Contact Us
Contact Us
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Subscribe to our newsletter
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Gaming

Using stolen credentials, phishing and malware directed attacks, cybercriminals have identified the gaming sector as a low-risk venture with high profit turnouts.

Read more
Complete this form to get in touch

Are you happy for Defendza to keep you informed on the latest developments in cyber security (attack reports, guidance, DIY articles)? Of course you can unsubscribe at any time. Please see our privacy policy

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Overview

From traditional consoles attached to your television to online gaming, it marks a massive step in the evolution of the gaming industry. The importance of cybersecurity in the gaming industry is not a new revelation. With large troves of sensitive consumer financial data and more cash transactions per minute than some of the world’s largest banks, today’s gaming and casino institutions are ideal targets for cybercriminals seeking hefty payouts. 

With the massive data breaches reported during the last couple of years, credential stuffing attacks have been on the rise. Given the low success rates of these attacks, threat actors are finding this lucrative area with bot technologies. These attacks work on the assumption that a user at breached site A is likely to have same password with his/her account on site B.

Attackers are finding personally identifiable information (PII) and credit card information equally lucrative, along with game credits for in-game exchanges. For organised cybercrime groups, all personally identifiable data and credit card information is, after all, valuable underground market commodity.

Challenges - Gaming Sector

Cyber threats will only grow with technological advancements in this sector.

Gaming businesses and regulatory authorities should look towards lessons from other sectors such as the financial sector. Providing a safe gaming environment goes beyond the immersive gaming experience. Advancement of innovative products, immersive gaming experiences with sharing of services and platforms are some of the factors adding to complexities of the threat landscape. 

Akamai's Security Web Attacks and Gaming Abuse report highlighted information related to gaming industry issues observed for about 17 months. Highlighted attacks in this report relate to more than 2/3 of basic top ten web application security issues such as SQL Injection, Local File Inclusion attacks. This highlights the lack of basic cyber hygiene and the rush to go-live releases. Key challenges faced by the gaming sector include:

  • Does the Management offer a top to down approach in ensuring cyber security sits at the centre of the corporate environment as well as product development?
  • Are web developers trained for secure coding practices to ensure secure by design development?
  • How are cyber risks assessed and mitigated in a supply chain?
  • Do you provide your products for regular third-party assessments? 

Without deep-dive (technical) risk assessments, there is no visibility of affected assets and the exposed attack surface inside and outside your environment. 

Working on your new Gaming platform ?
Call Us Now

Are you prepared?

What systems and controls are in place to mitigate against supply chain attacks?

A supply chain is a chain of dependencies in goods or services. Supply chain compromise is the manipulation of products or product delivery mechanisms prior to receipt by a final consumer for the purpose of data or system threat. A supply chain can be compromised in various ways, for example, through the exploitation of third-party data stores or software providers.

Is your business resilient to ransomware attacks?

Ransomware has quickly become one of the most dangerous cybercrime threats organisations are facing . Over the past two years, the number of organizations being hit with targeted ransomware attacks has multiplied as the number of gangs carrying out these attacks has proliferated. Paying the ransom does not guarantee that you will get access to your data and threat actors may assume that you would be open to paying ransoms in the future

How do you process and store personal data of your clients?

The loss of client information can have a devastating impact on a sector that has confidentiality at the heart of its business. Firms storing sensitive information, third party data, transactional records are likely to be at a higher risk of data breach than a local high street firm. Therefore, it goes without doubt that secure information storage and processing practices would help minimise the attack surface.

Is your business prepared to mitigate credential stuffing risks?

Lately since 2017/18, due to massive breaches credential stuffing attacks are the most prevalent form of attack used with large online consumer based such as gaming, gambling, financial and retail sectors. Although the success rate of credential-stuffing attacks is very low, successful logins are an easy gateway into opportunities for malicious actors.

Are you following secure SDLC (coding practices, design and deployment) practices?

Secure SDLC involves overall security methodology embedded at various stages during software development. Organisations should be aware of threat modelling, common pitfalls/vulnerabilities such as OWASP Top 10, secure code reviews and security baselines for deployment and dev ops (DevSecOps).

Sector Experience

This section refers to specific projects based experience in this sector. Our experience stems from working for gaming providers and platforms assessed.

Key benefits

✔ Thick Client Security Reviews

✔ Gaming Portals Application Security Assessments

✔ Cyber Security Assurance as part of larger audit requirements

✔ Online gaming security reviews for major gaming group

Schedule a free 30 min consultation.
Call Us Now

Resources

Gaming sites hit with billions of cyberattacks

12/07/2019

Hackers have targeted the gaming industry by carrying out 12 billion credential stuffing attacks against gaming websites within the 17-month period analyzed in the report. This puts the gaming community among the fastest rising targets for credential stuffing attacks and one of the most lucrative targets for criminals looking to make a quick profit. 

Gaming industry still in the scope of attackers in Asia

11/03/2019

Asian game developers again targeted in supply-chain attacks distributing malware in legitimately signed software. This is not the first time the gaming industry has been targeted by attackers who compromise game developers, insert backdoors into a game’s build environment, and then have their malware distributed as legitimate software.