Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Gaming. Show all posts

Classic Scam the Scammers? Epic Games Hackers Faked the Hack

epic gaming scam

Hackers stage Epic hack

A group announced earlier this week that they had successfully breached Epic Games and taken 189GB of data, including user information. They are now retracting their statements, claiming that they staged the whole event to deceive real hackers.

The group, which goes by the online handle Mogilevich, claims to have accomplished this by promising to sell potential hackers the technology needed to get access to Epic Games. Naturally, the technology and data they sent on—assuming they sent any—would be worthless if the attack had never occurred. According to Mogilevich, it sold this information to eight customers without demonstrating its ability to breach an organization such as Epic.

Epic gaming scam developments

Only a few days have passed since the "hack" was originally made public. After allegedly stealing "emails, passwords, full names, payment information, source code" from its assault on Epic, Mogilevich appeared to be attempting to ransom the data back to the business.

However, Mogilevich has since altered the narrative entirely. Since it's possible that the gang pulled off a hack and this was all misdirection, we cannot confirm whether or not their account of events is accurate. It does, however, correspond with Epic's statement that there was "zero evidence" of any hacking at all.

A Mogilevich member is said to have said, "You may be wondering why all this, and now I'm going to explain everything you need," on a page that it had previously promised would contain information from the Epic breach. "In reality, we are not a ransomware-as-a-service, but professional fraudsters."

Gang aimed to get new contacts

In explaining its methodology, Mogilevich claims that it staged the operation to make fresh connections for fraud. As per the gang, everything went as planned in this aspect, with aspiring hackers reportedly sending over tens of thousands of dollars.

"We don't think of ourselves as hackers but rather as criminal geniuses, if you can call us that", the message continues. They acknowledge that their goal was to acquire access to new "victims to scam," but ideally, users and employees of Epic Games are not among these victims.

Epic still needs to respond to this revelation.


Gaming PCs as Silent Storytellers: Why Privacy Is Crucial

 


Online games and video games are incredibly popular as a way to connect with people and interact with them. They are a great way to connect with others and interact with them. Many people enjoy playing games online, either on gaming consoles, computers, or mobile devices. However, online gaming also poses some risks, such as viruses, identity theft, and phishing attempts. 

For a game to track its players, a game must track at least some of their interactions during the game to be able to see when they have earned X or Y. Privacy threats are nothing new, but they're often overlooked when it comes to PC gaming. Achievements are one such example.  

As it becomes clear that such in-game tracking is ubiquitous and often taken for granted, it just might be worth taking a closer look at whether PC gaming might be a threat to privacy and how it might be overlooked as such. The information on these devices may be accessible and stolen by identity thieves and other fraudsters if they are not protected.

Spammers can use an unprotected computer as a "zombie drone" to send spam which appears to have been sent from the computer system itself. These computers may be infected with malicious viruses or spyware, causing their computers to be slow and unresponsive. 

There are several ways to secure the privacy of users by taking good care of their devices and protecting them with safety measures and good practices. For important software such as an internet browser, users need to make sure that they download the recommended updates from their device's manufacturer or operating system provider, particularly if it is an important update. 

A variety of tools can be used to prevent the use of malicious software on your device, including antivirus software, antispyware software, and firewalls. It is generally true that PC games are permitted to collect a limited amount of personal information from users so long as users allow them to do so within reasonable limits. Additionally, this data may be used or shared and stored in a wide variety of ways depending on the game device or platform being used. 

Antivirus software


In essence, antivirus software protects users against viruses that can damage their data, slow down or crash their hardware, or even allow spammers to send emails to them through the user's account as a result of their antivirus software. A user's files and incoming emails will be scanned for viruses by antivirus protection, and anything that can cause harm will be removed from the files and emails.

To protect themselves from the latest "bugs" that circulate on the internet, users must keep their antivirus software updated regularly. There is usually a feature in most antivirus software that automatically downloads updates when users are online. An effective firewall works by preventing cyber criminals from entering and using your computer by either using a software program or a physical device. Using Internet search engines, hackers do a similar thing to how some telemarketers use random phone numbers to contact clients. 

Concerns In Online Gaming 

Spyware Threats in Gaming


In the gaming world, players may find themselves at risk of spyware, particularly when engaging with untrustworthy online gaming platforms. Spyware, a clandestine monitoring tool, operates silently, observing a user's online activities without their awareness. The gathered information may be exploited by unscrupulous entities, leading to severe privacy breaches. 

Guarding Against Cyberbullying in Gaming


A typical instance of cyberbullying within the gaming community can be a very distressing experience for those involved. Besides humiliating their targets, the perpetrators also use tactics that attempt to coerce victims into revealing personal information through the use of intimidation and coercion. When obtained, a user's information can be used against them, emphasizing that in a gaming environment, vigilance and protective measures are essential to safeguarding the player's interests. 

Insomniac Games Cybersecurity Breach

A cyberattack has compromised the prestigious game company Insomniac Games, exposing private data without authorization. Concerns over data security in the gaming business have been raised by this hack, which has spread throughout the community.

Targeting Insomniac Games, the company behind the well-known Spider-Man series, the cyberattack was purportedly executed by a gang going by the name Rhysida. Fans and the gaming industry were left in a state of anticipation and fear as the hackers obtained access to a treasure mine of data, including secret footage of new projects like Wolverine.

The leaked information not only included sneak peeks into future game developments but also internal data that could compromise the studio's operations. The gravity of the situation prompted a rallying of support for Insomniac Games from both the gaming community and industry professionals.

