Cyber Security
Time for the Gaming Industry to Level Up Against DDoS Attacks

Written by Matthew Andriani, CEO, MazeBolt Technologies
Distributed denial of service (DDoS) attacks present a significant threat to organizations as they grow in sophistication and frequency. According to several studies, the average successful DDoS attack in 2022 lasted for over 50 hours, compared to 30 minutes in 2021. As the entertainment world’s largest source of income, the gaming industry has become a prominent target for DDoS attacks. The gaming industry houses several different entities that need protection in tandem with gadgets such as online access for consoles, smartphones, and cloud-based casual games – leaving the door open for cybercriminals to capitalize on the ever-expanding attack surface.
Without adequate visibility into DDoS vulnerabilities, an attacker can exploit thousands of entry points without notice, the only way a successful DDoS attack can occur is because of a vulnerability in the DDoS protection. It may only take one attack for an application to experience downtime, costing the businesses hundreds of thousands to millions in revenue along with their reputation within the gaming space. When an attack does occur, organizations are forced to operate in a reactive scenario that will only disrupt business and risk further downtime. As the DDoS attack surface continues to expand, gaming companies must gain insight into their vulnerabilities to close these gaps in protection and ensure players remain online.
The evolution of DDoS within the gaming industry
There are several enticing factors behind launching a DDoS attack in the gaming industry, including competition, extortion, and at times, disgruntled gamers. Threat actors know exactly how much in revenue and reputational costs a minute of downtime will have on the organization. Competition is a particularly critical factor because if one site goes down, users can easily pass to the next online platform to continue their gaming experience.
Likewise, extortion has become an easy way for attackers to monetize the industry by threatening to attack an online gaming company unless a payment is made, specifically after a demonstration that the threat is real. Online gaming platforms especially house big players in this field with great sums of money at stake, placing a large target on these organizations for cybercriminals to exploit.
There is also a growing trend among disgruntled gamers, known as ‘DDoS for hire’. Individuals no longer need to be knowledgeable about the functions of DDoS attacks, rather, they can have someone else launch the attack on their behalf. Gaming organizations are heavily investing in DDoS protection. The problem is that they are not consistently scrutinizing every vulnerability across the attack surface – the only reason gaming companies are experiencing downtime is because of a vulnerability in the protection they have already implemented.
Deploying a tier-one DDoS protection provider can only ensure around 60% automated protection into the attack surface, the other 40% must be continuously scrutinized with visibility tools. While many of these gaming organizations have the best protection in place, they don’t have the list of vulnerabilities within that solution. Without this critical insight, it’s impossible to manage the vulnerabilities and protect against this growing threat.
A race against time
It’s no longer an if, but when a gaming organization will suffer from a DDoS attack. This is not a new concept to the industry – it is well-known that these attacks are being launched at an alarming rate. To transform DDoS protection processes, gaming companies should start with a trusted solution that continuously identifies vulnerabilities across the attack surface, while speeding up the remediation process to ensure the damaging downtime is minimized.
Once these vulnerabilities are identified, organizations must confirm their closure to provide a more solid defense. At this stage of the process, the company is battling the clock to prevent further damage. Organizations that cannot keep up with this process will continue to experience downtime, and DDoS mitigation vendors not actively engaged in vulnerability management will be at a major disadvantage when working to avoid damaging DDoS attacks.
If you are not at the top of your game with DDoS protection, your organization will be knocked offline, costing millions in downtime and reputational losses.
Cyber Security
A Total of 13 Organizations in 9 Countries Fall Victim to “Dark Pink”

Group-IB has today published a new update into the APT (advanced persistent threat) group codenamed Dark Pink, revealing that a total of 13 organizations in 9 countries have now fallen victim to this malicious actor. Dark Pink’s operations were detailed in depth by Group-IB’s Threat Intelligence unit in a January 2023 blog post, and at this time, researchers linked the group to attacks on 7 organizations in the Asia-Pacific region and 1 in Europe. Group-IB experts have since discovered 5 new Dark Pink victims, and the geographic scope of the group’s operations is wider than previously thought, as organizations in Brunei, Thailand, and Belgium were all hit by Dark Pink attacks.
