Publications

Do cybercriminals play cyber games in quarantine? A look one year later

Last year, we decided to take a look at how the pandemic influenced the gaming industry and what new threats gamers could be facing. What we found was that, with the transition to remote work and remote learning, the number of blocked attempts to visit malicious game-related websites or follow malicious links from legitimate game-related websites and forums, increased by more than 50%. One year later, as the pandemic continues, we decided to revisit the threat landscape for gamers and the gaming industry.

Here’s what we found:

  • Online gamers have become even more active over the past year, and cybercriminals continue to exploit this.
  • Criminals are actively targeting leaders in the gaming industry to retrieve the source code of their games.
  • The games most often used as bait were Minecraft and Counter-Strike: Global Offensive (CS: GO).

They played, they play, and they’ll keep playing

In 2020, the number of gamers worldwide surpassed 2.7 billion. According to data from Newzoo, the largest percentage of active users live in the Asia-Pacific.

And the number of video-game enthusiasts just keeps on growing every year. This is reflected in the statistics on the number of active players using the Steam platform. They dropped off slightly after reaching the all-time peak in May 2020 mentioned in our last year’s report. However, they didn’t fall back to pre-COVID levels. At the end of the summer holidays, the number of active users began to grow again reaching an all-time high of almost 27 million players in March 2021.

The number of Steam users per day. Source: steamdb.info

Last year, we also reviewed reports from Steam on the hardware players used and noticed an increase in the share of Intel and AMD graphics cards, which was maintained until spring 2020. This growth suggests hundreds of thousands of work computers were connected to Steam. This year’s report looked at the period from December 2019 to May 2021, which shows that not only were work computers connected to Steam, but they also remained connected. The percentage of Intel and AMD video graphics cards stabilized again, but at the level it had reached at the beginning of the pandemic. Given that the amount of Intel and AMD cards has remained the same while the number of Steam users continues to grow, this means that even more office computers are being connected to Steam.

Source: steampowered.com

What are cybercriminals playing?

There’s been more than just a handful of cybercriminal attacks aimed at the gaming industry over the past year. In May for example, criminals attacked one of Sony’s flagship games — Little Big Planet. The developers were even forced to turn off the gaming servers for a period of time. And not long ago at the beginning of June 2021, one of the largest gaming companies — EA Games — was hacked, with attackers managing to steal the source code for several games. At the same time, the company CD Projekt reported the theft of their data, which could possibly have included the source code for Cyberpunk 2077 and The Witcher 3. Not only can these attacks result in source code falling into the hands of competitors, but the attackers may also discover and exploit previously unknown vulnerabilities in the gaming software.

Cybercriminals aren’t just attacking companies, they’re still attacking gamers too. If you look at the statistics for web antivirus detections on sites that exploit the gaming theme, there was a very notable surge in sites using the names of popular video games and gaming platforms from November to December 2020. This surge is most likely connected with the launch of Cyberpunk 2077. Attackers were probably trying everything they could to exploit the hotly anticipated release by tricking impatient gamers.

The number of web attacks exploiting gaming themes from January 2020 to May 2021. Source: Kaspersky Security Network (KSN) (download)

The list of malicious programs most frequently distributed via purportedly game-related links significantly changed when compared with the previous year. One of the most frequently encountered malware families in such attacks this year was a Trojan called Badur.

At the same time, the set of tricks used by cybercriminals didn’t change substantively. As usual, the malware was disguised as free versions, updates, extensions for popular games or cheat programs.

HEUR:Trojan.MSOffice.Badur.gena 4,72%
HEUR:Trojan.Script.Miner.gen 3,02%
HEUR:Trojan.PDF.Badur.gena 2,36%
HEUR:Trojan.OLE2.Badur.gena 1,57%
HEUR:Trojan.Multi.Preqw.gen 1,46%
HEUR:Trojan-PSW.Script.Generic 0,86%
Trojan-Downloader.Win32.Upatre.vwi 0,82%
HEUR:Trojan.Win32.Generic 0,81%
HEUR:Trojan.Script.SAgent.gen 0,70%
HEUR:Trojan.Script.Fraud.gen 0,43%

The statistics do not take into account the category of threats known as Hacktools, which are usually installed by users themselves but, in some cases, can be used for malicious purposes. Hacktool refers to things like remote access clients, traffic analyzers, cheat programs etc. It’s worth noting that modern cheat programs often use the same technology as malicious programs such as memory injection and the exploitation of vulnerabilities to bypass protection.

Based on the statistics from our web antivirus, cybercriminals are still mainly placing their bets on exploiting Minecraft as a decoy.

The number of attacks that exploited the name of a particular online game, January 2020 — May 2021. Source: KSN (download)

The dynamics of attacks using specific online games as a lure, January 2020 — May 2021. Source: KSN (download)

At the same time, if you look at the attack dynamics during the reporting period you can see that CS: GO is gradually becoming the most popular bait for gamers. Also entering the ratings of the most popular games used as lures are Dota, Warcraft, and PUBG.

The dynamics in attacks exploiting the mobile game Dota are particularly interesting. Last summer, malicious links exploiting the name of this game even climbed to the top spot.

Conclusion

For almost a year and a half of the pandemic, the demand for video games has only continued to increase. The total number of active gamers is approaching 3 billion worldwide, with more and more users connecting their work devices to Steam.

Against the backdrop of this growth in the gaming industry, there’s been a rise in the number of cyberattacks in this sphere. Attackers have taken their trickery to the next level over the past year, now not only targeting gamers but also frequently targeting game developers. In some cases, the cybercriminals have managed to steal source code which may enable them to exploit new vulnerabilities in these games in the future.

To avoid falling victim to these cybercriminals, gamers should remain vigilant: do not trust emails sent on behalf of gaming services, do not enter your account details on dubious resources, and only download games from official sources.

Do cybercriminals play cyber games in quarantine? A look one year later

Your email address will not be published. Required fields are marked *

 

Reports

APT trends report Q3 2024

The report features the most significant developments relating to APT groups in Q3 2024, including hacktivist activity, new APT tools and campaigns.

BlindEagle flying high in Latin America

Kaspersky shares insights into the activity and TTPs of the BlindEagle APT, which targets organizations and individuals in Colombia, Ecuador, Chile, Panama and other Latin American countries.

Subscribe to our weekly e-mails

The hottest research right in your inbox