Amid the chaos, cybersecurity experts have been quick to emphasize the importance of robust security measures in an era where digital attacks are becoming increasingly sophisticated. This incident serves as a stark reminder that even major players in the gaming industry are vulnerable to cyber threats.

Insomniac Games responded promptly to the breach, acknowledging the incident and assuring fans that they are taking necessary steps to address the issue. The studio urged users to remain vigilant and promptly report any suspicious activities related to their accounts.

The gaming community, known for its passionate fanbase, has shown solidarity with Insomniac Games in the wake of the cyberattack. Messages of support have flooded social media platforms, emphasizing the need for collective efforts to combat cyber threats and protect the integrity of the gaming industry.

As the situation unfolds, industry leaders and policymakers are likely to scrutinize the incident to enhance cybersecurity protocols across the gaming landscape. The hack serves as a wake-up call for developers and publishers to invest in cutting-edge security measures to safeguard intellectual property and user data.

Leaders in the industry and legislators will probably be closely examining the incident as it develops to improve cybersecurity practices in the gaming sector. Developers and publishers should take note of this hack and invest in state-of-the-art security solutions to protect user data and intellectual property.

The recent hack on Insomniac Games serves as a reminder that even the biggest names in the gaming business are susceptible to online attacks. The aftermath of this disaster calls for the gaming community as a whole to prioritize cybersecurity in addition to data security. One thing is certain as the gaming industry struggles with the fallout from this breach: protecting digital assets is critical to the business's long-term viability and public confidence.

Study Finds: Online Games are Collecting Gamers’ Data Using Dark Designs


A recent study conducted by researchers, at Aalto University Department of Science, has revealed a dark design pattern in online games in the privacy policies and regulations which could be used in a dubious data collection tactic of online gamers. In order to enhance privacy in online games, the study also provides design guidelines for game producers and risk mitigation techniques for users.

There are about three billion gamers worldwide, and the gaming industry is worth $193 billion, almost twice as much as the combined value of the music and film industries.

Janne Lindqvist, associate professor of computer science at alto noted, “We had two supporting lines of inquiry in this study: what players think about games, and what games are really up to with respect to privacy.’

The study's authors were astonished by how complex the concerns of gamers were. 

“For example, participants said that, to protect their privacy, they would avoid using voice chat in games unless it was absolutely necessary. Our game analysis revealed that some games try to nudge people to reveal their online identities by offering things like virtual rewards,” said Lindqvist in a report published in the journal Proceedings of the ACM on Human-Computer Interaction.

The authors found examples of games that used "dark design," or interface decisions that coerce users into taking actions they otherwise would not. These might make it easier to gather player data, motivate users to connect their social media profiles, or permit the exchange of player information with outside parties. 

“When social media accounts are linked to games, players generally can’t know what access the games have to these accounts or what information they receive,” said Amel Bourdoucen, doctoral researcher in usable security at Aalto.

For instance, in some of the prevalent games, gamers can log in with their social media accounts. However, these games may not disclose the information they have gathered in the interaction. “Data handling practices of games are often hidden behind legal jargon in privacy policies,” said Bourdoucen.

It has thus been suggested to gaming authorities to specify the data they are collecting from the users, making sure that the gamers acknowledge and consent to their data being collected.

“This can increase the player’s awareness and sense of control in games. Gaming companies should also protect players’ privacy and keep them safe while playing online,” the authors wrote.

The study reveals that the gamers often had no idea that their chat-based conversations could be revealed to outside parties. Additionally, throughout a game, players were not informed about data sharing.

The study further notes that the players are aware of the risks and in fact take certain mitigation methods.

Lindqvist says that, “Games really should be fun and safe for everybody, and they should support the player’s autonomy. One way of supporting autonomy would be able to let players opt out from invasive data collection.”  

Call of Duty Bid: Microsoft Makes New Bid to Acquire Call of Duty Giant


In the newest turn of events, Microsoft has made an offer to acquire Activision Blizzard, the company behind the Call of Duty video game. Its original bid of $69bn is however blocked by UK regulators.

According to Brad Smith, Microsoft’s president, the offer was “subsequently different” and should be approved.

While the UK Competition and Markets Authority (CMA) is set to analyze the deal, they noted that “this is not a green light.”

If accepted, the offer would put an end to a turbulent 18 months for Microsoft.

Regulators Express Their Concerns

Since the initial announcement of the bid in January last year, the proposed merger has raised concerns of several regulators around the world, claiming that doing so could restrain the choices of gamers. 

In regards to this, CMA will make certain decisions on Microsoft’s revised bid by October 18, without which no further conclusions will be made. 

In counter to the allegations, Microsoft confirms this merger will in fact boost demands for the Xbox console and its gaming subscription business. 

In the revised bid, Microsoft has agreed to the proposal seeking rights to stream Activision games from the cloud to Ubisoft, a video games publisher.

"Microsoft will not be in a position either to release Activision Blizzard games exclusively on its own cloud streaming service - Xbox Cloud Gaming - or to exclusively control the licensing terms of Activision Blizzard games for rival services," Mr. Smith stated.

It claimed that 40 nations, including the European Union and China, had approved its initial bid for Activision as of this point. The US Federal Trade Commission is still attempting to obstruct the deal in the US, but the courts have repeatedly overruled its arguments.

