Electronic sports, popularly known as esports is a competitive form of gaming facilitated by electronic systems such as PCs, gaming consoles, and mobile phones. Esports players play video games together, competitively, in tournaments, esports leagues, etc. We have seen the competitive video gaming scene grow to a multi-million industry in the past decade. The figures suggest that esports is on track of becoming one of the most lucrative markets in the world. However, esports cybersecurity has become a serious concern in the territory.
The growth and apparent success of the esports industry hasn’t been without its fair share of challenges. Cybersecurity is a major issue in competitive gaming. With revenues exceeding $1 billion and audiences of more than 400 million across the globe, the competitive gaming industry is a prime target for hackers and other malicious threat actors. Here are some of the most common cyber risks faced by esports players and fans.
Data theft is one of the biggest esports cybersecurity concerns. With millions of fans across the world, the esports industry is bound to attract digital hoodlums looking to make illicit financial gain by exploiting vulnerabilities in the system. Digital Platforms such as EA Origin and Steam have hundreds of millions of users, which makes them ripe for cyberattacks. Players and fans ultimately store their credentials, including payment details, through these platforms.
In December 2016, the eSports Entertainment Association (ESEA), one of the biggest eSports communities experienced a data breach where more than 1.5 million accounts were compromised. The attackers made away with information such as cell phone numbers, hashed passwords, private messages, emails, and usernames. In this case, the hackers demanded a $100,000 ransom in exchange for not releasing or selling the data to third parties.
The ESEA declined this request on the grounds that the payment of the ransom did not provide any guarantees to their members vis-à-vis what would become of their stolen data. Hackers are also targeting gaming accounts and other information, which they, in turn, sell to the highest bidder on underground cybercriminal forums where they have sections set aside for esports or online gaming sales. Akin to stolen credit card accounts, the market for stolen gaming accounts is swamped.
Ransomware is a type of malicious software (malware) that locks files in your computer and demands payment in exchange for a key to unlock them. Ransomware attacks are becoming increasingly common in esports cybersecurity as a mechanism to disrupt active players. Attackers design the software specifically to lock your game files and prevent you from participating in an upcoming event. A ransomware attack will always end up in financial loss — either by paying the ransom or taking your PC to a technician to recover your data.
Keep in mind that paying the ransom doesn’t guarantee that you will get your files back. However, it’s easy to see why some players may be tempted to pay up. It all depends on how much is at stake. For instance, a ransomware attack right before a qualifying match or a vital tournament could leave you desperate. An easy solution would be to pay the ransom, but that’s not a good idea. Later in the article, we’ll look at various ways to prevent ransomware attacks.
Apart from ransomware, there are many types of malicious programs that can be used to target esports platforms. Attackers can infect your PC with keyloggers to map your keystrokes as you log in to your account and send the results to them. The hackers will, in turn, take control of your account and lock you out. You may end up losing in-game valuables such as ranks as well as purchased or unlocked items.
Researchers warn that competitive gamers could also be targeted through spear-phishing attacks. Phishing is still a common way for hackers to deliver malware to your computer. A phishing attack almost always begins with a phoney email or text message designed to dupe the victim to click on a link, or share sensitive information. Users can install malware on their devices by simply clicking on the link provided.
A Distributed Denial of Service (DDoS) attack occurs when hackers attempt to crash an online system, such as a web server, by flooding it with traffic. The goal is to make the target website inoperable. The traffic usually consists of fake packets, requests for connection, and incoming messages. DDoS attacks are one of the most powerful weapons on the internet and by extension in esports cybersecurity. In esports, hackers can use DDoS attacks to direct traffic to servers hosting online matches, and the effects can be devastating.
At best, a DDoS attack in online gaming will slow down connections and cause lagging. In a sport where the fraction of a second can have an impact on the outcome of the event, a DDoS attack can be disastrous. There are cases where individual players have been targeted with DDoS attacks to make their esports teams perform poorly (or kick individual players off the internet), giving their opponents a competitive edge. At worst, a DDoS can easily culminate in the whole event being taken offline.
Extortion is common in the esports industry. Cybercriminals use ransomware and DDoS attacks to extort money from players and gaming companies. In a ransomware attack, attackers lock your computer files and demand payment from their victims — in exchange for the decryption key. DDoS attacks can also be used for extortion purposes in esports. Hackers could demand payment from gaming companies and tournament organizers for not launching a DDoS attack.
As stated earlier, a DDoS attack can result in an esports tournament being taken offline. If this were to happen, the organizers would incur massive reputational damage as these events are broadcasted live. As a result, the organizer might consider consenting to the attacker’s demands to avoid such a scenario. However, paying your attackers is not the best way to go about it as it only serves to incentivize further extortion attempts.
