Home / Technology / News /  Gaming firms become lucrative hunting grounds for cybercriminals

NEW DELHI : Last week, unseen gameplay footage of the next game in the Grand Theft Auto VI (GTA VI) series was leaked online after game publisher Take Two Interactive’s internal communication channel was hacked. A day after the hack, Take Two’s stock prices fell more than 6% as investors were spooked that it might lead to a delay in development of GTA VI, one of the flagship games of the publisher. The game’s predecessor, GTA V, sold over 5 million copies and made over $6 billion in revenue for the firm, according to reports.

The Take Two hack reflects a growing trend of cyberattacks on gaming firms, both small and large. As more users spend money on games and add money into their digital wallets of these games, besides adding personal data to gaming accounts, hackers are turning their attention to such firms to steal data, credentials, and more.

For instance, homegrown mobile gaming unicorn Mobile Premier League (MPL) has been facing an increase in “failed cyberattacks" over the last few months, said Ruchir Patwa, vice president of security and compliance at MPL. Patwa said that such instances include social engineering attacks, where hackers try to pose as employees or company executives to gain unauthorized access to internal systems.

Suman Saraf, chief technology officer of BlueStacks, a cloud gaming platform, concurred, saying that cyberattacks against both gamers and gaming companies have increased due to the “steady expansion" of in-game purchases—often called microtransactions. “Attackers are on the constant lookout for credentials, in-game currency and assets, payment details, and personally identifiable information," warned Saraf.

The gaming industry, which is currently said to be even bigger than Hollywood, makes bulk of its earnings from sales of digital items, access passes, subscriptions, etc. For instance, in November last year, a report by the Boston Consulting Group and venture firm Sequoia, said the Indian gaming industry alone made $1.8 billion in revenues in 2020. Experts noted that most of the revenue came from microtransactions—a rupee here, ten there, and so on.

Much like a fintech application, gaming firms also perform know-your-customer (KYC) checks to verify users and store the data in internal systems. They also use mobile numbers to sign in, and have digital wallets built in where gamers can store their money to make buying digital items easier. Oliver Jones, co-founder of Bombay Play, a Bengaluru-based gaming firm, noted that attacks are mostly against real money firms, as opposed to those making free-to-play games.

India had 91 million gamers by March 2021, according to a report by EY and Federation of Indian Chambers of Commerce & Industry (Ficci), and is said to be the biggest gaming market (mobile, console and PC combined) after China. It is expected to grow three times, to $3.9 billion by 2025, according to a 2021 report by KPMG.

In August, cloud service firm Akamai Technologies, said in a report that attacks on gaming firms globally have more than doubled between Q1 2021 and Q1 2022. India was the third most targeted country after the US and Switzerland. “If they can hijack a million transactions a month they can make millions," said Dean Houari, director, security technology and strategy, Asia Pacific & Japan, Akamai Technologies.

He also pointed out that “the problem is that with sudden high demand, you also need to find a scalable platform".

“Many in the gaming industry went to the cloud and that has increased the attack surface," Houari added. Attack surface is the number of points of entry the hacker can have to a firm’s systems.

“Also, due to the scale, many security teams do not have visibility over all assets developed in the cloud, which basically opens the door to a lot of new vulnerabilities and attack surfaces," he said.

“Often the volume of users on their platform is so high that they avoid paying for a security solution that can verify every user," said Jones at Bombay Play. Security solutions usually cost more as a platform scales, with charges usually ranging from a few thousands to a few lakhs per application.

Many gaming firms in India may have become unicorns, but they remain small businesses in operations. Like most startups, they too are focused on growth over other things. The co-founder of a security firm said he charges small businesses 20,000 per application, with the cost for a company with 30-40 people being at least 5 lakh. For large platform providers with millions of users, this could lead to their security costs to run into crores.

To be sure, there are some who take security seriously. MPL, for instance, said it has hired security engineers to make products secure. It also announced a bug bounty programme last month with prize money of 10 lakhs for identifying vulnerabilities in its platform. Bug bounties are a tried-and-tested method of securing platforms, used by the largest of tech firms globally, including Google and Microsoft. They incentivize hackers to report a loophole for a reward.

Abhishek Ravi, chief information officer at DreamSports, which runs Dream11, said it uses automated tools to detect and protect against any anomalous behaviour.

According to TeamLease Digital, by 2023, the Indian gaming industry is estimated to create over 100,000 jobs (direct and indirect) across core and support functions.

.

ABOUT THE AUTHOR

Abhijit Ahaskar

Abhijit writes on tech policy, gaming, security, AI, robotics, electronics and startups. He has been in the media industry for over 12 years.
Catch all the Technology News and Updates on Live Mint. Download The Mint News App to get Daily Market Updates & Live Business News.
More Less

Recommended For You

Trending Stocks

×
Get alerts on WhatsApp
Set Preferences My ReadsWatchlistFeedbackRedeem a Gift CardLogout