However, CMA has blocked the tie-up in April, saying this would harm innovation and choice for gamers in the rapidly evolving cloud gaming business. To this, Mr. Smith said it was “bad for Britain” and marked Microsoft’s “darkest day” in the four decades of its operating in the country. Also, this was a shock to the UK government, which aims for the country to become a ‘tech powerhouse.’

Activision boss Bobby Kotick said the deal had been "a longer journey than expected" but that "nothing substantially changes" under the new bid.

"We will continue to work closely with Microsoft and the CMA throughout the remaining review process, and we are committed to help Microsoft clear any final hurdles as quickly as possible," he said.

Commenting on this issue, Microsoft’s rival Sony too has objected to the deal, claiming that following the merger, Microsoft will stop some major games that are available in its own PlayStation business. 

For the merger to succeed, the revised bid is required to secure the approval of regulators in the UK, the U.S. and the EU. In case this bid does go ahead, this will also be a winning situation for the CMA, which could then earn an opportunity to approve the bid. 

In regards to this, CMA’s chief executive Sarah Cardell says that Microsoft’s new offer was "substantially different from what was put on the table previously[…] We will carefully and objectively assess the details of the restructured deal and its impact on competition, including in light of third-party comments."

"Our goal has not changed - any future decision on this new deal will ensure that the growing cloud gaming market continues to benefit from open and effective competition driving innovation and choice," she said.  

Warcraft Fans Trick AI with Glorbo Hoax

Ambitious Warcraft fans have persuaded an AI article bot into writing about the mythical character Glorbo in an amusing and ingenious turn of events. The incident, which happened on Reddit, demonstrates the creativity of the game industry as well as the limitations of artificial intelligence in terms of fact-checking and information verification.

The hoax gained popularity after a group of Reddit users decided to fabricate a thorough backstory for a fictional character in the World of Warcraft realm to test the capabilities of an AI-powered article generator. A complex background was given to the made-up gnome warlock Glorbo, along with a made-up storyline and special magic skills.

The Glorbo enthusiasts were eager to see if the AI article bot would fall for the scam and create an article based on the complex story they had created. To give the story a sense of realism, they meticulously edited the narrative to reflect the tone and terminology commonly used in gaming media.

To their delight, the experiment was effective, as the piece produced by the AI not only chronicled Glorbo's alleged in-game exploits but also included references to the Reddit post, portraying the character as though it were a real member of the Warcraft universe. The whimsical invention may be presented as news because the AI couldn't tell the difference between factual and fictional content.

The information about this practical joke swiftly traveled throughout the gaming and social media platforms, amusing and intriguing people about the potential applications of AI-generated material in the field of journalism. While there is no doubt that AI technology has transformed the way material is produced and distributed, it also raises questions about the necessity for human oversight to ensure the accuracy of information.

As a result of the experiment, it becomes evident that AI article bots, while efficient in producing large volumes of content, lack the discernment and critical thinking capabilities that humans possess. Dr. Emily Simmons, an AI ethics researcher, commented on the incident, saying, "This is a fascinating example of how AI can be fooled when faced with deceptive inputs. It underscores the importance of incorporating human fact-checking and oversight in AI-generated content to maintain journalistic integrity."

The amusing incident serves as a reminder that artificial intelligence technology is still in its infancy and that, as it develops, tackling problems with misinformation and deception must be a top focus. While AI may surely help with content creation, it cannot take the place of human context, understanding, and judgment.

Glorbo's developers are thrilled with the result and hope that this humorous occurrence will encourage discussions on responsible AI use and the dangers of relying solely on automated systems for journalism and content creation.




Google Kills its Game Streaming Service Stadia, Will Refund Purchases


About Stadia

Google is closing down its video game streaming service, Stadia, in January 2023. All purchases will be reverted back and the tech will continue to be used in YouTube and other areas of its business, however, the app for customers and storefront will shut down after five years of its launch, piling in the existing dump of projects that Google has shut down. 

While Stadia's aim towards streaming games for customers was based upon a robust tech foundation, it failed to gain the traction with the users that Google expected, resulting in the difficult decision of shutting down Stadia's streaming service. 

Google's Response

Vice President Phil Harrison said that Google is grateful for the players that have been there since the beginning of Stadia. The company will give back all the in-game purchases done on Google Store, including game and add-on content purchases made via the Stadia store. 

Players will continue to have access to their games library and can play until January 18, 2023, so that they complete the final play sessions. 

The gaming industry giant further said that refunds will be completed by mid-January, emphasizing that while Stadia will die, the tech behind it will still be available to "industry partners" for other joint-ventures, like AT&T's latest attempt to launch Batman: Arkham Knight on smartphones using streaming. 

People had a hunch of Google's moves, but what is surprising has Ubisoft announced "Assassin's Creed Mirage" will stream on Amazon's Luna service, but not Stadia, the first game in the blockbuster series to do this. 

The rise and fall of Stadia

When Stadia was initially launched, Google talked a huge game back during the Game Developer Conference 2019, however, it was evident later that Stadia wasn't quite up for the game. 

The tech was impressive, however, major features were missing, and the launch library was not up to the mark. Stadia kept on adding new games, most of them bought a la carte, to make it a lucrative investment for the casual audience Stadia was made for. 

However, Xbox Game Pass surfaced and combined a giant library with a mere monthly fee. Stadia, on the other hand, was struggling to bring big games to its platform, spending tens of millions to lure games like Red Dead Redemption 2. 