Last but not least, cheating is one of the most common cybersecurity risks faced by esports players. Players in esports leagues can earn millions in prize money. The huge prizes incentivize the players to engage in this underhand practice to gain a competitive edge. Cheating is so widespread to the extent that cheat hacks are available as little as $20 on underground esports and gaming forums. Cheat hacks are potentially dangerous as they may be infected with malware.
As you can see, there are many cybersecurity risks facing esports players and fans all over the world. Distributed Denial of Service (DDoS) attacks can be used to compromise gameplay during important events. A vast array of malware ranging from ransomware to info stealers can also be a thorn on your side. Data breaches are also common on esports platforms. Some players use cheat hacks to gain competitive advantage. Read on to learn how to protect yourself from these threats.
Cybersecurity Tips for Esports Players and Fans
The esports industry needs to deal with these cybersecurity issues as they threaten the legitimacy and integrity of the entire competitive gaming scene. From fans to the players to gaming companies, everyone has a part to play when it comes to defending against the wide range of cyberthreats in the esports industry. Below, we look at the various steps esports players and fans can take to protect themselves against cyberattacks.
Use a VPN
A Virtual Private Network (VPN) is one of the most important tools every online gamer should have. A VPN comes with plenty of benefits for gamers. A good VPN conceals your identity, protects your privacy, and secures your internet connection effectively, keeping you safe from anyone snooping on your online activity.
A VPN allows you to change your IP address and appear as if you are in a different country. You will be able to play new games before they are launched in your region.
A VPN also helps protect your gaming connection against Distributed Denial of Service (DDoS) attacks by hiding your real IP address. The app also reduces ping, thereby improving the overall gaming experience.
When it comes to esports tournaments, it ensures gamers the shortest connection routes between you and the gaming server. A shorter distance between you and the server means faster reactions, thus reducing overall lag when playing games online.
Install Antivirus Software
Malware is common in online gaming platforms. In 2014, 45 million Twitch users experienced a cyberattack involving a piece of malicious software known as ‘Eskimo.’ This attack began as a phishing scam that would tell users that they had won a raffle. The users were supposed to click on the link provided in the email to confirm. The link was infected with malware, and by clicking on it, users downloaded and installed the harmful software onto their devices.
Installing a reliable antivirus program can help gamers mitigate the risks of malware infection. A strong antivirus product will aggressively scan for infected items on your computer and remove them. The program will even scan email attachments for viruses before you download them. Make sure that your antimalware solution offers real-time protection, both online and offline. A good antivirus program will be able to identify infected software and block its installation.
Beware of Phishing
Phishing attacks are common in the gaming community. In a phishing attack, the attacker masquerades as a legitimate entity — in this case, a gaming company or a digital platform such as Steam — using email as a weapon. The objective is to convince the user into believing that the message is something they need or want and to download an attachment or click on a link. The attackers may also try to use psychological manipulation to get the recipients to give away their account information.
Scammers launch thousands of phishing attacks every day. The vast majority of cyberattacks start with a phishing email. Keep in mind that the act of phishing is not an attack by itself; it’s just the delivery method. What can you do to avoid becoming a victim of a phishing scam? Be vigilant. You will receive emails, private messages, or pop-ups with unique offers. Exercise caution when clicking on links or downloading attachments on these messages.
Keep Your Software Up to Date
Developers are always looking for ways to stay ahead of hackers; that’s why they are always releasing software updates. Hackers use exploits to take control of your system and steal sensitive personal data such as financial information. Updates are released to patch potential vulnerabilities and make it difficult for attackers to gain access to your PC. Keep your software updated (both your gaming software and antivirus programs) will keep you at par with the latest industry standards and safe from most cyberattacks.
Use Strong Passwords
One of the reasons why cybercriminals target gaming platforms is that they tend to use low friction authentication to promote usability. Additionally, most gamers view breached gaming accounts as a low-risk situation and don’t put much effort into creating secure passwords. Attackers use password cracking software and keyloggers to steal login credentials. Using a password manager comes in handy for generating strong, unique passwords for your gaming accounts and storing them safely. That way, you only have one password to remember.
Protect Your Identity
Cyber attackers love to target sensitive personal data. As an esports player or fan, you need to make sure that you have taken the necessary precautions to protect personal information. For instance, instead of using a real photo of yourself on your gaming profile, use an avatar. Advancements in facial recognition technology have made it possible for cybercriminals to gather information such as social media profiles, where you live, etc. using a photo. Don’t put information such as credit card details, birthday, etc. on your profile.
With projected global revenue of $1.194 billion by 2021, the esports industry is not showing any signs of slowing down. We should expect more sold-out arenas, professional leagues, and Coca-Cola level sponsorships in the future. Given that cybercriminals tend to follow the money, cybersecurity incidences in competitive gaming are only expected to increase as the industry continues to grow. Esports players and fans can only be safe if they stay vigilant and take the necessary cybersecurity precautions.