-cheating solutions that Wade warns are increasingly invasive..
“So long as games are played online, attempts at cheating will continue, and include all of the classic ways a traditional web application may be attacked – including exploiting weakness in client-side code, server-side injection, and yes even DDoS attacks against other players or infrastructure,” Wade told Threatpost. “However, what’s most concerning to me is how invasive some of the anti-cheating countermeasures have become, essentially acting like rootkits and not only potentially creating a dangerous attack surface for users but also raising questions of precedents set for personal privacy.”
Check out our free upcoming live webinar events – unique, dynamic discussions with cybersecurity experts and the Threatpost community:
- April 21: Underground Markets: A Tour of the Dark Economy (Learn more and register!)