As reported by the BBC, action role-playing game Dark Souls 3 has been taken offline following reports of an exploit that could allow bad actors to take control of your PC. Publisher Bandai Namco and developer FromSoftware have turned off player-v-player (PvP) servers, meaning gamers cannot play competitively.
The downtime affects Dark Souls 3, Dark Souls 2, and Dark Souls: Remastered. But the purported exploit cannot affect console gamers and as such PvP remains available on PlayStation and Xbox. Dark Souls 3 was released in 2016 to much fanfare and remains one of the top 100 most-played games on PC by active users, according to game-distribution service Steam. Though the servers being down reduces functionality, the game remains entirely playable without PvP.
<p>Remote code execution (RCE) vulnerabilities aren’t new or rare but they are dangerous when no one knows they exist. We see threat actors use RCEs all the time, especially when the vulnerabilities do not have a patch available. Cybercriminals can use these vulnerabilities to execute malicious code in the application to gain access to the underlying system for fun and profit. Companies impacted by these types of vulnerabilities need to take immediate action to protect their customers by releasing patches. Meanwhile, gamers affected should monitor their systems for abnormal activity such as crypto-miners.</p>
<p>The risk of remote worker networks is very apparent from this attack. As we connect our gaming systems to the same network as resources that attach to the corporate network, the infection can easily spread from home to a much bigger operation. It is critical for security teams to understand how users are accessing network resources but incorporate that information into risks and severity associated with attack campaigns. This is where identity and specifically access analytics incorporated into next generation SIEM can narrow down indicators of compromise and determine malicious behaviors hiding as authorized user activity.</p>
<p>The recent reporting of an RCE vulnerability in the popular <span class=\"il\">Dark</span> <span class=\"il\">Souls</span> game might seem like a gamer’s problem, but it is not. In recent years, more and more people started working from home, and this was further accelerated by the ongoing pandemic. One of the side effects is that employees use their organisation’s computer for personal use or sometimes vice versa – their personal computer for work related activities. The result of this situation is, not only growth in shadow IT, but also in unauthorised and unsanctioned applications and devices. Cato Networks analysed over 1 Trillion network flows in 2021 and discovered that the majority of organisations’ networks are filled with these applications. With over 1000 organizations analysed, researchers found applications such as TikTok, Netflix, Spotify and others running on organisation’s networks. Services that cross networks such as <a href=\"https://u7061146.ct.sendgrid.net/ls/click?upn=4tNED-2FM8iDZJQyQ53jATUct9oZDPc-2F6YpB0QtpNfb14gNIB3FVuJRE5fxtj1CgLEljr5P1NlXE44s-2FLigAikm13B4d6fnTz9R4B9pFYbt5zMmq-2F-2BmGo8qs0KRIXHIjfR2pGTvPXc1H9EiK8oId79MEVGyhRZrAiabVf-2BQaYRkrR3pzmuCQtT8knqXQnq2zGBIwQ0vrqaD84PFSqf28n-2FybDsU9oFZTZaTwDUx1SeVps-3DqPP9_S3RA1gMvL7v1TdZrqvF2X48vY2LyH9KYdxKxBaPFp6Fl1TEEsXDQbgk-2FWPw9Ah5nwh5z3HPLIw79cePUeHvYGbACtpGEOUo9gKA7RdPV7CHYnRZ1BgjoepqPsAq5T4X7K-2Bw26wspumVv2xNKnDUQke5MqiHoIQ-2Bmo-2Fv02d8gKPHuUQNVer2STC-2FXLaVTKLNQ4Vk9mOI9Ikm0wm9DLdUWEl4yV3dNHPRjcbtnk5ZI1BnlFD1BYfZgtHxxG1TW9-2FYDZF2q7A93M-2FSrMytH-2BU-2BdUfsqOhF4IWEfMak0OL-2BIL5kzGWDmWve900aCDqrbmEVXQ-2FvCsDh0sZZSa55DAk617tA-2BRDdXBPyLo-2B73jua40RYRidb6JRjh5d-2BATBXPzu-2Bo\" target=\"_blank\" rel=\"noopener