GLOBAL VIRTUAL INFRASTRUCTURE AND DEPLOYMENT EXPERTS

Prevalent Threats in Online Gaming - Every Second Counts

Jan 27, 2017

In our previous blog, we looked at a recommended approach for a security improvement program (SIP) at the highest level. Recognising that having the basis to build on and improve security is essential, however it’s also vital that the business understands different threats that the gaming industry faces. They run parallel to the SIP program.

To sustain a successful online gaming business, where every second counts, live threats can affect real-time systems and must be swiftly detected and eradicated to prevent considerable financial losses.

In this blog, we look at the most prevalent threats in the gaming industry and illustrate how they fit in to the high-level SIP approach we described previously.

DDoS Attacks:

The online gaming and gambling industry is very familiar with DDoS attacks; these types of attacks started to affect the internet back in the late 1990’s. In the early days they started as experiments run by script kiddies, but have since evolved to be used as a cyber weapon by savvy cyber criminals to extort ransom money, take websites down for business reasons or as part of hacktivism. 

Despite improved protection and a drop in the number of recorded incidents, discussion on DDos attacks resumed after one of the largest incidents ever recorded, in September 2016. The magnitude of 623Gbps, attack by a botnet called “Mirai” made use of approximately 26K IP addresses, many of which were Internet of Things (IOT) devices with poor security.

It’s important to note that the goal of DDoS attacks is not necessarily to take a website down, but is often merely a decoy, allowing an adversary to target the business using a different attack vector. This leads us to the next type of threat which is targeted attacks.

Targeted Attacks – going after the 'Crown Jewels’:

A targeted attack evades security measures and operates in low volumes to reach a specific goal. In contrast a ‘scatter attack’ would be launched against different businesses and consequently would be more detectable. Adversaries utilising targeted attacks are often cyber criminals (individuals, organised crime or mercenaries) or a nation state and are mainly after financial gain, general reconnaissance or espionage.

The adversary’s target is to steal, alter or destroy data.  Often well-funded and equipped, they persist until they succeed in penetrating the network and dwell there until their goal is achieved. The tools, techniques and procedures used by adversaries vary from widely available tools and known attack toolkits to proprietary attack tools and cyber weapons designed to evade detection. Most of the major cyber security breaches today report dwell time is around the 200-day mark and then it takes less a few days to successfully compromise a business.  This alarming stat signifies a gap in the way businesses adopt an effective security approach.

It’s important to note that while the adversarial threat is significant, the threat posed by insiders, often trusted employees, whilst lower in number of incidents, may be even riskier to the business. They may hold privileged access to different resources, and intentionally (or unintentionally which is covered in later section) cause a targeted breach of data.  The 2016 Verizon threat report signifies that privilege misuse in the business commonly commenced by an internal employee contributed to 172 confirmed breaches and reached the 4th place as the main root cause of data breaches.  Cyber espionageCrimeware and web application attacks, by adversaries, accounted for a total of 1,112 breaches. 

Adversaries use various methods to find the vulnerability that allows them to compromise and gain control of a business asset.  Spear phishing and malicious attacks via email, utilising malicious websites and drive-by attacks, attacking web applications, as well as social engineering or collaborating with an internal employee or partner are all common methods.

Protection against targeted attacks is therefore required across a variety of security solutions, including endpoint protection, anomaly detection, web and email protection among others.  Close monitoring across the estate of security logs to detect and break these attacks effectively and reduce dwelling time to a minimum, is therefore required.

 perf.png

The Gaming Platform:

Whether it’s the game operator or a game vendor, the gaming platform is considered the engine and the heart of the gaming experience and is therefore the target of abuse.

  • Consumer credential abuse: Cyber criminals attempt to profit by abusing the gaming platform in different ways. These include targeting gaming clients with rogue software or phishing attacks to gain gaming credentials, access to credit card data, funds and chips. A consumer of a blackjack betting website for example, might find a useful plugin that promises to help beat the odds, however this plugin merely syphons off the consumer’s credentials and sends them to the attacker.

Credential abuse is one of the top concerns in the gaming industry.  These can lead to loss of reputation and business.  Online gaming businesses need to educate their consumers on these types of attacks, and incorporate mechanisms in their gaming platforms and websites to alert anomalous account behavior to prevent fraud.

  •  Employee/Partner credential misuse: Employees and partners fall into a category of entities that mostly have privileged access to critical systems. Many gaming businesses rely on partners, whether it’s gaming operators that require the gaming vendor to access their network to fix issues that occur on the gaming platform in real-time, or a gaming vendor that developed a certain gaming technology that a partner requires access to for platform integration. Insider attacks are the hardest form of attack to discover, it could take months and years until such an attack is detected.  The abuser might be a disgruntled employee, a partner with a set of credentials that got compromised or even an employee joining forces with an external party.


