The recent cyberattack on game designer CD Projekt Red has highlighted a common but largely overlooked cyber threat. We’ve seen headline after headline about malicious actors using the global COVID-19 pandemic to target overburdened healthcare providers. They’ve even tried to target the vaccine supply chain. But often forgotten is just how vulnerable the gaming community is to cyberattack, and how much more seriously gamers need to take potential threats to their personal information.
CD Projekt Red, developer of the game Cyberpunk 2077, has endured several setbacks in recent months. The much-hyped game’s release in December last year generated immediate criticism over controversial content and buggy game play, among other concerns. Both Sony and Microsoft have offered refunds to players who purchased the title. But the company’s problems got much worse earlier this month when it suffered a ransomware attack that compromised source code for Cyberpunk 2077 and a second title.
Ransomware Attackers Auction Stolen Data
CD Projekt Red announced the hack on Twitter. Unidentified attackers “gained unauthorized access to our internal network, collected certain data belonging to CD PROJEKT capital group, and left a ransom note,” the company said in the tweet. It added that relevant authorities had been notified and that as far as the company was aware, “the compromised systems did not contain any personal data of our players or users of our services.
The company also released the ransom note, in which the attackers claim to have dumped the source code for Cyberpunk 2077 and two versions of Witcher 3. Just last week, the games’ source code was included in an auction post on a hacking forum. The auction was later closed after the attackers announced they’d found a buyer outside the forum, according to The Verge, which added that security analysts believe that attack used HelloKitty ransomware.
Record Spending on Gaming
Last year saw a 62 percent surge in sales of PC hardware and accessories, according to data from The NPD Group, which tracks trends in the video gaming industry. The growth was fueled largely by COVID-19 lockdown measures and the fact that most homes have access to a PC. Estimates from MarketWatch suggest similar growth in mobile and console-based gaming. Combined, the industry generated more than $179 billion last year — up from $159 billion in 2019.
As the gaming sector grows, so do the scope and sophistication of cyberattacks aimed specifically at gamers. Here are just a few sobering facts from a recent report on the State of the Internet for gaming, produced by IT research company Akamai.
- Web application attacks: These occur when cybercriminals gain control of databases to harvest personal information. There were about 152 million such attacks from July 2018 to June 2020.
- Credential stuffing: This kind of attack uses previous stolen or purchased credentials to automate brute-force targeting of websites. Akamai said it observed 10 billion such attacks from July 2019 to June 2020.
- DDoS: Distributed denial of service attacks don’t always directly threaten personal information. More often, they cause financial losses for gaming companies and frustration for gamers who can’t access servers. Akamai documented more than 3,000 such attacks from July 2019 to June 2020.
The Enemy Within
The Akamai report further noted that the most vulnerable and targeted elements in the industry are the gamers themselves. “They’re engaged and active in social communities. For the most part, they have disposable income, and they tend to spend it on their gaming accounts and gaming experiences,” the report notes. And it’s not just personal data that is stolen. Attackers can gain control of accounts and sell them. Or they can exploit them with automation to gather in-game resources that can be traded or sold.
Despite the cyber risks associated with gaming, players themselves seem unable to grasp the seriousness of the security threats they face. Akamai found that 55 percent of the gamers they surveyed for the report said they’d had accounts compromised, but only about 20 percent of gamers said they were concerned about having their accounts hacked. And almost as many people who said they would be most concerned about their credit card information if they were hacked (49 percent) said they were most concerned about in-game assets (43 percent).
‘You Can’t Solo Security’
Game developers, gaming websites and mobile apps, and individual gamers all face accelerating attacks by malicious actors, whose methods are growing in tandem with the sophistication of the games themselves. Security is an issue that needs greater attention from developers and players alike. Most gaming platforms have security measures in place to protect players, but players need to know what they are and how to activate them.
Gamers can take a few simple steps to improve their overall security online. Password managers are a good tool for simplifying the use of unique and complex passwords for online accounts. Enacting two-factor authentication adds an extra layer of protection to your accounts. For PC and console gamers, having the right data storage solution is critical to protection game and personal data from exposure.
SecureData has driven innovation in hardware-encrypted external storage for more than a decade. Our SecureDrive® and SecureUSB® devices feature military-grade encryption, multi-factor authentication, remote management capabilities that protect data in case of drive loss or theft, and built-in antivirus protection. Having the right accessories can enhance your gaming experience. But having the right storage device can protect your data from illegal access.