The Esports industry is experiencing an unprecedented rise in popularity with live audiences tipping the hundreds of thousands mark. To plug the gap created by the cancelation of physical sports, events such as the EA Sports FIFA-20 tournament, featuring Premier League players and guests, are drawing the crowds and keeping both players and fans happy.
A recent study from Syracuse University estimates that e-sports viewership could exceed physical sports by 2021. In line with increased interest in e-sports, tournament prizes are also taking a jump: in 2018 the total e-sports prize pool in the US alone hit $150 million, a 35 percent increase compared to the previous year.
The current coronavirus situation is driving Esports faster than ever anticipated. But it’s not just fans and players joining the movement, hackers are turning their attention to an increasingly profitable market.
Vulnerable players are easy targets and malware and distributed denial of service attacks (DDoS) can be turned to the hackers’ advantage. Outside of financial incentives, the esports industry is also ripe pickings for threat actors looking to espouse unsavory political or ideological viewpoints.
Here, we go over three of the biggest cyber threats facing the e-sports industry and a couple of ways players and fans can protect themselves.
Key Cyber Risks
DDoS attacks on esports competitions are not new. In 2015, the Dota 2 Championship, with a prize pool of $18 million, was attacked on the second day of the event. In 2017, attackers initiated ongoing DDoS attacks on the game Albion with the demand for ransom in return for a virtual ceasefire.
It is likely that ransom-led DDoS attacks will increase in line with greater tournament prizes. In addition, DDoS services are now available on the underground market with plenty of sellers to choose from.
Cybercriminals are savvy to the potential of targeted ransomware. Esports event organizers and key sponsors are the primary targets here; higher payouts require greater cashflow. If it comes to a choice between organizers and sponsors, sponsors are the obvious choice thanks to their deeper pockets. For this reason, brands participating in e-sports events at the sponsor level should take plenty of precautions.
Players’ Banking Credentials
Our previous two threats have largely focused on organizations over fans and players. But attendees and participants in e-sports events face threats too. Hackers have always targeted banking credentials and personally identifiable information (PII) and e-sports is a viable starting point for bad actors.
In 2016, a malware program named Steam Stealer utilized phishing attacks to seek information for players on Valve’s Stream platform. Targeting users’ account credentials and online gaming items, it managed to steal a whopping 77,000 accounts per month.
Basic Protection Measures
In an ideal world, client developers make security their number one priority and invest in meticulous pen-testing, from top-quality security firms. But this isn’t always the reality. E-sports players and fans should double-check that clients are up to date and as secure as possible. Securing devices with a VPN, especially when connected to public WIFI networks at e-sports conventions, adds a layer of security that shouldn’t be ignored.
Attend to the Basics
Too often online users let even the most rudimentary of online rules slide: think repeated passwords, short passwords, passwords that are personal, and a lack of two-factor authentication. Users may be lulled into a false sense of security by big names such as EA and think their data is automatically safe.
But as the past has shown us, these big names are prime targets. In 2018, a bug in EA’s Origin client was found. This bug allowed a malicious entity to scrape account data. The lesson here is that even top-name clients aren’t immune, users should make sure all their basic cybersecurity ducks are in order.