The Take Two hack reflects a growing trend of cyberattacks on gaming firms, both small and large. As more users spend money on games and add money into their digital wallets of these games, besides adding personal data to gaming accounts, hackers are turning their attention to such firms to steal data, credentials, and more.
For instance, homegrown mobile gaming unicorn Mobile Premier League (MPL) has been facing an increase in “failed cyberattacks” over the last few months, said Ruchir Patwa, vice president of security and compliance at MPL. Patwa said that such instances include social engineering attacks, where hackers try to pose as employees or company executives to gain unauthorized access to internal systems.
Suman Saraf, chief technology officer of BlueStacks, a cloud gaming platform, concurred, saying that cyberattacks against both gamers and gaming companies have increased due to the “steady expansion” of in-game purchases—often called microtransactions. “Attackers are on the constant lookout for credentials, in-game currency and assets, payment details, and personally identifiable information,” warned Saraf.
The gaming industry, which is currently said to be even bigger than Hollywood, makes bulk of its earnings from sales of digital items, access passes, subscriptions, etc. For instance, in November last year, a report by the Boston Consulting Group and venture firm Sequoia, said the Indian gaming industry alone made $1.8 billion in revenues in 2020. Experts noted that most of the revenue came from microtransactions—a rupee here, ten there, and so on.
Much like a fintech application, gaming firms also perform know-your-customer (KYC) checks to verify users and store the data in internal systems. They also use mobile numbers to sign in, and have digital wallets built in where gamers can store their money to make buying digital items easier. Oliver Jones, co-founder of Bombay Play, a Bengaluru-based gaming firm, noted that attacks are mostly against real money firms, as opposed to those making free-to-play games.
India had 91 million gamers by March 2021, according to a report by EY and Federation of Indian Chambers of Commerce & Industry (Ficci), and is said to be the biggest gaming market (mobile, console and PC combined) after China. It is expected to grow three times, to $3.9 billion by 2025, according to a 2021 report by KPMG.
In August, cloud service firm Akamai Technologies, said in a report that attacks on gaming firms globally have more than doubled between Q1 2021 and Q1 2022. India was the third most targeted country after the US and Switzerland. “If they can hijack a million transactions a month they can make millions,” said Dean Houari, director, security technology and strategy, Asia Pacific & Japan, Akamai Technologies.
He also pointed out that “the problem is that with sudden high demand, you also need to find a scalable platform”.
“Many in the gaming industry went to the cloud and that has increased the attack surface,” Houari added. Attack surface is the number of points of entry the hacker can have to a firm’s systems.
“Also, due to the scale, many security teams do not have visibility over all assets developed in the cloud, which basically opens the door to a lot of new vulnerabilities and attack surfaces,” he said.
“Often the volume of users on their platform is so high that they avoid paying for a security solution that can verify every user,” said Jones at Bombay Play. Security solutions usually cost more as a platform scales, with charges usually ranging from a few thousands to a few lakhs per application.
Many gaming firms in India may have become unicorns, but they remain small businesses in operations. Like most startups, they too are focused on growth over other things. The co-founder of a security firm said he charges small businesses ₹20,000 per application, with the cost for a company with 30-40 people being at least ₹5 lakh. For large platform providers with millions of users, this could lead to their security costs to run into crores.
.
Download The Mint News App to get Daily Market Updates & Live Business News.
More
Less
Be the first to comment