Continued analysis has revealed that this group is still active, as Dark Pink attacked a government ministry in Brunei this past January and a government agency in Indonesia as recently as April 2023. Additionally, Group-IB researchers were able to attribute three other attacks from 2022 to this particular APT group. The initial access vector for Dark Pink attacks continues to be spear-phishing emails, and Group-IB researchers noted in their January 2023 blog that the group utilized an almost-entirely custom toolkit to exfiltrate files and messenger data from infected devices and networks.
Since then, Group-IB experts can reveal that Dark Pink APT has updated many of these custom tools, changing their functionalities in order to allow the group to slip undetected past defense mechanisms of cybersecurity systems. For example, the group’s custom KamiKakaBot module, designed to read and execute commands from the threat actors via Telegram, is still stored on the filesystem of infected devices, but it is now divided into two distinct parts — one that controls the device and the other that steals sensitive data. Dark Pink also continues to use an MSBuild utility to launch KamiKakaBot in the infection chain.
Group-IB’s Threat Intelligence unit has discovered Dark Pink’s new account on GitHub, which was created as soon as the first information about the APT group was published in the public domain this past January. The threat actors can issue commands to infected machines to download files from this GitHub account, and Group-IB researchers found 12 commits to the new account performed between January 9 and April 11, 2023.
Recent attacks have also seen the group exfiltrate stolen data over a HTTP protocol using Webhook service, and they have also leveraged functionalities of an MS Excel add-in to ensure the persistence of TelePowerBot (a simpler version of KamiKakaBot written in PowerShell). In line with Group-IB’s zero-tolerance policy to cybercrime, all confirmed and potential victims of Dark Pink attacks were issued with proactive warnings.
“Dark Pink APT shows no sign of slowing down,” Andrey Polovinkin, Malware Analyst at Group-IB, said. “APT groups are renowned for their responsiveness and ability to adapt their custom tools to continually avoid detection, and Dark Pink is no exception. The profile of the affected targets underscores the significant danger that Dark Pink poses for both public- and private-sector actors. Group-IB will continue to analyze all Dark Pink activity and ensure that confirmed and potential victims are informed.”
Cyber Security
Acronis Launches Endpoint Detection and Response

Acronis has announced the general availability of Acronis Advanced Security + Endpoint Detection & Response (EDR) for Acronis Cyber Protect Cloud. With new capabilities such as AI-based attack analysis, Acronis EDR reduces complexity and simplifies workflows for a more streamlined operation, making it easier than ever for MSPs and the businesses they serve to deploy comprehensive security and data protection. With more organizations turning to MSPs for their backup and security needs, and with a greater need for simplicity and efficiency, Acronis EDR aims to expand the adoption of advanced security capabilities, helping organizations of all sizes better protect themselves.
“With the proliferation of endpoints and increasing frequency of cyber threats, EDR has become a mission-critical tool in incident response and the fight for data protection. But solutions that are difficult to deploy and maintain are an obstacle,” said Research Vice President of Security and Trust Michael Suby at IDC. “The best solutions deliver the advanced security of EDR and meet the needs of the IT professionals who use it. That means easy deployments and rapid detection, response, and recovery with AI and automation on board.”
Acronis EDR offers the broadest number of out-of-the-box recovery options that take advantage of the integration with Acronis Cyber Protect’ backup and recovery, endpoint management, and endpoint security capabilities. Designed for Managed Service Providers (MSPs), it allows them to quickly and easily analyze and prioritize security incidents, minimize downtime, and maintain business continuity while keeping their clients safe and protected.
“Other EDR tools can be over-complicated and force MSPs into expensive, time-consuming processes to implement and understand. Acronis EDR delivers a robust EDR solution that is easy to deploy and use while following industry-established standards like the NIST cybersecurity framework and mapping to the MITRE ATT&CK framework,” said Candid Wüest, VP of Research at Acronis. “By rapidly understanding attack analysis and impact, Acronis EDR users can quickly evaluate a potential threat, gain insight into how an attacker gained access, what damage was caused, and how the attack might spread.”
