Search This Blog

Showing posts with label Video Game Developer. Show all posts

2K Games’ Support System Hacked via Notorious Malware

 

Days after a hacker targeted Rockstar Games, another American video game developer 2K reportedly suffered a targeted cyberattack wherein the attackers designed a clone version of its support system. The hackers employed RedLine password-stealing malware to access the company’s help desk. 

In a tweet, the video game publisher said it recently unearthed that a hacker managed to “illegally access” the credentials of one of its vendors to the helpdesk platform. 

The company advised users to reset the account passwords stored in their web browser and enable two-factor authentication wherever possible — while avoiding 2FA with text message verification. Additionally, players can install and run a trustable antivirus program and scan their account settings to see if any forwarding rules have been added to their email accounts. 

"The unauthorized party sent a communication to certain players containing a malicious link. Please do not open any emails or click on any links that you receive from the 2K Games support account," the company warned. 

Although 2K did not name the vendor, notably the company uses Zendesk Inc. for its support portal. It’s unknown if a Zendesk account was compromised or if the account belongs to another third-party vendor used by 2K, which also had access to the Zendesk-powered support portal. 

According to Bleeping Computer, the malicious texts received by 2K users originated from a fake 2K support representative called “Prince K.” The messages included an attached file named “2K Launcher.zip” hosted directly on 2ksupport.zendesk.com, which pretended to be a new game launcher. 

The zip file contained an unsigned file called “2k Launcher.exe” that included RedLine Stealer, a low-cost malware employed to siphon a wide range of data after infecting one's system, including web browser history, cookies, saved browser passwords, credit cards, VPN credentials, instant messaging content, cryptocurrency wallets, and more.

“The depth of 2K Games breach is another cautionary tale of supply chain security,” David Maynor, senior director of threat intelligence at cybersecurity training company Cybrary Inc., stated. “This compromise allowed the attackers to send official mail and hosting malware directly on their help desk services.” 

Maynor added that the scope of the attack appeared restricted only by the hackers’ imagination. “2K Games just released ‘NBA 2K23,’ a popular basketball franchise that brought extra scrutiny to the 2K Games support platform,” he said.

Popular Video Game Developer Targeted in a DDoS Attack

 

Blizzard Entertainment, an American video game developer and publisher announced on Monday that they are under a massive DDoS attack which may cause significant delay and disconnections for some gamers. The company assured the gamers that it would not affect their system and that a DDoS attack is ‘basically a clogged pipe on the internet.’ 

However, a Twitter user dismissed the claims of the company by responding that the delay is caused due to poor load balancing on the systems rather than a DDoS attack. His position in the game's queue was 2376, and his turn to enter the game was expected to take 54 minutes.

How does a DDoS attack work? 

A distributed denial-of-service (DDoS) attack occurs when multiple systems flood the bandwidth or resources of a targeted system, usually one or more web servers. A DDoS attack uses more than one unique IP address or machine often from thousands of hosts infected with malware.

A distributed denial of service attack typically involves more than around 3–5 nodes on different networks; fewer nodes may qualify as a DoS attack but is not a DDoS attack. These networks consist of computers and other devices (such as IoT devices) which have been corrupted with malware, allowing them to be controlled remotely by an attacker. These individual devices are referred to as bots (or zombies), and a group of bots is called a botnet.

Blizzard on the hit list of the attackers

Blizzard has dealt with similar issues multiple times throughout the last year and in the early part of this year as well. When gamers attempted to play ‘World of Warcraft’ in January this year, they encountered the same issues with high latency and disconnections. Blizzard seems to have a pattern of attributing connectivity troubles to DDoS attacks. Whether the attacks are real or the result of bad system/network administration, gamers are harmed by these issues. 

Threat actors usually target prominent payment gateways and banks for denial-of-service but in recent times competitive gaming networks are also being targeted due to their popularity. The company is responsible for creating some of the popular games which include Overwatch, Diablo, World of Warcraft, StarCraft, and Warcraft.