Leading gaming companies, such as Ubisoft, have become big targets for cybercriminals that aim to turn a profit by selling leaked insider-credentials tied to the top game publishers. Over 500,000 stolen credentials tied to the top 25 gaming firms were found on caches of breached data online and up for sale at criminal marketplaces, according to researchers at Kela.
In a recent scan, they found 1 million compromised credentials associated with the larger gaming universe of “clients” and also employees – half of which were for sale online. More than 500,000 of the leaked credentials pertained to employees of leading game companies, according to the report published Monday.
The past year was a punishing one for the gaming sector, as outlined by Threatpost’s 2020 cybersecurity recap. Gamers faced foul play ranging from ID theft, scams or the hack of in-game valuables.
What makes Kela’s research unique is the light it shines on inroads hackers have made inside the $196 billion industry. Fueling the trend, wrote the report’s authors, Almog Zoosman and Victoria Kivilevich, is a boom within the sector spurred by COVID-19’s demand for social distancing driving interest in the solitary activity of video gaming.
“The growing success of this industry also calls attention to cybercriminals scouting out their new targets – and what better target could cybercriminals ask for than an industry that’s up and coming and may not be prioritizing their security precautions as much as their industry advancement and profit,” Kela reported.
Tools used to attack gaming firms include the malware AZORult, used in both plain-vanilla and sophisticated phishing attacks targeting employees of game companies. AZORult, info-stealing malware, is used to siphon credentials from victims that are then used to further compromise a target’s network.
Scores of successful attacks, researchers report, have stoked a thriving black market for game-company credentials ranging from those tied to VPN services, website management portals, admin panels, dev-related environments and Jira instance access.
Of course, ransomware attacks are also part of the hackers’ playbook.
“For the past three months, we’ve observed four ransomware incidents impacting gaming companies – three of which were publicly reported. In addition, it’s possible that another major gaming developer was attacked, as Sodinokibi (REvil) stated in their interview,” according to the report.
Insider threats were the primary weak point in attacks. “Employees continue to remain as the main entry point, driving us to also analyze the sample companies’ leaked credentials stemming from third-party breaches,” Zoosman and Kivilevich wrote. Criminal marketplaces selling stolen credentials are plentiful. “These markets essentially assist threat actors to attain access to desired services with the click of a button and at a price of a couple of dollars per bot,” authors wrote.
“[For] a payment of just a couple of dollars a potential attacker can have access to the core areas of a company’s network,” the report continued.
Premium access to a game developer’s backend were also available, according to Kela. “We also detected an infected computer (bot) which had credential logs to plenty of sensitive accounts that could be accessed by attackers upon purchase,” the authors wrote. “Access included SSO, Kibana, Jira, admin-connect, service-now, Slack, VPN, password-manager and poweradmin in one specific example… This highly valuable bot was available for sale for less than $10.”
Advice for the highly-targeted game industry in 2021 is a focus on insider threats and employee training, according to Kela. It also recommended more stringent password guidelines, such as enforcing password changes and mandating multi-factor authentication policies.
As the gaming industry preps for another record-breaking year of profits, security experts caution “attacks and attackers are becoming more sophisticated and customized to the victim.”
“Some attackers try to search for the specific data and information that is relevant to the scope or industry of the victim and reproduce the successful attacks. As the gaming industry continues to grow in revenue, we will likely continue to detect more threats and attacks targeting the online gaming industry,” according to the report.
Download our exclusive FREE Threatpost Insider eBook Healthcare Security Woes Balloon in a Covid-Era World , sponsored by ZeroNorth, to learn more about what these security risks mean for hospitals at the day-to-day level and how healthcare security teams can implement best practices to protect providers and patients. Get the whole story and DOWNLOAD the eBook now – on us!