Google's next ventures

It doesn't mean that Stadia was a flop since the beginning. Google's track record, and Stadia's own history, make one ask whether they even wanted to be in this thing in the first place. 

Stadia's first-party studios closed down last year, abandoning projects in the pre-production stage and leaving a few developers who moved to a different place feeling cheated by the company. 

Harrison says Google is committed to gaming and will keep on investing in new tools, tech, and platforms that give a boost to developers, industry partners, cloud customers, and creators. 


Threat Actors Abuse Discord to Push Malware

 

Cybercriminals are using Discord, a popular VoIP, instant chat, and digital distribution network used by 140 million users in 2021, to disseminate malware files. 

Discord servers can be organised into topic-based channels where users can share text or audio files. Within the text-based channels, they can attach any form of material, including photos, document files, and executables. These files are maintained on the Content Delivery Network (CDN) servers of Discord. 

However, many files transferred over the Discord network are malicious, indicating that actors are abusing the site's self-hosted CDN by forming channels with the sole aim of distributing these harmful files. Although Discord was designed for the gaming community initially, many corporations are now adopting it for office communication. Many businesses may be permitting this unwanted traffic onto their network as a result of these malicious code files placed on Discord's CDN. 

Exploiting Discord channels 

RiskIQ researchers looked deeper into how Discord CDN utilises a Discord domain through links that use [hxxps://cdn.discordapp[.]com/attachments/{ChannelID}/{AttachmentID}/{filename}] as the format to discover malware. 

According to the researchers, they spotted links and queried Discord channel IDs used in these links, enabling them to identify domains comprising web pages that connect to a Discord CDN link with a certain channel ID. 

“For example, the RiskIQ platform can query the channel IDs associated with zoom[-]download[.]ml,” researchers explained. “This domain attempts to spoof users into downloading a Zoom plug-in for Microsoft Outlook and instead delivers the Dcstl password stealer hosted on Discord’s CDN.” 

In another case, RiskIQ determined that the channel ID for a URL containing a Raccoon password stealer file returned a domain for Taplink, a  site that offers users micro landing pages to send them to their Instagram and other social media accounts. 

According to the researchers, the approach allowed them to discover the day and time Discord channels were launched, connecting those generated within a few days after the first observation of a file in VirusTotal to channels with the sole purpose of disseminating malware. They eventually discovered and cataloged 27 distinct malware types hosted on Discord's CDN. 

About the malware 

Discord CDN URLs containing.exe, DLL, and different document and compressed files were detected by RiskIQ. It was discovered that more than 100 of the hashes on VirusTotal were transmitting malicious information. 

RiskIQ discovered more than eighty files from seventeen malware families, however, Trojans were the most frequent malware found on Discord's CDN. For most malware found on Discord's CDN, RiskIQ noticed a single file per channel ID. 

According to Microsoft's identification of the files and further research, there are a total of 27 distinct malware families, divided into four types: 
• Backdoors, e.g., AsyncRat 
• Password Stealers, e.g., DarkStealer 
• Spyware, e.g., Raccoon Stealer 
• Trojans, e.g., AgentTesla 

The exploitation of Discord's infrastructure throws light on the rising problem of CDN abuse by malicious attackers across the web. Using internet-wide visibility to identify malware in CDN infrastructure is significant to limiting the damage these valuable malware delivery techniques might have on the firm.

Twitch Admits to a Major Data Breach

 

Twitch, Amazon's livestreaming service for video games, has revealed that it has suffered a data security breach. The attack is said to have resulted in the loss of information on live streamer’s pay-out amounts, Twitch source code, and details about a putative Steam competitor from Amazon Game Studios. In a tweet Wednesday morning, Twitch said, “We can confirm a breach has taken place. Our teams are working with urgency to understand the extent of this. We will update the community as soon as additional information is available.” 

Twitch was founded in 2011 by the co-founders of Justin.tv, one of the earliest livestreaming websites. Twitch was purchased by Amazon in 2014 for $970 million. 

On the 4chan message board, an anonymous poster has released a 125GB torrent claiming to contain the entirety of Twitch and its commit history. The breach is said to be intended to "promote further disruption and competition in the online video streaming industry," according to the poster. 

The leak includes 3 years’ worth of details regarding creator pay-outs on Twitch, the entirety of twitch.tv, “with commit history going back to its early beginnings,” source code for the mobile, desktop, and video game console Twitch clients, code related to proprietary SDKs and internal AWS services used by Twitch, an unreleased Steam competitor from Amazon Game Studios, data on other Twitch properties like IGDB and CurseForge, Twitch’s internal security tools. 

The leak has been labeled as “part one,” implying that there may be more to come. While personal information such as creator payments is included, it does not appear that passwords, addresses, or email accounts of Twitch users are included in this initial breach. Instead of publishing code that would contain personal accounts, the leaker appears to have focused on sharing Twitch's own company tools and information. 

Malware authors might potentially utilize the leaked Twitch code to infect the platform's userbase by exploiting software vulnerabilities. According to Quentin Rhoads-Herrera, director of professional services at cybersecurity company Critical Start, any return the attackers would obtain would be modest and not worth their effort. 

“This is more of a way to publicly humiliate Twitch and potentially lower the trust the Twitch users may have in the platform and company,” Rhoads-Herrera said.

