Cybercriminals are actively targeting the gaming industry, wherein several organizations have been hit by cyberattacks in the past few months. The attacker’s motive is mostly financial gains, as this industry generates billions of dollars in revenue every year. Recently, Capcom was hit by a cyberattack that halted some operations of its internal networks.
The recent cyberattack happened due to unauthorized access carried out by a third party. The attacker gained access to the company’s internal emails and file servers.
- Some reports suggested that the attackers used Ragnar Locker ransomware.
- The attack infected around 2,000 computers across Capcom’s network and stole 1TB of information.
- The attackers demanded a whopping $11 million ransom payment to not disclose the stolen data online.
- The stolen data contained financial documents, chat logs, employee information, and confidential contracts, among others.
In the past few months, several gaming companies or digital game-related organizations have been targeted. These companies, mostly located in East Asia, Western Europe, and North America, have been attacked using a variety of attack vectors.
- In the InnerSloth attack, spam messages were sent to participants of the social deduction game Among Us to subscribe to a dubious YouTube channel.
- Street Mobster, the online multiplayer game, was found to have an SQL Injection vulnerability, resulting in a data leak of 1.9 million users.
- Twenty-one gaming apps were discovered on Google Play Store packed with HiddenAds family malware, targeting Android gaming users.
- Some attackers gained unauthorized access to user information of a forum belonging to Albion Online, by exploiting a vulnerability in its forum platform WoltLab Suite.
- Ubisoft and Crytek’s data was leaked on a ransomware gang's site that contained the source code of the game Watch Dogs: Legion.
The billions of dollars of revenue generated by the gaming industry every year is attracting cybercriminals enmasse. Thus, experts suggest having a backup of important data in case of ransomware attacks, as well as having a reliable anti-malware solution, and adequate security measures to protect network infrastructure and data.