After discovering last week that its development environment had been breached. Riot Games, the publisher, and producer of the computer games League of Legends and Valorant announced that it would postpone game patches. The LA-based game publisher revealed the incident in a thread on Twitter on Friday night and pledged to keep customers informed of any new information gleaned from an ongoing inquiry.
The business stated that a social engineering attack compromised systems earlier this week in its development environment. Although we don’t yet have all the facts, there is no proof that player data or personal information was stolen.
Riot Games further stated that the breach directly impacted their capacity to release game patch updates. “Unfortunately, this has hindered our capacity to publish content temporarily. While our teams are working diligently on a cure, we anticipate that this will affect the future patch cycle for a number of our games, “explained Riot Games.
The development teams reported the event on Friday for the Teamfight Tactics (TFT) auto battler game and the League of Legends (LoL) multiplayer online battle arena.
Postponed Release Of Modified Game Patches
The tweets also acknowledged upcoming postponements of planned game modifications and the upcoming launch of the following significant patch. “This could delay the release of Patch 13.2. To release the majority of the planned and tested balance improvements on schedule, the League team is attempting to push the boundaries of what we can hotfix “the LoL team reported.
“We’ll keep you updated as we work through this,” the statement said, “but other things like the Ahri ASU might have to go to patch 13.3 (Feb. 8).” The TFT team stated, “We’re working to deploy the most significant of them through a hotfix at our scheduled patch time, but this issue may prevent us from releasing the full extent of balance improvements planned.
Andrei van Roon, the head of League Studio, emphasized that the release schedule for Patch 13.2 of League of Legends would remain the same. Nothing that would have been in 13.2 won’t be scrapped; instead, van Roon remarked, “We might only have to push things that can’t be hotfixed (such art changes) to a later date.”
This comes after 2K Games, another security breach with a known video game publisher, revealed in September 2020 that malware was introduced into some of its customers’ computers through a hack of their help desk. After the security compromise in September, 2K warned subscribers through email that some of their data had been stolen and sold online.
Conclusion
Due to a security compromise that occurred in its production environment last week, Riot Games, the developer of League of Legends and Valorant, has announced that the delivery of game fixes would be delayed. The Los Angeles video game publisher revealed the hack in a thread on Twitter late on Friday, assuring its followers that they would keep them informed of the results of the inquiry.
The hack that affected Riot Games has been made public. The attack has hampered the creation of upcoming enhancements for League of Legends and Valorant, according to the game’s developers, even though no player information was lost. It also had a harmful impact on the company’s ability to produce game patches.
“Today’s attack surface has expanded exponentially. With cybercrime positioned as the fastest-growing crime in the U.S., attacks are increasing in number, scope, and sophistication. Data Privacy Day serves as a reminder that security posture is paramount for every organization, and a zero-trust security model is a critical line of defense. In this context, a multi-layer approach is needed. Cloud PCs bring an extra level of security to help ensure no one is trusted without verification, either inside or outside the organization.
Many Cloud PC solutions have integrated control and data planes, which can expose customer data. A true zero-trust architecture can be a gamechanger for company security, as it requires separation between control and data planes, which isolates and secures company data from the control elements of the Cloud PC platform. After all, zero trust means trusting no one with your corporate data, not even your Cloud PC vendor!
As we look beyond Data Privacy Day, enterprises need to implement future-proof end user computing solutions that also fortify security policy. Cloud-native Cloud PCs are the modern way to achieve the agility and security enterprises need today. When evaluating Cloud PC solutions, IT leaders should consider the following:
“Riot Games will not be paying the $10 million ransom demand to stop the leak of their source code. Good for them and for practicing full transparency on the breach, as paying the ransom not only emboldens hackers to continue their attacks, but it also does not guarantee that the stolen data will not be released.
“Despite taking steps to protect their data, even companies with strong security measures in place can still fall victim to a ransom attack and can still suffer the consequences of a ransom attack, such as loss of sensitive data, reputational damage, and financial losses.
“Even well-prepared companies like Riot Games may find themselves vulnerable to a ransom attack and it is important for all companies to stay vigilant and have a robust incident response plan in place to minimize the impact of such attacks.”
“This is one of the better way to handle an ransomware event. They laid everything out include potential downsides but ends on a cherry note that most of the stolen code was prototype and was never designed to be released. This is transparency personified.”
Development environments are extremely high value targets for attackers; where there are not secure development lifecycle practices employed it gives attackers the opportunity to hide a needle in an enormous stack of needles. A very basic example is a reverse shell or vulnerability can be opened in one/two lines of code, whereas a game may include millions of lines of code. The severity of this type of attack is compounded by the fact that it is almost certainly able to bypass security as poisoned software packages form the new ‘legitimate’ baseline. Software will be signed, users will execute and AV/EPP likely told to trust the programme.
It is likely Riot games are taking the time to ensure the integrity of the codebase is maintained, and/or restore from a previous backup to ensure no malicious functions have been added.
Such a supply chain attack can impact vast numbers of hosts from a single point as we saw with SolarWinds, an attack that was only tempered in scale by the motivations of the perpetrator, but still managed to compromise, in a really damaging way, an industry-leading capable cyber security vendor.
The best defence against a poisoned ‘legitimate’ software package is behavioural modelling of a system – understanding where and how software communicates internally and externally and identifying where behaviour differs from this baseline. Of course, this is difficult to do at scale in enterprise environments (albeit not where one might expect to find a computer game, although it is more common for users to install games than one might think). It is highly unlikely this will happen at all on consumer PCs.
There have been a few games companies targeted recently. Outside of the examples listed below, Rockstar was also hit and code was leaked by a social engineering actor Lapsus$. At first glance this looks like a similar MO (please don’t confuse this statement with attribution). Gaming companies do seem to be a popular target as in-game commodities are bought and sold for fiat, anti-anti-cheat is good business for gamers (and often a pathway into black and white hat hacking). We’ll have to wait and see for attribution and motivation behind this one.
“The lesson from this incident is that no matter what industry you are in, prepare for such eventualities with a robust cybersecurity strategy. Have recovery plans in place and combine them with proactive data-centric protection. The former restores the IT and data environment to a pre-breach state, while the latter ensures that threat actors can’t exfiltrate sensitive data and use that compromised information as further leverage. Data-centric security methods such as tokenization and format-preserving encryption protect the data itself rather than the environment around it. Even if hackers get their hands on data, they can’t blackmail organizations with the threat of the imminent release of that data.”