  • Game integrity and logic abuse: Game platforms are made by people and are therefore vulnerable to human error. The type of vulnerabilities referred to in this part are not application vulnerabilities, but logical gaming vulnerabilities which result in an attacker taking financial advantage of the platform. A game of poker with players hosted from all over the world, who join the same table, and work together to manipulate the game, may try repeatedly to ‘beat the house’. 

Game integrity and logic abuse hacks can result in major financial loss if undetected.  Using statistical anomalies however, with an ‘inside out’ security approach is important to eliminate the different root causes.  Data governance on the ‘inside’ tiers can help identify suspicions behavior on the gaming platform.

 

Transactional loss & Point of Sale intrusions:

Cyber criminals love to tap into the prime sources of credit card data and while transactional loss is not exclusive to the gaming industry, this sector is lucrative and handles data in large volumes. Online gaming businesses also enjoy an international client base, and high numbers of international transactions bring increased risk of fraudulent transactions

In the last few years, cyber criminals have constantly targeted Point of Sale (POS) systems across a multitude of industries with specialised toolkits to syphon credit card numbers from vendors. The POS attack vector, seen to be on the increase, is primarily relevant to traditional Casino operators or physical gaming platform vendors. If these fail, the cyber criminals attempt to obtain this data from within.  The Payment Card Industry (PCI) regulates the gaming industry to ensure that credit card details are used with best practice and kept secure. Being compliance with PCI is therefore another important priority.

 

Physical data theft and Accidental data loss:

Business assets can be stolen, lost or unintentionally compromised.  These oldest breach vectors in security are simply down to human error. Determining if a lost device with sensitive data can be considered a breach is tough, when the device is no longer present and the data is no longer in control. The threat report by Verizon suggests that the device type most likely to be stolen or lost is the laptop and it has a 100 x higher chance of being lost than stolen. Unintentional loss is also one of the main causes of data breaches – a wrongly delivered email, sensitive data published online or a system misconfiguration leaves business data exposed.

Encrypting the data on endpoints (e.g. using Microsoft Bitlocker) and using a Mobile Device Management (MDM) solution reduces the risk of loss.  Educating employees, and adopting a data classification approach and enforced classification policies on sensitive documents, are all recommended.

Data loss varies amongst businesses and it’s recommended that the different issues are tracked, user awareness education is deployed and ‘data leakage prevention’ solution technology put in place to automatically mitigate data loss and address common mistakes seen in the enterprise. 

 

In this blog, we covered the most common threats seen in the gaming industry; now that we’ve defined the most common threats we can show how they fit into our high-level security improvement approach - all in the next blog.

 

 

 



Tags:
Category:

Share

Request a callback

Thank you, we will be in touch with you shortly.
Submit

Send us a message

Thank you, we will be in touch with you shortly.
Submit

Client Testimonials

One of the worlds leading online gaming software providers has been a very happy client since 2002:

  • Why have you chosen to work with Viadex?

    Initially it was simply a matter of supply needs; it was convenient. Over the years the relationship has shifted from one-off purchase and supply, to a mutually beneficial partnership. I continue to invest in the relationship with Viadex because it offers a lot of advantages to me as Head of IT for a global business. These advantages include but are not limited to having an advocate working for us in discussions with vendors, having someone to make contact with vendors and either arrange proof of concept engagements or provide some background and advise relating to the vendor.

  • What are the primary benefits and/or results Viadex brings to your organisation?

    Viadex understands our business, Viadex recognises that we are a global business requiring supply to many locations, invoicing to varied entitles and that we exist in a market where there are real advantages in terms of getting to market quickly and as a result we have high expectations when it comes to logistics turnaround times.

    The Viadex account team takes time to visit our IT team and understand our project roadmap which enables them to align to our needs, as well as to offer potential solutions to address on-going challenges. Viadex recognizes the high level of technical skill in our organisation and helps us connect with the appropriate calibre of representatives from various vendors.

    Viadex assists with managing our support relationships with vendors, and taking the above into account they also help us bypass the lower levels of support and obtain quality support levels.

    Viadex advises us of how best to handle vendors, how to maximise value in our engagements and how to achieve the best return on our investments by considering alternative vendors, taking note of the timing of our purchases and optimally structuring our investment.

  • What is the process of working with Viadex like?

    Viadex has a friendly, open engagement with us. Viadex invests in face time with multiple touch-points to provide a service across the IT spectrum. The relationship is professionally owned by an account executive who is assisted by a technical team and a procurement team. The friendly and generally informal engagements suit my style; however Viadex has a professional and formal image for the times when it is appropriate. Viadex strives to respond to mails with minimal delay and is always available to take a call.

  • Why would you recommend Viadex?

    As Head of IT I appreciate not having to sweat over the details of procurement and vendor management. I am enabled to focus on delivering the business solution knowing that I can rely on Viadex to represent our best interests in commercial discussions. Viadex presents their proposed solution for review after doing the legwork. I enjoy working with the Viadex team, I have learnt a lot from them and I believe they have learnt from us too. It is a true partner relationship.