#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

Gaming | Breaking Cybersecurity News | The Hacker News

Chinese Hackers Deploy Microsoft-Signed Rootkit to Target Gaming Sector

Chinese Hackers Deploy Microsoft-Signed Rootkit to Target Gaming Sector

Jul 12, 2023 Cyber Threat / Gaming
Cybersecurity researchers have unearthed a novel rootkit signed by Microsoft that's engineered to communicate with an actor-controlled attack infrastructure. Trend Micro has attributed the activity cluster to the same actor that was previously identified as behind the  FiveSys rootkit , which came to light in October 2021. "This malicious actor originates from China and their main victims are the gaming sector in China," Trend Micro's Mahmoud Zohdy, Sherif Magdy, and Mohamed Fahmy  said . "Their malware seems to have passed through the Windows Hardware Quality Labs (WHQL) process for getting a valid signature." Multiple variants of the rootkit spanning eight different clusters have been discovered, with 75 such drivers signed using Microsoft's WHQL program in 2022 and 2023. Trend Micro's analysis of some of the samples has revealed the presence of debug messages in the source code, indicating that the operation is still in the development and te
Dark Frost Botnet Launches Devastating DDoS Attacks on Gaming Industry

Dark Frost Botnet Launches Devastating DDoS Attacks on Gaming Industry

May 25, 2023 Gaming / Server Security
A new botnet called  Dark Frost  has been observed launching distributed denial-of-service (DDoS) attacks against the gaming industry. "The Dark Frost botnet, modeled after Gafgyt, QBot, Mirai, and other malware strains, has expanded to encompass hundreds of compromised devices," Akamai security researcher Allen West  said  in a new technical analysis shared with The Hacker News. Targets include gaming companies, game server hosting providers, online streamers, and even other gaming community members with whom the threat actor has interacted directly. As of February 2023, the botnet comprises 414 machines running various instruction set architectures such as ARMv4, x86, MIPSEL, MIPS, and ARM7.  Botnets are usually made up of a vast network of compromised devices around the world. The operators tend to use the enslaved hosts to mine cryptocurrency, steal sensitive data, or harness the collective internet bandwidth from these bots to knock down other websites and internet
Making Sense of Operational Technology Attacks: The Past, Present, and Future

Making Sense of Operational Technology Attacks: The Past, Present, and Future

Mar 21, 2024Operational Technology / SCADA Security
When you read reports about cyber-attacks affecting operational technology (OT), it's easy to get caught up in the hype and assume every single one is sophisticated. But are OT environments all over the world really besieged by a constant barrage of complex cyber-attacks? Answering that would require breaking down the different types of OT cyber-attacks and then looking back on all the historical attacks to see how those types compare.  The Types of OT Cyber-Attacks Over the past few decades, there has been a growing awareness of the need for improved cybersecurity practices in IT's lesser-known counterpart, OT. In fact, the lines of what constitutes a cyber-attack on OT have never been well defined, and if anything, they have further blurred over time. Therefore, we'd like to begin this post with a discussion around the ways in which cyber-attacks can either target or just simply impact OT, and why it might be important for us to make the distinction going forward. Figure 1 The Pu
Gaming Company Ubisoft Confirms It was Hacked, Resets Staff Passwords

Gaming Company Ubisoft Confirms It was Hacked, Resets Staff Passwords

Mar 14, 2022
French video game company Ubisoft on Friday confirmed it was a victim of a "cyber security incident," causing temporary disruptions to its games, systems, and services. The Montreuil-headquartered firm said that an investigation into the breach was underway and that it has initiated a company-wide password reset as a precautionary measure. "Also, we can confirm that all our games and services are functioning normally and that at this time there is no evidence any player personal information was accessed or exposed as a by-product of this incident," the company  said  in a statement. The news of the hack comes amid a string of high-profile attacks targeting  NVIDIA ,  Samsung ,  Mercado Libre , and  Vodafone  in recent weeks. While the extortionist gang LAPSUS$ claimed responsibility for these attacks, it's not immediately clear if the group is behind the Ubisoft breach as well. Technology news site The Verge, which first  reported  the development, said th
cyber security

