According to a security company, nearly one million compromised accounts providing internal access to video game companies are up for sale on dark web forums as cyber criminals increasingly turn towards the online-gaming industry as a high-value target.
Cybersecurity company Kela examined underground forums and found an ecosystem based around buying and selling initial network access to gaming companies, as well as almost one million compromised accounts of gaming employees and clients up for sale – with half of those being listed in 2020 alone.
Compromised credentials up for sale – often only for just a few dollars – include usernames and passwords for all manner of business resources used by employees throughout gaming companies, including admin panels, VPNs, developer environments, client facing resources and more.
But in some cases, cyber criminals don't even need to scour underground forums for adverts selling compromised accounts – researchers say there are 500,000 leaked credentials available for free as a result of previous data breaches.
These include what the company described as "high-profile email addresses such as senior employees and email addresses that are generally a significant channel in the company" including finance, HR and IT support.
With this sort of information in their hands, cyber attackers could gain access to the wider network – or even the networks of other businesses that form part of the compromised target's supply chain.
These could be attacks designed to harvest additional credentials for additional exploitation or it's even possible that the compromised credentials could be used to deploy ransomware on the network.
Online gaming can be a lucrative business and cyber criminals know this which is why there's been an increase in underground activity looking to target these businesses, with users either selling or asking for access to online-gaming companies around the world to varying degrees.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.