EA Faces Criticism After Ignoring Warnings from Cybersecurity Researchers

 

After dismissing cybersecurity researchers' warnings in December 2020 that various flaws left the firm extremely vulnerable to hackers, gaming giant Electronic Arts is facing even more criticism from the cybersecurity industry. Electronic Arts Inc. is a video game developer and publisher based in Redwood City, California. As of May 2020, it is the second-largest gaming firm in America and Europe, after Activision Blizzard and ahead of Take-Two Interactive and Ubisoft in terms of revenue and market value.  

Cyberpion, an Israeli cybersecurity firm, contacted EA late last year to warn them about a number of domains that could be taken over, as well as misconfigured and potentially unknown assets and domains with misconfigured DNS records. Despite delivering EA a detailed document outlining the difficulties as well as a proof of concept, Cyberpion co-founder Ori Engelberg claims EA did nothing to fix the flaws. 

According to Engelberg, EA acknowledged receiving the information about the vulnerabilities and stated that they will contact Cyberpion if they had any further questions, but they never did. "We inspect the entire internet but as gamers, we are customers of EA. So many of our employees play FIFA and other games. We love EA so we wanted to contact them to help because their online presence is significant," Engelberg said. 

"What we found is the ability to take over assets of EA. It is more than just taking the assets of EA, it is about what can be done with these assets because we know EA. We know that if somebody can send emails from the domains of EA to us, the customers, or to suppliers of EA or to employees of EA, then that's the easiest door to the company. It isn't even a door. It is something simpler," Engelberg added. He said that malicious actors might use the stolen domains to send emails appearing to be from EA, asking customers to transfer account details or other data.

Last week, it was revealed that a "chain of vulnerabilities" might have allowed attackers to obtain access to personal information and take control of accounts, causing EA to face outrage. In recent weeks, Motherboard reported that EA's large data breach was caused by a hacker's ability to obtain access to an account by abusing Slack privileges. 

Hackers boasted on forums about stealing 780 GB of data from the company and acquiring full access to FIFA 21 matchmaking servers, FIFA 22 API keys, and various Microsoft Xbox and Sony software development kits. They also claim to have a lot more, such as the Frostbite source code and debugging tools, which is used to power EA's most popular games like Battlefield, FIFA, and Madden.

Attackers Pummelled the Gaming Industry During the Pandemic

 

According to Akamai, a content delivery network (CDN), the gaming business has seen more cyberattacks than any other industry during the COVID-19 pandemic. Between 2019 and 2020, web application attacks against gaming organizations increased by 340 %, and by as high as 415 % between 2018 and 2020. “In 2020, Akamai tracked 246,064,297 web application attacks in the gaming industry, representing about 4% of the 6.3 billion attacks we tracked globally,” reads Akamai’s Gaming in a Pandemic report. 

Cybercriminals frequently used Discord to coordinate their operations and discuss best practices on various techniques such as SQL Injection (SQLi), Local File Inclusion (LFI), and Cross-Site Scripting (XSS), according to the company. SQLi assaults were the most common, accounting for 59% of all attacks, followed by LFI attacks, which accounted for nearly a quarter of all attacks, and XSS attacks, which accounted for only 8%. 

“Criminals are relentless, and we have the data to show it,” Steve Ragan, Akamai security researcher and author of the report, was quoted as saying in a press release. “We’re observing a remarkable persistence in video game industry defenses being tested on a daily – and often hourly – basis by criminals probing for vulnerabilities through which to breach servers and expose information. We’re also seeing numerous group chats forming on popular social networks that are dedicated to sharing attack techniques and best practices.” 

Credential-stuffing attacks increased by 224% in 2019 compared to the previous year. Surprisingly, distributed denial-of-service (DDoS) attacks decreased by approximately 20% within the same period. Each day, millions of these attacks target the industry, with a peak of 76 million attacks in April, 101 million in October, and 157 million in December 2020, according to Akamai. 

Credential stuffing is a type of automated account takeover attack in which threat actors utilize bots to bombard websites with login attempts based on stolen or leaked credentials. They can then proceed to exploit the victims' personal data once they find the perfect mix of "old" credentials and a new website. 

Last year, these attacks grew so frequent that bulk lists of login names and passwords could be purchased for as little as $5 per million records on dark web marketplaces. Poor cyber-hygiene practices such as reusing the same passwords across many online accounts and employing easy-to-guess passwords could be blamed for the increase in attacks. 

“Recycling and using simple passwords make credential stuffing such a constant problem and effective tool for criminals. A successful attack against one account can compromise any other account where the same username and password combination is being used,” said Steve Ragan.

Data of 6 Million Battle for the Galaxy Players Leaked

 

WizCase security experts recently uncovered an unsecured ElasticSearch server owned by AMT Games, a Chinese mobile and browser game company, that exposed 5.9 million Battle for the Galaxy users' accounts, as well as 2 million transactions and 587,000 feedback messages. 

Despite the fact that AMT Games used the server to store profile information, payment history, and feedback messages for millions of Battle for the Galaxy players, the researchers discovered that data stored in the ElasticSearch server was not encrypted and the server was not secured with a password. 

AMT Games, which has a slew of mobile and social games with tens of millions of downloads, exposed 1.5TB of data through an Elasticsearch server. AMT Games Ltd. is a renowned mobile and browser-based online game company based in China. It creates games for Android, iPhone, Steam, and web browsers. Battle for the Galaxy, Heroes of War: WW2 Idle RPG, Epic War TD2, and Trench Assault are among of the company's most popular games. 