noreferrer\" data-saferedirecturl=\"https://www.google.com/url?q=https://u7061146.ct.sendgrid.net/ls/click?upn4tNED-2FM8iDZJQyQ53jATUct9oZDPc-2F6YpB0QtpNfb14gNIB3FVuJRE5fxtj1CgLEljr5P1NlXE44s-2FLigAikm13B4d6fnTz9R4B9pFYbt5zMmq-2F-2BmGo8qs0KRIXHIjfR2pGTvPXc1H9EiK8oId79MEVGyhRZrAiabVf-2BQaYRkrR3pzmuCQtT8knqXQnq2zGBIwQ0vrqaD84PFSqf28n-2FybDsU9oFZTZaTwDUx1SeVps-3DqPP9_S3RA1gMvL7v1TdZrqvF2X48vY2LyH9KYdxKxBaPFp6Fl1TEEsXDQbgk-2FWPw9Ah5nwh5z3HPLIw79cePUeHvYGbACtpGEOUo9gKA7RdPV7CHYnRZ1BgjoepqPsAq5T4X7K-2Bw26wspumVv2xNKnDUQke5MqiHoIQ-2Bmo-2Fv02d8gKPHuUQNVer2STC-2FXLaVTKLNQ4Vk9mOI9Ikm0wm9DLdUWEl4yV3dNHPRjcbtnk5ZI1BnlFD1BYfZgtHxxG1TW9-2FYDZF2q7A93M-2FSrMytH-2BU-2BdUfsqOhF4IWEfMak0OL-2BIL5kzGWDmWve900aCDqrbmEVXQ-2FvCsDh0sZZSa55DAk617tA-2BRDdXBPyLo-2B73jua40RYRidb6JRjh5d-2BATBXPzu-2Bo&source=gmail&ust=1643196640503000&usg=AOvVaw3Y_G3Fpjq7BNp9tXXVj1Rm\">Amazon Sidewalk</a> and TOR were also observed, as were gaming services such as Steam and gaming related streaming services such as Twitch. This means that today’s organisations’ security teams cannot dismiss vulnerabilities such as the <span class=\"il\">Dark</span> <span class=\"il\">Souls</span> vulnerability as something that is not in their domain. They need to have the ability to check for evidence of these applications on their network and be able to identify and block them. A gamer’s computer may turn out to also be accessing organisational resources, and you do not want a threat actor to have remote code execution capabilities on your network.</p>
<p>Remote Code Execution vulnerabilities (RCEs) are the fire-breathing dragons of the software world. They allow an attacker the opportunity to run their own code on a victim’s systems, which enables all manner of tomfoolery, such as stealing information, attacking more systems, and planting backdoors.</p>
<p>Allegedly an RCE has been disclosed to Bandai Namco in the game <span class=\"il\">Dark</span> <span class=\"il\">Souls</span>. While such a vulnerability might allow attackers to run their own code on the game servers, game players would likely be unaffected unless the attacker pivoted and launched a secondary attack from the server.</p>
<p>Bandai Namco found out about this vulnerability in the worst possible way—publicly, with no time to prepare a response or address the vulnerability.</p>
<p>An ideal software engineering process provides layers of protection from such an incident.</p>
<p>First, a proactive approach to security during the design, implementation, deployment, and maintenance of software minimizes the vulnerabilities that make it into the wild.</p>
<p>A more prosaic but no less important protection is simply providing a clear, unambiguous place to report potential security issues. This implies providing resources to respond to security reports and working with reporters to resolve issues expeditiously.</p>
<p>Finally, even organizations that do everything right will occasionally have emergencies. Having an incident response plan and resources helps ensure that unexpected disasters can be handled with minimal damage.</p>
<p>Although not the newest of exploits, RCE vulnerabilities can be dangerous when their existence is unknown. Furthermore, as people continue to connect gaming systems to the same home network as that are used for corporate work, it can therefore easily spread to a much bigger issue. Companies must take immediate action to protect their customers by releasing patches where possible and affected gamers must check their systems for irregular activity.”</p>