When WannaCry made international headlines in May 2017, the world at large was once again made aware of just how vulnerable we can be online. Just a few simple mistakes or oversights can leave just enough of a gap in a system that allows a cybercriminal to sneak in and wreak havoc.
Perhaps the most surprising thing about the WannaCry ransomware attack that affected an estimated 200,000 organizations was the targets. Major corporations and government organizations are usually in the firing line, but on this occasion so were 47 NHS Trusts (mainly hospitals) across the UK that felt the full force of the ransomware attack. With healthcare services now fair game, it would be irresponsible to assume the gaming industry is beyond the advances of the hacking community.
Gamers Are Fair Game for Hackers
Whether amateur or professional, cybercriminals pose a threat to game developers and players alike, which is why a bit of education can go a long way. Indeed, we only have to look back to 2016 and the SQL injection attack that put 800,000 members of the Epic Games forum at risk. Thanks to outdated vBulletin software, hackers were able to get into the site’s backend and release their malicious code.
As is common with any SQL injection, private data can be exposed and that’s what happened on this occasion. With usernames, passwords and email information now out in the open, the Epic Games attack fell in line with what Incapsula defines as the standard MO of SQL injections. An SQL injection “is a common attack vector that uses malicious SQL code for backend database manipulation to access information that was not intended to be displayed.”
Developers Shouldn’t Play Games with Security Risks
As the security provider notes, one of the most devastating consequences of any SQL injection attack is the loss of trust from customers. Although there are plenty of direct business consequences, trust is a big issue and in the case of Epic Games, it’s likely that potential new users were put off the idea of joining simply because they didn’t feel safe. Now, that’s not to say the site’s security team didn’t plug the weakness and learn from their mistakes, but once the damage has been done to the reputation of a brand or website, it’s hard to come back from it.
This is a lesson the developers of Tekken 7 took to heart. When asked about the potential of having cross-platform compatibility for the latest game in the Tekken series, creator Katsuhiro Harada suggested that it might not be a good idea. Although he wasn’t directly accusing PC gamers of being cheaters, he did say that there is a perception this may be the case.
Not wanting to run the risk of a security risk to players on either side of the console/PC gaming divide, the game doesn’t support cross-platform compatibility. Whether or not an attack would have occurred is unclear, but it’s certainly a sign that issues such as SQL injections and malware are on the minds of game developers.
Players and Developers Must be Vigilant
Indeed, with the gaming industry now worth more than $91 billion, more people than ever have sensitive information stored online with the favorite games and forums. This makes the industry one more prime target for hackers and, as WannaCry has shown, those with malicious intention don’t seem to mind who they attack anymore.
As a player the best form of protection is education and vigilance, but we have to hope that all developers are as cautious as the likes of Katsuhiro Harada when it comes to security at all levels of the industry.