It is common for players to be targeted by cybercriminals. However, this time the target was not the players but the employees of 25 well-known game companies. According to the information shared by the cyber security company ESET, more than 500 thousand login information of the employees were put up for sale on the dark net.
It is not surprising that the gaming industry, whose revenues are expected to reach $ 2022 billion in 200, is the target of cybercriminals. However, the growing interest of criminals in the gaming industry can also be attributed to the Covid-19 epidemic that prompted more games to play at home. But this time, not the players, but the company employees are at the center of the attack.
Cyber security firm ESET drew attention to the report of Israel-based security firm Kela. According to this report, it was determined that more than 25 thousand logins belonging to the employees of 500 well-known game publishers were offered for sale in dark network markets.
What data do they have access to?
Kela has been tracking activity on the uncanny part of the internet for two and a half years and has found that almost all major game companies have compromised accounts that can gain access to their internal systems. These accounts provide access to project management software, admin panels, virtual private networks (VPNs) and development-related environments.
What can cybercriminals do?
Cybercriminals; From stealing company secrets, intellectual property rights, and customer data, to installing ransomware on company machines, it can do things that turn things around. All of this can cost money and reputation.
In fact, there are 1 million accounts that have been breached
Kela found that there are almost 1 million compromised accounts belonging to gaming industry customers and employees of leading gaming companies. It determined that half of these were available on the dark web in the past year.
Kela shared the information that “We detected a compromised bot with credential records of a large number of sensitive accounts that attackers can access after being purchased”, in his report: “Among the leaked credentials, e-mail, which is usually an important channel within the company. addresses are included: billing, purchasing, administration, HR-related emails, support and marketing are just some of the examples we've noticed. ”
Cybercriminals are after more valuable information they can use to run phishing scam campaigns, as well as credentials that will give them access to the most sensitive parts of the corporate network. In particular, login data can also be used to commit Corporate Email Threat (BEC) fraud and other crimes.
The gaming industry should raise awareness of its employees
The gaming industry is becoming an increasingly attractive target for criminals. For this reason, companies need to invest in their cyber security, especially by providing security awareness training to their employees.