September 19, 2017
September 18, 2017
September 15, 2017
Posted September 5, 2017
The gaming sector’s good fortunes are making it a prime target for the kind of sophisticated cyberattacks once reserved for online banks and retailers.
Propelled by advances in mobile and virtual reality, the burgeoning world of first-person shooters and massively multiplayer online awesomeness will score more than $100 billion in revenue this year.
But it also finds itself struggling with a whole new level of fraud that could sink individual properties—as well as the publishers behind them.
Hacking for Fun and Profit
In what’s quickly becoming the summer of cyberattacks, ransomware from WannaCry to NotPetya are generating the lion’s share of global headlines.
So perhaps it shouldn’t be surprising that attacks in the virtual worlds of gaming get overlooked, despite the fact they threaten an otherwise booming industry.
Today, more than 700 million people play online games. In most cases, publishers use a freemium model that generates revenue through in-game purchases for items that enhance gameplay. And that adds up to irresistible opportunity for cybercriminals.
The objective: steal user credentials as well as in-game items, cheats and currencies, and then sell them to others online.
Of course, to pull that off means fraudulently accessing and manipulating games right from under publishers’ noses—a situation one of our engineers, Caleb Moore, knows all too well.
Before coming to ThreatMetrix, Moore developed games for the Chinese market, where he discovered that determining whether a player was really a legitimate user was one of his most frustrating challenges.
“Unfortunately, non-real, non-unique users are extremely common, diverse—and destructive,” he said.
According to Moore and others in the industry, key online attack modalities include:
The more popular and competitive the game, the more of a target it becomes.
Still, why does any of this matter?
While exact numbers are hard to come by, it’s been estimated that for every legitimate virtual item sold and downloaded within games, there are 7.5 lost to fraud. In China, it’s as high 273 fraudulent virtual items for every legitimate one.
With average spending on in-game items pegged at $50 per user per game, that could represent publisher losses starting at $260 million in potential revenue per year—with the real figure likely many multiples more.
With that kind of money in play, it’s no wonder there are now 5,000 new types of malware targeting online games every day, and 50,000 instances of phishing-based redirects pointing to imposter game sites, according to Gamasutra.
In all, this has enormous implications for publishers, including:
It also means increased costs for customer support and fraud prevention.
And, since more than half of an average game app’s users do not open their app again after the first day, if it takes you one week to respond to a security threat, your mobile game is already past its prime. Developers must have security figured out on day zero or risk losing advertising residuals.
Identity is the Key
Stopping this kind of fraud requires user authentication that goes far beyond login credentials that can be faked or stolen. But as Moore pointed out, solutions can’t create user friction, either.
“With customer acquisition costs going up across the industry, even a small attenuation in new users can lead to huge real-world costs,” he said.
In fact, these challenges are exactly why he was inspired to come work at ThreatMetrix.
Through our Digital Identity Network, the ThreatMetrix solution collects and analyzes hundreds of different data elements and correlates them with anonymized, global threat intelligence to provide a confidence score for each user in real time, without violating privacy.
Legitimate users simply breeze by, without even knowing this level of security is in place. And friction can be reserved for instances when extra precaution is needed.
“I realized that this was the product I most needed from the moment we first started accepting player registrations,” said Moore. “Today, I work to make it even better, in hopes that no one will have to face the same challenges I did.”
In other words: Game on.