The Impact of Bad Bots in Online Gaming

The increasing amount of online gaming fraud is taking the fun out of video games. Developers and publishers work hard to protect players’ membership accounts and yet hackers are still able to gain access despite the added security, by using bots in conjunction with SQLi and phishing attacks across third-party applications, websites, mobile apps and APIs.

Bots in online gaming are regularly used to carry out credential stuffing attacks, in two steps:

1. Cybercriminals use bots in online gaming to validate the credentials of players whose accounts have valuable assets. This can be payment information or in-game assets such as costumes or in-game currency.

2. Validated accounts are resold on the dark web; often accompanied with other user information such as payment details. These accounts are cybercriminal’s stock and their customers buy from reputation. Bots are used to validate the account’s stock. However, this isn’t flagged as an attempted breach to the developer or publisher SOC teams if the login is successful. This abuse of functionality enables cybercriminals to verify the accounts they have on sale and offer replacements to their customers if needed. This process is often carried out as a low and slow credential validation attack; which is typically undetected.

Many third-party sites allow players to compare their performance against their fellow players in both competitive and non-competitive leagues. Hackers target these sites as they generally do not have the same defences as the publisher or developer’s applications, allowing them to use bots to quickly validate the player’s credentials. Once validated, the details are sold on as ‘valid accounts’ to enable easy login during an account takeover attack.

Try Netacea

Empower your business with control over bot traffic and the ability to detect bots and block malicious traffic in real-time.

  • Machine Learning Bot Detection
  • Access Shared Threat Intelligence
  • Rapid Attack Response & Real-Time Insight
  • Quick & Seamless WAF/CDN Integration
Get a Demo