Player IDs, usernames, country, total money spent on the game, and data from Facebook, Apple, or Google accounts if the user linked them to their gaming account are often included in profiles. Account IDs, feedback ratings, and users' email addresses are all included in feedback messages. 

According to WizCase, transaction data includes price, item purchased, time of purchase, payment provider, and occasionally buyer IP addresses. Users who had their data exposed were advised that it could have been snatched up by opportunistic cyber-criminals looking for misconfigured databases. It went on to say that information on how much money people have spent on the site might help fraudsters target the biggest spenders. 

WizCase warned that "it is common for unethical hackers and criminals on the internet to use personal data to create trustworthy phishing emails. The more information they possess, the more believable these emails look." Bad actors could utilize personal information like email addresses and user difficulties with the service to "pose as game support and send users to fraudulent websites where their credit card credentials can be stolen," according to the report. 

The company advised players to enter as little personal information as possible when purchasing or setting up an account, and parents not to lend their credit cards to their children. WizCase stated that it notified AMT Games of the data breach but received no response. Access to the database was later disabled by the company.

Hackers Attack Gaming Community Using Supply Chain Attacks

 

Researchers at ESET found that NoxPlayer's latest updated mechanism, which is an android emulator for macOS and Windows, was attacked by hackers. The attacker used the hack to corrupt gamer systems with malware. BigNox, a Hongkong based company, makes these emulators. Gamers across 150 countries around the world use NoxPlayer, says BigNox. However, research by ESET indicates that the supply chain attack only focused on Asian gamers. The attacker used three different malware strains. The threat actor behind the attack is currently named "Nightscout." 

To plant corrupt payloads in their victims' systems, Nightscout attacked BigNox's "res06.bignox.com storage infrastructure" to store the trojan and "api.bignox.com API infrastructure" to run the payloads.  ESET report says, "in January 2021, we discovered a new supply-chain attack compromising the update mechanism of NoxPlayer, an Android emulator for PCs and Macs, and part of BigNox’s product range with over 150 million users worldwide. This software is generally used by gamers in order to play mobile games from their PCs, making this incident somewhat unusual." 

Experts at ESET are positive about BigNox's infrastructure compromise used to host malware, along with the compromise of their API infrastructure. In few cases, attacked used BigNox updater to download additional payloads using hacker-controlled servers. ESET discovered few other supply chain attacks in 2020 like "Operation SignSight" which attacked the Vietnamese government and compromised their software, and "Operation StealthyTrident" which attacked desktop users, the banking sector, and government agencies. However, Operation Nightscout is slightly different, and more dangerous, as it attacked the gaming community to gain intelligence. It is rare to collect information through espionage attacks on the gaming community, which makes operation Nightscout a bigger threat.  

"We spotted similarities in loaders we have been monitoring in the past with some of the ones used in this operation, such as instances we discovered in a Myanmar presidential office website supply-chain compromise on 2018, and in early 2020 in an intrusion into a Hong Kong university. Three different malware families were spotted being distributed from tailored malicious updates to selected victims, with no sign of leveraging any financial gain, but rather surveillance-related capabilities," says ESET.

Japanese Games Publisher Koei Tecmo Suffers Cyber Attack, 65,000 Users Account Compromised


The Japanese games' publisher Koei Tecmo was targeted by hackers who compromised the company's English language website and stole confidential data belonging to over 65,000 users. Following the attack, Koei Tecmo announced that they have temporarily shut down their US and European website as a precautionary measure. 


The hackers targeted the company’s website to obtain confidential information about the user accounts like names, encrypted passwords, and email addresses, however, the hackers were not successful in their attempt to acquire the data related to 'user payment details'.  

The Japanese publisher announced in the press release that “Within the website operated by KTE, the ‘Forum’ page and the registered user information (approximately 65,000 entries) has been determined to the data that may have been breached. The user data that may have been leaked through hacking is perceived to be the (optional) account names and related password (encrypted) and/or registered email address.” 

In the press release, the publisher further stated that users do not need to worry about personal financial information because they do not store this confidential information about the users.  

Referencing the reports of Bleeping Computer, the hacker has leaked critical information about users' accounts for free on a hacker forum like IP addresses, email addresses, and passwords.  

Founded in 2009, following the merger of 'Koie' and 'Teo', Koei Tecmo is a Japanese video game and anime holding organization that is responsible for many popular PC and console games like Hyrule Warriors; Age Of Calamity, Dead or Alive, Nioh 2, Atelier Ryza, to name a few. 

The attackers assert that they have used a spear-phishing campaign to hack the koeitecmoeurope.com website on December 18th. The operators behind the attack also claimed that they were deliberating to sell a forum database for 0.05 bitcoins or about 1,300 dollars on a hacking marketplace.  

As per the reports by Bleeping Computer, stating their malevolent motives, the hackers told that they have “leaked the data to punish the Koei Tecmo publisher because they were not following the General Data Protection Regulation (GDPR) guidelines and they were refusing to spend the money on encrypting the users' information and were using a fragile salted MD5 hashing algorithm from 1992 and further warned them if they do not use the strong encryption techniques, we will continue to attack them”. 


Fake Among Us apps floating over the internet can deploy malware and adware in your device

There is an imposter among us, quite literally - the popular gaming app has attracted many flukes and malware carrying apps made to look like the legit gaming application or mod. These malicious apps can range from harmlessly annoying to quite dangerous.

Players looking for Among Us should be cautious as to use only trustworthy sources to install the app from and look into mods and their legitimacy before using them.

