Undertaking a thorough security audit for your organisation is critical to protect the safety of your data in the online sphere, especially in the face of sustained cybercriminal activity.
Cybercriminals can be relentless, as a new report from Kaspersky Lab has shown. The report analysed a "cyberespionage" campaign, which has been targeting companies in the online gaming industry since 2009, conducted by a hacking group known as "Winnti".
The Winnti group used trojans (a form of malware) to steal intellectual property such as source codes, which were then used to find more information about the infrastructure, design and conceptual ideas of online games.
According to the report, more than 30 companies in the online gaming industry were targeted and affected by the malicious activities of the Winnti group, with the majority of victims being software development companies in South East Asia.
However, the report also revealed that online gaming companies in countries as far-flung as Germany, the United States, Japan, China, Russia, Brazil, Peru and Belarus were also targeted during the sustained cyber campaign, which Kaspersky Labs says is still active today.
The report identifies three monetisation schemes that could be used by the Winnti group in order to profit from their cybercriminal activities – these include:
– Manipulating the accumulation of "in-game currency" used by players and converting this virtual money into real money
– Using stolen source code from online servers to look for further vulnerabilities inside games
– Using stolen source code to launch the group's own pirated servers
While the consequences from this particular criminal attack were limited to a particular industry, the report serves to highlight the dangers that all companies could face without a robust vulnerability management plan in place.
As the report has detailed, cybercriminal attacks aren't always isolated events – sometimes, a particularly stubborn group of unethical hackers may choose to target a company or a specific industry for a long period of time.
The consequences of an inadequate security policy can be disastrous for a company's public image, not to mention their intellectual property.
When security measures are breached and critical information is lost, companies can suffer the effects for a long time after the original incident, as it takes time for customers to build a relationship of trust.
To ensure your company has a robust security policy, you may want to consult a knowledgeable third party to help ensure that your ICT networks are protected.