Israel-based cybersecurity firm Kela says that more than 500,000 leaked credentials belonging to more than two dozen leading gaming companies were for sale on the dark web. Researchers observed that gaming companies with stolen employee credentials faced various threats, including ransomware attacks and fraud.
The researchers also noted that the sale of initial login tools was a booming underground business, as threat actors sought easier ways to infiltrate corporate networks.
Rather, the researchers found that credentials could also be obtained for free or for as little as $ 10. The report noted that employees remained the top entry point for corporate breaches, necessitating cybersecurity training. .
The gaming industry is an easy and lucrative target for cybercriminals
Kela says COVID-19 led to an increase in gaming as people trapped at home were looking to have fun and gave games a chance. High adoption rates led to an increase in purchases of gaming products.
Kela noted that the increase in spending captured the attention of cybercriminals, leading to the search for new targets. Kela found that gaming companies “were generally becoming popular with cybercriminals due to the simple fact that they are making large sums of money.”
However, the cybersecurity firm noted that the gaming sector “may not be prioritizing its security precautions as much as the advancement and profits of its industry.” This places gaming companies in a more precarious situation as more threat actors target the industry.
Threat actors who frequently pay for initial access to gaming companies’ internal networks.
The cybersecurity firm says it observed “multiple instances of supply and demand for initial network access by gaming companies.”
Threat actors were willing to pay for “multiple types of accesses and databases.” For example, a Russian-speaking threat actor wanted to access the developer networks of Apple, Microsoft’s Xbox, Nintendo, and Qualcomm.
Kela also pointed out that stolen employee credentials for website management portals, admin panels, VPN, Jira instances, FTP, SSO, and more were available for sale just before the attacks on major companies occurred. of games.
Bought Trojans and Information Stealers Used to Compromise Employee Credentials
Kela discovered that the supply of stolen employee credentials originated from infected computers or bots compromised by banking Trojans or information thieves.
Many trojanized employee computers have access to internal resources of gaming companies. Kela noted an increase in these bots sold in automated stores, “which makes it very easy for threat actors to gain access to a variety of resources.”
After monitoring underground markets for 2.5 years, Kela found “1 million compromised accounts belonging to gaming customers and employees.” Half of the leaked customer information and stolen employee credentials were offered for sale in 2020. Additionally, 500,000 stolen employee credentials belonged to major gaming companies.
The criminal clandestine supply of stolen employee credentials allows hackers to gain access to core areas of a company’s internal networks for just a couple of dollars, according to Kela researchers.
For example, researchers found stolen employee credentials including SSO, Kibana, Jira, admin-connect, service-now, Slack, VPN, password-manager, and poweradmin that were selling for only $ 10, also suggesting that a user administrative was hacked.
Threat Actors Leveraging “Human Vulnerability” to Compromise Gaming Companies
The report also revealed that employees of some game companies used their corporate emails and recycled passwords when registering with various third-party sites. These credentials were subsequently leaked in various breaches observed by Kela investigators.
The report’s authors posited that threat actors took advantage of “human vulnerability” to gain access to gaming companies.
Kela recommended educating employees on the ways attackers could gain access to computer systems.
Gaming companies face serious risks of massive breaches of stolen employee credentials
Attackers could access the stolen employee credentials purchased to execute ransomware attacks. Kela said it had detected four ransomware attacks in the past three months, and three of them were publicly reported. Another ransomware group, Sodinokibi (REvil), also claimed to have attacked another major gaming company.
Other threats gaming companies face from theft of employee credentials include fraud and corporate espionage, according to Kela researchers. Cybercriminals could also use stolen employee credentials to carry out phishing campaigns and spread laterally through the corporate networks of gaming companies.
The report’s authors suggested that hackers could “attempt to perform dictionary and brute force attacks, for which these databases with plain text passwords are very useful.”
Saryu Nayyar, CEO of Gurucul says that the theft of user credentials was a frequent occurrence in the cybersphere.
“Phishing and social engineering schemes have targeted user accounts for almost as long as they existed, and Kela’s disclosure of the extent of the loss of credentials, unfortunately, is not a surprise.”
He added that companies should “step up their AAA game (authentication, authorization, accounting) to include multi-factor authentication and add security analytics to enable risk-based authentication as well.”
Over a 2.5-year period, #security researchers detected 1 million compromised customer and employee accounts. 50% belonged to the major gaming companies and were for sale. #respectdata
He noted that having additional defenses would reduce the chance of a serious breach as attackers “continue to find ways to collect user ID and password combinations.”