These "fake" apps range from mock among us intending to swindle off from the game's success to mods, which attracts young players in the lure of hacks but actually drops malware in the system or steal data from the device.
A report from TechRadar says that currently there are 60 fake imposter apps of Among Us including apps that can i) install adware or bloatware or ii) apps that deploy malware and iii) steal financial data. 

Why Among Us? 

Among Us, a multiplayer PC and mobile game suddenly became popular in 2020. Though it was released in 2018, did not gain much attention until gaming streamers started broadcasting the game. Developed by InnerSloth, a small studio in Redmond, Washington, Among Us has stayed top five on Apple’s U.S. App Store since Sept. 1, with more than 158 million installs worldwide across the App Store and Google Play. 

Word to mouth marketing and pandemic imposed lockdown made the game quickly catch up with young players which these miscreants exploited. A young player looking for hacks and mods would be easy to dupe and install a fake app that installs adwares or one that's more damaging. 

Precautions to avoid Among Us imposter apps:

It's smart to avoid any website that claims to offer hacks, resources, packs, and mods as people without much background in gaming and the cyber world won't be able to detect malicious content. 

 
Always install the app from a trusted source and after reading comments as they would tell you if anything is wrong with the app. 

As to find out the legitimacy of mods it's best to use the community. In themselves mods are harmless but as told before some of these fake ones could add codes into your device. Use legitimate mod websites and if going for a private website then do read comments as someone would probably write any suspicious behavior on the discourse. Also, mods developed by semi-public figures or among us content creators will usually be safe.

Gamer Alert: More than 10 Billion Attacks On Gaming Industry In 2 Years


According to cybersecurity firm Akamai's recent report titled "State of the Internet/Security," the gaming sector has suffered a big hit in the previous two years. Experts have reported around 10 Billion cyberattacks on the gaming industry between June 2018 and June 2020.

Akamai recorded 100 Billion credential stuffing attacks during this period, out of which 10 Billion amount to attacks on the gaming sector. Besides credential stuffing, Akamai also recorded web application attacks. Hackers targeted around 150 Million web application attacks on the gaming sector.

"This report was planned and mostly written during the COVID-19 lockdown, and if there is one thing that's kept our team san; it is constant social interaction and the knowledge that we're not alone in our anxieties and concerns," says the report. Web application attacks mostly deployed SQL injections and LFI ( Local File Inclusion ) attacks as per the latest published report. It is because hackers can sensitive information of users on the game server using SQL and LFI.

The data can include usernames, account info, passwords, etc. Besides this, experts say that the gaming sector is also a primary target for DDoS (distributed denial-of-service) attacks. Between July 2019 and July 2020, Akamai identified 5,600 DDoS attacks, out of which hackers targeted 3000 attacks on the gaming sector. The increase in the attacks can be because most gamers don't pay much attention to cybersecurity.

According to data, 55% of gamers experienced suspicious activity in their accounts. However, just 20% of these gamers expressed concern about the compromise. Around 50% of hacked players feel that security is a mutual responsibility between gamers and gaming companies. 

Akamai emphasized their concern over the gaming sector becoming an easy target for the hackers. According to Akamai's report, "Web attacks are constant. Credential stuffing attacks can turn data breaches from the days of old (meaning last week) into new incidents that impact thousands (sometimes millions) of people and organizations of all sizes. DDoS attacks disrupt the world of instant communication and connection. These are problems that gamers, consumers, and business leaders face daily. This year, these issues have only gotten worse, and the stress caused by them was compounded by an invisible, deadly threat known as COVID-19."

Nintendo Confirms Around 160,000 User Accounts Affected in Recent Hacks


On Friday, the Japanese gaming giant, Nintendo confirms that around 160,000 user accounts of Nintendo Switch users have been affected in the recent hacking attempts.

Nintendo's Switch game console is immensely popular among avid gamers and its demand has risen dramatically amid the lockdown forced by COVID-19 pandemic, making it out of stock almost everywhere. As the number of people turning to Nintendo is rapidly increasing, the number of hackers targeting digital accounts has also increased as a result.

In the wake of the breach, Nintendo has disabled the option of logging into a Nintendo account via Nintendo Network ID (NNID)– login IDs and passwords of the users have been acquired in an unauthentic way by some means other than Nintendo's service, the company confirmed. Notably, these attempts to access accounts illegally have been made since the beginning of April. The information compromised during the breach includes usernames, DOB, email addresses, and country.

The company has notified all the affected users of the breach through an email, alerting them to reset their passwords.
Meanwhile, the company also warned the users in case they have used a common password for their NNID and Nintendo account, and said, “your balance and registered credit card / PayPal may be illegally used at My Nintendo Store or Nintendo eShop.”

The company further recommended the users to enable two-factor authentication as some accounts are already being used to make fraudulent purchases. Affected users are advised to contact Nintendo so that the company can examine their purchase history and cancel fraudulent purchases.

"We will soon contact users about resetting passwords for Nintendo Network IDs and Nintendo Accounts that we have reason to believe were accessed without authorization," the company said.

While apologizing to the customers, Nintendo said, "We sincerely apologize for any inconvenience caused and concern to our customers and related parties,"

"In the future, we will make further efforts to strengthen security and ensure safety so that similar events do not occur." the company added.

