- Researchers have found almost one million compromised accounts from 25 leading gaming companies on the Dark Web, including employee and client-facing resources, according to a report from threat intelligence firm KELA. Almost half were listed for sale last year.
- The researchers found more than 500,000 leaked credentials were from employees at the gaming companies. The credentials include email addresses of senior-level employees and have been available for free in underground markets.
- Researchers have observed four ransomware attacks involving gaming companies over the past three months, with three of them publicly reported. Credentials to VPN, website management portals, admin, Jira and other internal resources from gaming companies that were recently attacked have been put up for sale on the underground markets.
The gaming industry is a fast growing and potentially vulnerable target market for bad actors, according to the report. Industry revenue is expected to reach $196 billion by 2022 and millions of consumers embracing online gaming amid widespread COVID-19-related lockdowns.
The report, by KELA's Almog Zoosman, pre-sales engineer, and Victoria Kivilevich, threat intelligence analyst, indicates several instances of threat actors looking to access gaming company networks.
In one example, a Russian-speaking actor said he was interested in developer's networks of Xbox, Nintendo, Qualcomm and Apple. Another December incident shows a threat actor looking to sell data — including FTP credentials — of a leading Japanese video game developer. In a third case a member of a Russian-speaking forum sought access to servers or repositories of major gaming companies.
The report authors told Cybersecurity Dive that gaming companies need to invest in continuous monitoring of their assets and also conduct regular cyber awareness and readiness training for employees.
"Organizations are commonly operating their day-to-day operations without knowing they have an open port or operating with a vulnerable technology, which may provide attackers with an initial foothold into their networks," they said via email. "By monitoring the darknet communities that hackers are active in, organizations can gain an external viewpoint of their organizations to see how they look from the eyes of attackers."
The research follows a number of high profile attacks on the gaming industry. As previously reported, the Egregor ransomware gang targeted gaming companies Ubisoft and Crytek. A September report by Akamai showed the video game industry faced nearly 10 billion credential stuffing and 152 million web application attacks between 2018 and 2020.