The recent Take Two hack is reflective of a growing trend of cyberattacks plaguing gaming firms.  (Photo:  iStock)

Gaming companies are becoming lucrative hunting grounds for cybercriminals

The Take Two hack reflects a growing trend of cyberattacks on gaming companies, both small and large. As more and more users spend money on games and add money to their digital wallets of those games, in addition to adding personal information to game accounts, hackers are turning their attention to such companies to steal data, credentials and more.

Domestic mobile gaming unicorn Mobile Premier League (MPL), for example, has faced an increase in “failed cyber attacks” over the past few months, said Ruchir Patwa, vice president of security and compliance at MPL. Patwa said such cases involve social engineering. attacks where hackers try to impersonate company employees or executives to gain unauthorized access to internal systems.

Suman Saraf, chief technology officer of BlueStacks, a cloud gaming platform, agreed, saying that cyber attacks against both gamers and game companies have increased due to the “continuous expansion” of in-game purchases – often called microtransactions. “Attackers are constantly looking for credentials, in-game currency and assets, payment information, and personally identifiable information,” Saraf warned.

The gaming industry, which is currently said to be even bigger than Hollywood, earns most of its revenue from the sale of digital items, access cards, subscriptions, etc. For example, in November last year, a report by Boston Consulting Group and venture firm Sequoia said that only the Indian gaming industry generated $1.8 billion in revenue in 2020. Experts noted that most of the revenue comes from microtransactions – a rupee here, a tenner there and so on.

Similar to fintech applications, gaming firms also perform know-your-customer (KYC) checks to verify users and store data in internal systems. They also use mobile numbers to log in and have built-in digital wallets where players can store their money to facilitate the purchase of digital items. Oliver Jones, co-founder of Bombay Play, a Bengaluru-based gaming firm, noted that the attacks are mostly against companies with real money, as opposed to those who create games for free.

According to a report by EY and the Federation of Indian Chambers of Commerce and Industry (Ficci), India had 91 million gamers by March 2021 and is considered the largest gaming market (mobile, console and PC combined) after China. It is expected to triple to $3.9 billion by 2025, according to a 2021 KPMG report.

In August, cloud services company Akamai Technologies said in a report that attacks on gaming firms more than doubled worldwide between Q1 2021 and Q1 2022. India was the third most targeted country after the US and Switzerland. “If they can hijack a million transactions a month, they can make millions,” said Dean Houari, director of security technology and strategy, Asia Pacific & Japan, Akamai Technologies.

He also pointed out that “the problem is that with sudden high demand, you also have to find a scalable platform.”

“A lot of people in the gaming industry have moved to the cloud and that has increased the attack surface,” added Houari. An attack surface is the number of points a hacker can have to a company’s systems.

“Also, because of the scale, many security teams don’t have visibility into all the assets developed in the cloud, which basically opens the door to a lot of new vulnerabilities and attack surfaces,” he said.

“The number of users on their platform is often so high that they avoid paying for a security solution that can authenticate every user,” said Bombay Play’s Jones. Security solutions typically cost more as the platform scales, with fees typically ranging from a few thousand to several million per application.

Many gaming firms in India may have become unicorns, but they remain small businesses in operation. Like most startups, they focus on growth before anything else. The security firm’s co-founder said it charges small businesses ₹20,000 per app, while the cost for a company of 30-40 people is at least ₹5,000. For large platform providers with millions of users, this could lead to their security costs running into the millions.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top
%d bloggers like this: