Posted on March 30, 2021 at 12:59 PM
Two Apex Legends players with top ranks have been banned for cheating on the console game using DDoS attacks on an Xbox server.
The two players, who were not named, are Apex Predators, the top hierarchy of Apex Legends ranking. Security analyst at Respawn Conor Ford stated that the two players have been banned from participating in the game. He was replying to a Reddit user after a video of the two banned players launching DDoS attacks on the Xbox servers surfaced on the forum.
The video showed a game crashing after one of the Apex Predators was eliminated. Shortly, the server reconnected and readmitted the defeated top player. But the most surprising thing is that the game reconnected showing that the defeated team won, rather than the other way around. Also, the ousted player was placed higher than the winning player in the console ranking.
A recent post admitted that console-ranked games are increasingly becoming less attractive due to the frequent DDoS attacks on most of the games. After the ban, the video was immediately taken down.
Ford works for Respawn, the parent company of Apex Legends. He added that the company will soon start taking more serious actions against perpetrators of such attacks.
“Console reckoning for DDoSers and DDoS customers incoming,” he said in a tweet. Ford has not replied to emails sent to him for comments about the situation.
The growth of online gaming attracts threat actors
The gaming industry is not new to cyberattacks. However, there are more attacks regularly than they used to be. Apart from the frequency of attack, gaming companies are now more affected due to the increased competition within the industry. The stakes have never been higher for gaming firms to protect their servers and systems.
This is because of the massive growth of eSports. The top 10 teams in the industry are valued at $2 billion. With more money getting into the system, gamers and other participants are increasingly looking for ways to cheat and gain an advantage. “We might want to call it digital doping,” says Dirk Schrader from New Net Technologies.
The numbers of DDoS attacks on these gaming servers have increased due to the increased size of the tournaments and their prize pools. Schrader added that businesses within the industry should introduce protection systems and essential controls to reduce the impact of this trend in the attack.
Hank Schless of mobile security provider Lookout admitted that the increase in mobile gaming is also influencing the rise of cyberthreats.
These threat actors usually succeed by sending links to targeted devices through mobile phishing to steal users’ login credentials. In several cases, the threat actors send the phishing link via the in-game messaging system, which redirects the targeted player to a bogus login page, Schless reiterates.
Threat actors are developing more effective strategies
The attacker usually fronts as a member of the game’s support and maintenance team. They try to make the target checkout the fake page by using different tactics to convince them. Apart from sending malicious links to emails, the threat actors have graduated to the extent of sending these links through apps, which sounds more convincing. Schless said the alternative apps work like the authentic versions, but they usually have trojans planted in them.
The threat actors are also improving their technical abilities by building a fake version of games and distributing it on third-party app stores. These app stores don’t have the same level of security protection as the iOS App Store or Google Play Store. But an experienced user who is very diligent may choose not to download such apps since they are not coming from either Apple or Google Store. Yes, many users are still falling victims and giving up their login credentials without knowing it.
Chief technology officer of Vectra Tim Wade said cheating concerns have led gaming companies to develop solutions that are now invasive to gamers’ privacy. He added that it has not stopped the incessant DDoS attacks in the industry. He said even some of eh anti-cheating countermeasures are acting like rootkits, creating an attack surface for users.