Esport, or electronic sport, has experienced a huge boom in recent years. As the popularity grows, so does the amount of money invested in tournaments, attracting not only fans but also the interest of cybercriminals. Attacks can have a major impact on the running of tournaments, the reputation of organisers and the overall perception of esports as a serious industry. It is an important topic, especially at a time when the International Olympic Committee (IOC) has voted to make esports officially part of the Olympic Games and have its own Olympics from 2025.
The video games industry has long since outgrown the film industry. Statista estimates that the video game industry will even reach $455 billion in revenue by 2024. We register billions of players, thousands of esports teams, multimillion-dollar tournament prizes. And where there’s money, there are cybercriminals.
The gaming industry has plenty of experience with ransomware attacks. For example, Capcom, creator of the legendary Street Fighter, Mega Man, Resident Evil and Devil May Cry franchises, has been attacked. CD PROJEKT RED, the company behind hits such as The Witcher and Cyberpunk 2077, was also severely affected by a serious ransomware attack. Electronic Arts, one of the world’s largest gaming companies, was also attacked and had its data and source code stolen. Even the closely guarded and long-awaited hit GTA VI did not escape and the creators were blackmailed by a 17-year-old hacker who had earlier attacked Uber.
The costs associated with a successful attack can be enormous. The ransom in such ransomware attacks can run into millions of dollars, and the loss of trust and reputational damage among players and partners can have an even more severe impact. At the same time, if information is leaked, organizations must also pay corresponding fines for non-compliance with security regulations. Many companies can then run into existential problems.
“And increasingly, we’re also seeing attacks aimed directly at esports. Big gaming events are watched by thousands of people right in the halls and millions of people around the world. Popular gaming platforms have millions of players, so any attack can be very painful. Trust is crucial in this industry because players and fans are very sensitive to any kind of manipulation and disruption, so when matches have to be rescheduled, played in private or any other problems occur, a shadow of doubt falls over the event and the value of the event plummets. And there is no need for some sophisticated threat or ransomware attack either, disrupting the tournament or broadcast and blackmailing teams and organizers can unfortunately be much easier and more effective,” said Ram Narayanan, Country Manager at Check Point Software Technologies, Middle East.
He continued, “Moreover, attackers don’t even have to be very tech-savvy; powerful botnets can be rented on the darknet for a few hundred dollars. And hacking attacks can also be part of a competitive struggle. Between teams and even between popular tournaments. For example, discrediting competitors can play a key role in the battle for important partners and sponsors or may result in the exclusion of a competing team from a tournament or withdrawal of known teams from untrustworthy and problematic tournaments. Traditionally, the most common motivation for hackers is financial gain. But attacks can also be motivated by personal or political reasons, seeking revenge or to make a particular agenda visible. And for some hackers, attacking a major tournament is just a matter of prestige and challenge.”
Hacker attacks on esports tournaments can take many forms:
- DDoS (Distributed Denial of Service) attacks are one of the most common threats in esports. The aim is to overload servers, leading to outages and complications with gameplay or streaming. This year, for example, the well-known team T1 and the LoL Champions Korea (LCK) tournament were attacked. The tournament in which T1 was participating even had to be suspended, with matches being postponed and not played publicly, which of course entails huge losses as sponsors and spectators expect the event to run smoothly. In addition, the T1 team stated that they could not even prepare properly for the tournament due to DDoS attacks.
- Attacks on gaming accounts: hackers are also targeting the accounts of professional players to gain access to sensitive information. Attackers often mimic official news and websites of well-known organizations, possibly offering various rewards and news. But some phishing scams are much more sophisticated. For example, attackers were able to hack directly into the support of a major gaming company, 2K, so that fraudulent emails were sent out through official channels. And even Czech players know about the risk of losing their accounts and in-game items. Martin “zur1s” Sláma, for example, lost his game account in a live CS:GO tournament. Not only was he unable to continue in the tournament, but he also had 300,000 CZK worth of in-game items stolen. Cyber attacks are therefore not only targeting the tournaments themselves, but also individual players.
- Frauds and cheating: Some hackers try to gain an advantage in tournaments by cheating or using illegal software tools. This may include the use of aimbots, wallhacks and other cheat tools. Or using cyber attacks to disadvantage opponents. Hacker Destroyer2009, for example, caused confusion and complications during an esports tournament in the popular shooter Apex Legends earlier this year when he hacked two well-known streamers during the tournament to make it look like they were cheating.
- In the past, Check Point has also uncovered vulnerabilities in the popular game Fortnite that hackers could exploit to steal accounts, data, and money, or to eavesdrop and spy.
Tournament organizers, teams and players must therefore take comprehensive security measures. Esports tournament operators must ensure that their servers and entire infrastructure are protected from DDoS attacks and other forms of cyber threats. The ability to respond quickly to incidents is also crucial. This means having standby cyber security teams that are able to intervene immediately in the event of an attack. Equally important is regular training to ensure an appropriate players and employees response in the event of suspicious activity. Attention must also be paid to securing communication channels to prevent information leaks and to ensure that cybercriminals do not have additional weapons in their hands that they can use for extortion and targeted attacks.
At the same time, players must ensure that their accounts are secure with strong passwords and two-factor authentication. Professional teams should have dedicated security teams that monitor and protect players’ accounts from potential attacks and also train them regularly.
“Cyber security is a key factor for the success and integrity of esports tournaments. With the increasing number of attacks, it is imperative that tournament organizers, teams and players adopt comprehensive security measures and focus on prevention. Only with adequate cyber protection can esports continue to grow and move proudly and fearlessly towards the Olympic competition, which will surely be a big draw for cybercriminals,” concluded Ram Narayanan.
Tips for protecting gaming companies and esports teams:
- Focus on prevention, not just threat detection, and implement advanced preventative security technologies. Pay special attention to protecting against ransomware and DDoS attacks.
- Educate employees and players regularly on current threats and risks and the need to use two-factor authentication for all accounts. Many cyberattacks start with a targeted email that does not contain malware but uses social engineering to entice the user to click on a dangerous link. User education is therefore one of the most important parts of protection.
- Be especially vigilant on weekends and holidays, as many attacks take place at times when organisations are more likely to be slower to respond to a threat.
- Secure everything, as cybercriminals will exploit any weakness.
- Install updates and patches regularly and never delay them.
- If you want to minimize the impact of any successful attack, then it’s important to ensure that users only have access to the information and resources they absolutely need. Network segmentation minimizes the risk of the threat spreading uncontrollably throughout the organization. Dealing with the aftermath of an attack on a single system can be difficult, but repairing the damage after an attack on the entire network is much more challenging.
- Backing up and archiving data is essential. If something goes wrong, your data should be easily and quickly recoverable. Therefore, it’s imperative to consistently back up, including automatically on employee devices, and not rely on them to remember to turn on the backup themselves. Attackers will then lose the leverage they need if your data is encrypted.