Automated remediation solutions are crucial for security

websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.
Hackers Spread BIOPASS Malware via Chinese Online Gambling Sites

Hackers Spread BIOPASS Malware via Chinese Online Gambling Sites

Jul 12, 2021
Cybersecurity researchers are warning about a new malware that's striking online gambling companies in China via a watering hole attack to deploy either Cobalt Strike beacons or a previously undocumented Python-based backdoor called BIOPASS RAT that takes advantage of Open Broadcaster Software (OBS) Studio's live-streaming app to capture the screen of its victims. The attack involves deceiving gaming website visitors into downloading a malware loader camouflaged as a legitimate installer for popular-but-deprecated apps such as Adobe Flash Player or Microsoft Silverlight, only for the loader to act as a conduit for fetching next-stage payloads. Specifically, the websites' online support chat pages are booby-trapped with malicious JavaScript code, which is used to deliver the malware to the victims. "BIOPASS RAT possesses basic features found in other malware, such as file system assessment, remote desktop access, file exfiltration, and shell command execution,&quo
100Gbps DDoS attack took down Gaming servers with NTP Servers

100Gbps DDoS attack took down Gaming servers with NTP Servers

Jan 14, 2014
The New Year begins with a new form of amplified Distributed Denial of Service (DDoS) Attack, a weapon for attackers to bring down websites and servers. As we have reported two weeks ago that the attackers are abusing the Network Time Protocol (NTP) servers to perform an amplified version of DDoS Attack on various targets across the world. Earlier this week a number of popular Gaming services, including League of Legends, EA.com and Battle.net from Blizzard were taken down by similar DDoS attack . 'Network Time Protocol (NTP)' is a distributed network clock time synchronization protocol that is used to synchronize computer clock times in a network of computers and runs over port 123 UDP. " The attacker sends a small spoofed 8-byte UDP packets are sent to the vulnerable NTP Server that requests a large amount of data (megabytes worth of traffic) be sent to the DDoS's target IP Address.  "Security Researcher, Wang Wai  detailed  in a previous article on 'The
German Video Game 'Crytek' Websites go offline after Security Breach

German Video Game 'Crytek' Websites go offline after Security Breach

Aug 05, 2013
It seems that German Video Game company 'Crytek' has been the latest victim of hacking attacks on its website and few forums, and caused Crytek's family of websites to go offline. According to the company, " Our Crytek.com, Mycryengine.com, Crydev.net and MyCrysis.com sites were all subject to a security breach that may have resulted in some users' login data being compromised ,". Strangely, Crysis.com has not been taken down and is still running as normal. " We recently became aware of suspicious activity relating to some of Crytek's websites and acted quickly to take those websites offline for security reasons. We thank you for your patience, and expect to have these sites fully operational soon ." " Although it is uncertain whether the incident led to the copying and decryption of email addresses and passwords ", it continued, " it is possible that users with accounts on these websites have had personal data copi
Japanese Game maker Club Nintendo's 24,000 accounts Hacked

Japanese Game maker Club Nintendo's 24,000 accounts Hacked

Jul 08, 2013
Japanese video game maker Nintendo recently revealed that one of its main fan sites Club Nintendo got hacked and Out of 15.5 million login attempts in brute-force process, almost 24,000 user accounts have been hijacked early last month. Nintendo said it first became aware of the illicit logins on Tuesday evening after a large number of access errors on the site. However the security team believe that the hackers obtained the logins and passwords from an outside resource. The fan site, Club Nintendo, allows 3DS and Wii owners, as well as other fans of Nintendo games and hardware to answer survey questions and register their products. Members can do all this in exchange for "coins" or points. These can later be traded for other goods or services on the site. The site is open to users from all over the world, about four million of which are located in Japan. These accounts contain secure data of users' real names, addresses, phone numbers and email information. " The
Cybersecurity Resources