Skip to main content

Where competition turns into cybercrime: security and the gaming industry

gaming
(Image credit: Image Credit: Carballo / Shutterstock)

It is estimated that the global gaming market will amount to 268.8 billion U.S. dollars annually in 2025, up from 178 billion U.S. dollars in 2021. The spectacular growth of the gaming sector in a relatively short span has meant that, for a number of vendors, the security of the software they were bringing to market came as an afterthought, rather than something that was designed into the games from the start.  

However, where there is money to be made, there is cybercrime. The stellar revenues generated by games such as Fortnite make them an appealing target for attackers looking to make a profit by exploiting social engineering tactics to get players to reveal their passwords and by exploiting software bugs. 

But if gaming vendors didn’t already have their hands full dealing with financially motivated cyberattacks, there are other types of compromises they must be on the lookout for. The fierce competition fostered by multiplayer games means that certain players are prepared to go to extensive lengths to get an advantage in the game, even attempting to break the game’s security systems. 

Money is always the reason  

While the problem of players trying to breach the security of gaming platforms to get an advantage at the game is nothing new, the problem spiked exponentially around 10 years ago, when stadiums started getting filled up with players attracted by the money prizes such as the staggering 1mil offered by League and Dota2.  

One such example is the practice of aimbotting, which recently got one of the highest-ranked Apex Legend - the more competitive play mode in the Predator division of Apex - banned from the game.  Top Apex players can earn enough to make a living out of the game, which would explain why some users would go above and beyond to make it to the top team. Usually, cheaters are flagged by the system and don’t manage to climb the ladder undetected. But, in this instance, it took another player to flag the issue on Twitter to alert developers of the cheat.  

And it isn’t just software bugs that players exploit to win. Instances of downright fraud have been reported in Dota2, when Solo, one of the star players of the game, was caught committing betting fraud by bidding against his own team. This resulted in a lifetime ban from the game, which was then shortened to a year. This proves that where there is money to be made, people will try to circumvent rules and protections for a profit. 

The examples outlined above are specific to certain games, but variations of cheats are present in virtually all the major gaming platforms. Official tournaments are somewhat more secure, but stopping home players from cheating is a harder task. What might seem harmless actually ruins the experience, turns other consumers off, and cuts the profit from in-game purchases. In fact, a 2018 survey conducted by Irdeto found that 88 percent of players report having their experience impacted by cheaters, and 77 percent said they would likely stop playing the game if they realized someone was cheating.  

If cheating is so widespread, why aren’t game developers making it harder to cheat?  The first reason is the expanding threat landscape and attack surface. Scaling is a problem across all industries, but when it comes to gaming, the growth of certain platforms happened so rapidly that vendors had to choose between user experience and security. As a result, it is common for games to come with exploitable vulnerabilities that hackers are quick to identify and monetize.  

Those who are more skilled find the vulnerabilities and turn them into advantages for themselves. The more business-minded sell access to the exploits to other players. One of them is 18-year-old Bill Demirkapi, who was interviewed by CNBC in 2019 and revealed that he has several subscribers who pay over $100 every month to receive the cheats he develops on a monthly basis.  

Another classic way for players to cheat the game is launching a Distributed Denial of Service (DDoS) attack on the servers to crash the game and reset it. Two Apex Legends players were caught doing just that, and were banned from the game as a result. The pair sent a DDoS attack on an Xbox server once they realized they were losing, thus locking other players out of the game and resetting the match allowing them to win the ranking match.

The solution: cybersecurity fundamentals to the rescue 

Among the cheats that will be harder for gaming providers to weed out are DDoS attacks, which are incredibly cheap to pull off – all it takes is for hackers to overwhelm servers with bots and cause it to crash. Fortunately, solutions like real-time packet analysis and traffic diversion can help mitigate this issue.  

But when it comes to vulnerability exploits, it is important to remember that, fundamentally, games are just another piece of software. And, much like with every other piece of software, vulnerabilities can be spotted, managed and patched before they become a problem – the key is timing.  

Continuous vulnerability scanning is the only way to ensure that a software bug will be flagged to developers before it is discovered by hackers. Solutions which allow to prioritize issues are particularly effective for this type of platforms, since it might not be possible to take the game offline to apply a patch for any minor security issue. It is important to be able to assess the potential impact of each vulnerability and make a judgment call based on the risk of leaving it unpatched and the cost of running an update.  

Aside from cheaters, patching vulnerabilities can prevent gaming vendors from ending up in the wrong kind of headlines, like what recently happened to Electronic Arts, who ended up having its source code and related internal tools stolen by hackers.  

Ultimately, however, gaming vendors need to embed security into the software from the development stage. The issues we are seeing today are largely due to the rapid growth of the industry, which turned into a more and more appealing target for hackers as its market size increased. New games should be designed with security in mind, rather than time to market.

David Kennefick, product architect, Edgescan

David Kennefick, product architect, Edgescan.