It comes as no surprise that the gaming industry has witnessed an astronomical rise for the past decade, even more so under the circumstances brought forth by the Covid-19 pandemic.
The global video game market is forecast to be worth $159 billion in 2020, around four times box office revenues ($43 billion in 2019) and almost three times music industry revenues ($57 billion in 2019).
The biggest market by revenue is Asia-Pacific with almost 50 percent of the games market by value. North America accounts for a quarter of revenue. In parallel, video game sales in March approached $1.6 billion, representing a 35-percent year over year increase, according to U.S.-based research company, NPD.
Gamers have become even more passionate and committed to their games, especially online games, having dedicated accounts and profiles that contain their personal information, as well as their payment methods for online transactions.
This industry has exploded during the pandemic as a record number have turned to it for escapism, entertainment, and social interaction. Estimated to surpass $200 billion by 2023, gaming is now considered to be one of the fastest-growing industries on the planet.
These are fertile grounds for all hackers alike, making the online gaming industry attractive, lucrative, and susceptible to all kinds of cyberattacks and data breaches.
These games, primarily Massive Multi-Player (MMO) games, experience a plethora of attacks from attempting to block players from accessing the games, to attempting to slow down connections to gain a competitive edge.
“These attacks can take the entire game offline, resulting in hundreds of thousands of dollars lost,” according to Radware’s threat research team.
A recent report published by SuperData, a market research company based in New York, gave the example of the game Fortnite – which currently stands as the top online game in the market – grossing $318 million per month.
“If Fortnite was to suffer a cyberattack and it resulted in an outage, it could lose +$400,000 per hour (if you break it down using the following math: $318,000,000/ 30.5 (days a month)/24 (hours a day),” says Eden Amitai, Cyber Security Evangelist at Radware.
While other games maybe losing less, these attacks are hitting profit margins rather hard.
“For instance, online games that bring in $150 million per month could experience $200,000 direct loss of revenue, or a less popular game that has a revenue of 75 million per month may lose $100,000,” Amitai highlighted.
During the height of the global lockdown enacted by governments, 76 percent of gaming companies accelerated their cloud migration plans to meet the increasing demand set forth by gamers stuck at home, according to Radware’s most recent C-suite report.
This not only leads to major cybersecurity liabilities but magnifies the need for a deep security understanding of the shared responsibility mechanism.
Same game, different industry
Usually, it’s the banking and finance industry that appeal to hackers the most, but they’ve learned from their mistakes and have heavily invested into state-of-the-art cybersecurity systems to keep cybercriminals at bay.
Now, hackers have narrowed their sights on the booming gaming industry.
While online games allow players to interact and engage with people from all over the globe, they also process in-game transactions and purchases; and this is exactly where hackers are aiming to attack.
Gaming companies have massive databases filled to the brim with valuable user data, from credit card information, to email addresses, phone numbers and the likes; all of which can be sold on the dark web for profit and extortion.
Common threats to gamers
Hackers have adjusted their MO from directly going for bank information to using more subtle yet effective ways of getting money from the data they steal.
From taking over your player profile to unauthorized selling of your in-game items, there are many ways that hackers can compromise your online gaming profile and make you pay for it, literally.
Let’s explore potential ways hackers can worm their way into these games:
- Identity theft
Usually, it’s the players that boast high ranks within gaming communities are the most susceptible for cyberattacks.
When cybercriminals assume their personas or profiles, they can act in a myriad of malicious ways that have real-world consequences on the actual user. This might lead to hackers soliciting funds, sending out scams or bogus links that would divulge sensitive financial information from other players.
- Data theft
While this strategy is similar to the one listed above, the hacker can merely go through the player’s financial information and other sorts of sensitive data and run off with them, rather than assume their identity.
These criminals can access social media engagement, locations, phone calls, in-game transactions, and monthly subscription data, which could in one way, or another lead them to the victim’s financial resources.
- Third-party trickery
As everyone minimally knowledgeable with the facets of online gaming, these platforms offer a vast array of rare and valuable in-game items and cosmetics which can be exchanged for various types of currencies, be them real-world, in-game or even cryptocurrencies.
Attackers can trick players by setting up phishing websites or landing pages, disguised in the game’s general theme, to trick players into handing over their personal and financial information.
From there, hackers gain access to gaming logs and activities, which paves the way for them to make transactions in the guise of legitimate player personas or accounts, but divert the funds they collect to their personal accounts or any deep-web accounts that could not be traced by authorities.
These kinds of attacks can be targeted at either a player’s PC or hit the game’s site servers.
Usually, such attacks surface as vectors and links that offer cheat codes, mods, new maps, and other game advantages. The effects of malware can range from game disruption, PC system malfunction to compromise game or user information.
With all of this in mind, gaming companies should invest more into strong security strategies that align with their activities across all aspects of their business.
A risk-based approach can bring cybersecurity to the forefront of prioritization that offers three main things, the protection of players’ sensitive information, safeguarding the company’s profits and recognizing that the risk landscape will continue to evolve over time.