Acronis EDR delivers:
- Optimized Incident Analysis to quickly and easily analyze and prioritize security incidents and potential attacks without relying on costly security expertise or time-consuming processes.
- Integrated Security with Backup & Recovery, for comprehensive protection critical to minimizing downtime and maintaining business continuity in the event of an attack.
- A Complete Cyber Protection Solution in a single agent — simple for MSPs to deploy, manage, and scale — that eliminates the cost, complexity, and security gaps inherent in multiple-point solutions.
“As a cybersecurity expert, I have witnessed firsthand the evolution of EDR and how it has revolutionized the way we approach security,” said Eric O’Neill, former FBI counterintelligence operative. “EDR allows security personnel to efficiently investigate, remediate, and recover from potential incidents while also reducing the attack surface and threat actor dwell time. The latest advances in EDR technology allow for rapid analysis of attack changes, shortened time to respond to incidents, and better business continuity for all organizations.”
Artificial Intelligence
Fake ChatGPT Apps Scam Users Out of Thousands of Dollars, Says Sophos

Sophos has announced that it had uncovered multiple apps masquerading as legitimate, ChatGPT-based chatbots to overcharge users and bring in thousands of dollars a month. As detailed in Sophos X-Ops’ latest report, “’FleeceGPT’ Mobile Apps Target AI-Curious to Rake in Cash,” these apps have popped up in both the Google Play and Apple App Store, and, because the free versions have near-zero functionality and constant ads, they coerce unsuspecting users into signing up for a subscription that can cost hundreds of dollars a year.
“Scammers have and always will use the latest trends or technology to line their pockets. ChatGPT is no exception. With interest in AI and chatbots arguably at an all-time high, users are turning to the Apple App and Google Play Stores to download anything that resembles ChatGPT. These types of scam apps—what Sophos has dubbed ‘fleeceware’—often bombard users with ads until they sign up for a subscription. They’re banking on the fact that users won’t pay attention to the cost or simply forget that they have this subscription. They’re specifically designed so that they may not get much use after the free trial ends, so users delete the app without realizing they’re still on the hook for a monthly or weekly payment,” said Sean Gallagher, principal threat researcher, Sophos.
In total, Sophos X-Ops investigated five of these ChatGPT fleeceware apps, all of which claimed to be based on ChatGPT’s algorithm. In some cases, as with the app “Chat GBT,” the developers played off the ChatGPT name to improve their app’s ranking in the Google Play or App Store. While OpenAI offers the basic functionality of ChatGPT to users for free online, these apps were charging anything from $10 a month to $70.00 a year. The iOS version of “Chat GBT,” called Ask AI Assistant, charges $6 a week—or $312 a year—after the three-day free trial; it netted the developers $10,000 in March alone. Another fleeceware-like app, called Genie, which encourages users to sign up for a $7 weekly or $70 annual subscription, brought in $1 million over the past month.
The key characteristics of so-called fleeceware apps, first discovered by Sophos in 2019, are overcharging users for functionality that is already free elsewhere, as well as using social engineering and coercive tactics to convince users to sign up for a recurring subscription payment. Usually, the apps offer a free trial but with so many ads and restrictions, they’re barely useable until a subscription is paid. These apps are often poorly written and implemented, meaning app function is often less than ideal even after users switch to the paid version. They also inflate their ratings in the app stores through fake reviews and persistent requests of users to rate the app before it’s even been used or the free trial ends.
“Fleeceware apps are specifically designed to stay on the edge of what’s allowed by Google and Apple in terms of service, and they don’t flout the security or privacy rules, so they are hardly ever rejected by these stores during the review. While Google and Apple have implemented new guidelines to curb fleeceware since we reported on such apps in 2019, developers are finding ways around these policies, such as severely limiting app usage and functionality unless users pay up. While some of the ChatGPT fleeceware apps included in this report have already been taken down, more continue to pop up—and it’s likely more will appear. The best protection is education. Users need to be aware that these apps exist and always be sure to read the fine print whenever hitting ‘subscribe.’ Users can also report apps to Apple and Google if they think the developers are using unethical means to profit,” said Gallagher.