Lateral attacks are a problem for the gaming industry, especially online games. Hackers use it not only to steal identities but to infiltrate corporate and government servers and steal proprietary data. Keeping attackers out is the primary goal of cybersecurity protection. In a lateral attack, however, the attacker implants malware into a device used to play a game. Once behind the firewall, the malware allows the attacker to move laterally through a network to map the system. From there they identify targets and eventually get to the organization’s crown jewels. These activities appear as “normal” network traffic to security pros who are overwhelmed by a flurry of alerts.
Last summer, games publisher Electronic Arts (EA) fell victim to such a data breach, according to Safeguard Cyber. The malicious actors made off with 780GB of user data.
According to a Safeguard Cyber news release, “Actors have become more creative with their utilization of non- email-based messaging applications (for example the use of Slack and Telegram instances as C2s for various ransomware campaigns). We expect malicious actors to continue to innovate in their use of these channels in the future.”
In May of this year, the popular children’s game Roblox suffered a similar breach, and possibly multiple breaches ranging from the uploading of pornographic content, ransomware decrypts and the exfiltration of 1.5 million users. We spent some time with Raj Dodhiawala, CEO of Remediant, a cybersecurity SaaS company that defends networks against lateral attacks. He was pretty hard on companies that expect users to protect the network.
Lou Covey is the Chief Editor for Cyber Protection Magazine. In 50 years as a journalist he covered American politics, education, religious history, women’s fashion, music, marketing technology, renewable energy, semiconductors, avionics. He is currently focused on cybersecurity and artificial intelligence. He published a book on renewable energy policy in 2020 and is writing a second one on technology aptitude. He hosts the Crucial Tech podcast.