Kaspersky has this week released the findings of their research on the malware dubbed BloodyStealer. According to its creators, the malware can steal passwords, cookies, bank card details, browser autofill data, screenshots and more, and it is advertised on underground forums.
It looks like the criminals behind BloodyStealer are targeting gamers, as they are selling access to specific accounts, both individually and wholesale. Accounts with add-on and expensive items hold particular value, but they are typically sold at a huge discount. The content of these accounts is often traded, often for a fraction of its value. For less than 50 cents, one could by access to Need for Speed and other titles.
Here’s what security experts had to say on this threat:
Sam Curry, chief security officer at Cybereason:
“It’s become almost a reflex now: another letter or email in your mailbox, “we regret to inform you that due to a breach, your personal data may have been….” and in the gaming industry, user data is still highly sought after, but at much cheaper prices than in the past with attackers successfully using the malware as a service model to generate revenue and driving down costs as the supply increases. Overall, the number of identity compromises by this point is more than 10 times larger than the world’s population and yet life continues. The unthinkable has become the mundane and the routine. In the short term, consumers should protect themselves with strong passwords and also enable two-factor authentication. Also, double check websites, email addresses and phone numbers to verify their authenticity. Fraudsters will oftentimes deploy phone numbers, email addresses or URLs that differ slightly from the real one. Also, never click on links or open attachments from unknown sources. And take advantage of free credit reporting services. And immediately contact law enforcement if you think you have been victimized”
Jordan Dunne, security consultant at edgescan:
“As the gaming industry continues to grow, so too does the potential for malicious attackers to make a profit. As more users create accounts on gaming platforms, buy more games and content on these accounts, and attach their payment details to these accounts, there will also be an increase in the market for stolen accounts.
With this in mind, these platforms must take major steps in securing the data of their users and combat threats such as the BloodyStealer trojan as quickly as possible. As the gaming industry becomes a more prominent target, the tools used to target the users become more sophisticated, which can be seen with BloodyStealer using methods such as anti-debugging tools to help it evade detection. A $40 price tag in order to potentially access content worth over thousands of dollars would of course be a tempting offer to many attackers, and it’s important that all lucrative industries identify their threats and risks quickly and implement the correct response to combat equally imposing threats as these cheap, easy to use and meticulous attacks become increasingly present.
In order to prevent these attacks going forward, gaming platforms should enable protections such as Multi-Factor authentication by default when applicable, alerting a user when their has been suspicious activity on their account, and explaining to their users these threats in a simple to understand manner so that they may better protect themselves (explaining the importance of enabling MFA, using strong and unique passwords, etc.)”
Dean Ferrando, lead systems engineer at Tripwire:
“There is obvious value in obtaining personal identifiable information and account details of users, but these are also a goldmine for malicious actors intending to plan further attacks – be it phishing or otherwise. It is paramount that the involved parties take all the necessary steps to mitigate the consequences of this incident, which include changing all their passwords, especially if they were used on accounts related to the impacted companies.”
“Those within the gaming industry should take this opportunity to visit their own security controls to ensure they are adequately deployed. A security team should be able to easily assess how many of what kind of assets are on the network, how securely they are configured, and what the vulnerability posture of those assets are. All organizations should use this as a wakeup call to ensure that security is not just a check box for compliance. Hardening systems help to safeguard the integrity of your digital assets and protect against threats and vulenerabilities. Brands like EA and Steam etc want to provide a safe and secure space for gamers and not a game over experience.”