A social engineering attack has been targeted towards Riot Games, the video game developer and eSports organizer. The attack affected various titles. This included League of Legends and Team Fight Tactics. The popularity of these titles means that the number of possibly affected users would have been substantial.
A statement from the company explains how a ransom was requested for an undisclosed amount to reinstate the code taken.
Looking into the issue for Digital Journal is Tonia Dudley, CISO at Cofense.
According to Dudley it is important for the technology sector to sit up and to take notice of this cybersecurity incident: “This attack is significant for multiple reasons. First, the attack follows an industry trend – in recent years, the gaming sector has become an increasingly popular target for cybercriminals.”
This forms part of an emerging trend, Dudley notes: “As investments in everything from eSports to video games have increased, cyberattacks – particularly distributed denial-of-service (DDoS) attacks – have skyrocketed. This attack comes shortly after the September ransomware attack on gaming giant, Rockstar, which resulted in stolen confidential internal data.”
There is another important reason, which Dudley draws out: “Second, while no personal information or player data was exposed, this attack still presents significant future challenges.”
Another implication is: “Since the company’s source code was leaked, there is both an increased chance of cheating – as the attack targeted Riot’s anti-cheating platform – and an increased chance that hackers may exploit vulnerabilities in the future.”
“Truthfully, any exposure of source code can increase the likelihood of new cheats emerging. Since the attack, we’ve been working to assess its impact on anticheat and to be prepared to deploy fixes as quickly as possible if needed,” the company announced in a statement.
Finally, there is another concern of note. Dudley assesses this as: “One of the main components of any social engineering attack is its lure design. Scammers often use emotional triggers to get their victims to act, including fear and impulse, which causes many people to overlook phishing red flags like grammatical and formatting errors.”
The issue means that companies in the sector need to assess what is the appropriate action to take. Dudley recommends: “As a result, it is essential that organizations take the necessary steps to protect inboxes, detect threats, and respond to attacks.”
Furthermore, firms can safeguard themselves by: “Adopting actionable intelligence that gives visibility into the phishing attacks in your network, immediate and decisive responses to phishing threats, and a rapid and automatic quarantine of malicious emails will help keep malicious actors at bay.”