1.1 Million Customers Records of SCUF Gaming Exposed Online


The database of more than 1 million customers was exposed online by 'SCUF Gaming', a subsidiary of Corsair that develops high-end gamepads for Xbox, PS4, and PC. The incident led to the exposure of clients' names, payment info, contact info, repair tickets, order histories, and other sensitive information. Other data belonging to the company's staff and internal API keys were also compromised as a result.

The data was left unprotected for two days before being discovered by the security researcher, Bob Diachenko who reported the same to Scuf Gaming. The team led by the researcher found the data on the web without any password protection or authentication.

The database was taken down by the company in less than two hours of being notified. Meanwhile, bot crawlers got enough time to locate the exposed database and a ransom note was found demanding 0.3 BTC from the company. The note says that the data had been downloaded by the cybercriminals, however, no such action is being detected by the systems. "Your Database is downloaded and backed up on our secured servers. To recover your lost data, Send 0.3 BTC to our BitCoin Address and Contact us by eMail.” The note read.

Experts are of the belief that the involved criminals did not get enough time to delete or encrypt the data present in the database, hence, it's unlikely that they would have been able to download it either. However, SCUF clients and staff could face a risk of phishing attacks, identity theft, and fraud by the cybercriminals who might have downloaded some pieces of
the leaked database.

In a conversation with Comparitech, a spokesperson for Corsair, parent company to SCUF gaming told, “…Once notified, we identified the root cause of this exposure and secured the database within two hours. While investigating Mr. Diachenko’s warning, we also discovered that a bot had connected to the database’s server and placed a ransom note there. We have no evidence that either the bot or any other actor was able to misappropriate customer data.

This issue was specific to one system, being operated off-site due to work-from-home precautions resulting from the current COVID-19 pandemic.”

To stay on a safer side, SCUF Gaming customers are advised to keep an eye for any suspicious activity in regard to their bank accounts as scammers who were to able gather whatever bits of information they could, are likely to attempt targeted phishing attacks.

DDoS Attacks on the Gaming Giant Blizzard Causing Worldwide Service Disruption


In order to ruin the users' stay at home during their work from home period brought about by COVID-19, the hackers have hit gaming giant "Blizzard" with a colossal DDoS attack causing worldwide service disruption.

The attack, as per reports was carried out on March 18th around 2:20 AM (GMT) when Blizzard users took the issue to Twitter and the Customer Support handle for Blizzard on Twitter additionally affirmed enduring the DDoS attacks.

The company further clarified that it is “currently investigating an issue affecting our authentication servers, which may result in failed or slow login attempts.”

As indicated by DownDetector's live map, Blizzard is as yet enduring the result of the attack particularly in the US, Israel, Bahrain, Iraq, China, Singapore, Malaysia, and Denmark and a few other countries.
Image credit: Down Detector’s live map


Furthermore, it is very unclear whether the DDoS attack has halted as there has been no update tweet from the company. It is, however, worth noting that Blizzard is home to probably the most mainstream games including World of Warcraft, Overwatch, Heroes of the Storm and Diablo Immortal, and so on.

The gaming monster has a strong customer base with in excess of 32 million active users across the global. Aside from these EA Sport, a division of Electronic Arts is likewise enduring a worldwide service blackout.

It is indistinct on the off chance that it is an aftereffect of a DDoS attack or the company is confronting technical challenges within however there have been various tweets from EA Sports customers complaining about lagging and connectivity issues.

As indicated by DownDectector's live map, EA Sports is as yet enduring lagging issues in the US, United Kingdom, France, Spain, Denmark, Japan, and Israel, and so forth.

Image credit: Down Detector’s live map


By and by, it is most likely not a smart decision to DDoS Blizzard but rather users are encouraged to remain tuned for any further news with respect to the attack.

Counter-Strike: Global Offensive (CS:GO) — Money Laundering Prompts Valve to Shut Down In-Game Key Sales


Counter-Strike: Global Offensive (CS: GO) was being targeted by criminals for money laundering, according to the US video game developer, Valve. In a statement, the makers told that the aim of the attackers is to "liquidate their gains".

Developed by Valve and Hidden Path Entertainment, CS: GO is a popular multiplayer, first-person shooter game in which two teams go against each other strategically completing given objectives such as diffusing bombs and rescuing hostages.

The game allows players to earn cosmetic upgrades for their guns and avatars in loot containers, normally these boxes can only be opened via a key that players have to buy from Valve. However, the makers observed that "worldwide fraud networks have recently shifted to using CS: GO keys to liquidate their gains. At this point, nearly all key purchases that end up being traded or sold on the marketplace are believed to be fraud-sourced." The fraudsters exploited the loot gathering systems in the game to trade keys which further allowed them to unlock rewards for real money.

As a security measure, the company has updated the game in a manner that shuts down the ability to transfer new loot box container keys among users in the game.

"CS: GO container keys purchased in-game can no longer leave the purchasing account. That is, they cannot be sold on the Steam Community Market or traded. Pre-existing CS: GO container keys are unaffected–those keys can still be sold on the Steam Community Market and traded," the blog read.

In the blog post, the company also expressed concern for the effect this would have on legitimate players but also emphasized the need to combat fraud which they have on priority.

While the total amount of money laundered through the Steam marketplace remains ambiguous, hundreds of thousands of loot containers along with keys have been traded by the criminals via the online marketplace. Notably, the boxes and keys were traded for a few dollars each.

In the past seven years of its existence, CS: GO amid gaining massive popularity has unfortunately also attracted a number of disputable scenarios including illegal gambling and hidden business interests for social media influencers.