Any organization can be vulnerable to cyberattack. But some have proved to be susceptible, especially over the past year as the coronavirus pandemic has wreaked havoc with traditional work environments. A report released Tuesday by cybersecurity provider BlackCloak describes how cybercriminals have been targeting the video game industry and key executives.
SEE: Video game career snapshot: Industry insights and jobs for IT pros (TechRepublic Premium)
Citing the 2020 Verizon Data Breach Investigation Report, BlackCloak noted that C-suite executives were 12 times more likely to be targeted in cyberattacks than other employees. Further, 71% of attacks against these executives were financially motivated as cybercriminals sought to earn money by selling confidential data and intellectual property or deploying ransomware.
Looking at 15 of the top 20 video game companies in the world, BlackCloak also found that C-suite executives were the most targeted in attacks that occurred over the past year. The firm pointed to a few reasons to explain this trend.
Video game companies are in the crosshairs partly because they don’t need to adhere to the same security requirements and regulatory demands as do other companies that must protect customer data. For example, a video game startup may not place as high a priority on security as would a hospital or bank.
Video game players themselves often reuse the same password across different sites. A hacker who obtains a user’s login credentials can then launch attacks against the video game companies. Further, many gamers like to hack the games they play to gain an advantage over their fellow gamers. Excited by the thrill of hacking, some of these gamers may take the next step and try to hack the company’s network.
BlackCloak also discovered a number of weaknesses in the credentials used by C-suite executives at video game companies. The passwords for 83% of the executives analyzed were found in clear text on the Dark Web. Among these, 68% of the passwords were associated with the executive’s personal email address. Further, 34% of the executives reused the same password or a slight modification of the password on multiple accounts.
Over the past year, several incidents have hit video game companies.
In April 2020, an anonymous hacker leaked the usernames and passwords of around 23 million online players of the children’s game Webkinz World, made by Canadian toy company Ganz. The hacker purportedly accessed the game’s database using an SQL injection flaw found in one of the site’s web forms.
In June 2020, Nintendo revealed that 300,000 customer accounts had been compromised in a cyberattack. In this incident, attackers accessed the Nintendo Network ID accounts of game players who used the same passwords on their Nintendo and Nintendo Network accounts. As a result, the attackers could have bought items at the My Nintendo store or the Nintendo eShop using virtual funds or money from a linked PayPal account.
In February 2021, cybercriminals launched a ransomware attack against the Polish video game company CD Projekt. The attackers boasted that they obtained the source code for the video games Cyberpunk 2077, Witcher 3, Gwent and an unreleased version of Witcher 3. After CD Projekt refused to pay the ransom, the hackers auctioned the source code and other confidential data with a reported starting price of $1 million and a buy-it-now price of $7 million.
To protect your organization and executives from targeted attacks, BlackCloak advises organizations to extend security to personal devices and accounts. Enterprise security tools such as VPNs, endpoint protection, firewalls and antivirus software can protect corporate assets. But organizations need to extend security to home networks, to devices used by family members on their home Wi-Fi network, and to locations used by the family, including second homes.
Of course, trying to protect every smartphone, personal account, video game player and electronic device in an executive’s home is difficult enough under normal circumstances. As the pandemic has caused the personal and professional lives of executives to meld, applying the usual security practices without bumping into an executive’s need for privacy is even more challenging.
For those reasons, protecting your C-suite executives requires thinking outside the box. One way to resolve this situation is through a digital executive protection program, according to BlackCloak. This type of solution protects executives by using the latest security practices in a non-obtrusive way that respects their privacy. Further, a concierge-style security service can run penetration testing, scan home networks and offer security monitoring of smartphones and other devices to guard against attacks aimed at top executives.