Master student at Tashkent State University of Law, Republic of Uzbekistan, Tashkent
THE CURRENT LANDSCAPE OF CYBERSECURITY IN CYBERSPORTS
ABSTRACT
Cybersports has seen tremendous growth in recent years as competitive video gaming gains mainstream recognition. However, concomitant with this rising popularity are growing cybersecurity threats targeting sensitive data and threatening the integrity of competitions. This paper examines the need for robust cybersecurity in cybersports given large volumes of lucrative personal data, multimillion dollar tournaments, integrally networked systems, and extensive online components involving fans. Different cyberattack vectors like DDoS, hacking, phishing, and malware with pertinent real-world incidents demonstrate the necessity of resilience. Proactive governance and technical protections tailored for cybersports can uphold trust and enable sustainable growth. Industry stakeholders must prioritize cybersecurity foundations encompassing access controls, secure system design, tailored training, threat intelligence, and cyber insurance to collaboratively uplift defenses throughout the ecosystem.
АННОТАЦИЯ
Киберспорт в последние годы переживает огромный рост, поскольку соревновательные видеоигры получают всеобщее признание. Однако одновременно с этой растущей популярностью растут угрозы кибербезопасности, нацеленные на конфиденциальные данные и угрожающие честности соревнований. В этой статье рассматривается необходимость надежной кибербезопасности в киберспорте, учитывая большие объемы прибыльных персональных данных, многомиллионные турниры, интегрированные сетевые системы и обширные онлайн-компоненты с участием болельщиков. Различные векторы кибератак, такие как DDoS, хакерство, фишинг и вредоносное ПО, а также соответствующие инциденты в реальной жизни, демонстрируют необходимость устойчивости. Проактивное управление и техническая защита, адаптированная для киберспорта, могут поддержать доверие и обеспечить устойчивый рост. Заинтересованные стороны отрасли должны уделить приоритетное внимание основам кибербезопасности, включая контроль доступа, проектирование безопасных систем, индивидуальное обучение, анализ угроз и киберстрахование, чтобы совместно повысить уровень защиты во всей экосистеме.
Keywords: cybersports, esports, cybersecurity, data protection, hacking, competitive integrity
Ключевые слова: киберспорт, киберспорт, кибербезопасность, защита данных, взлом, честность конкуренции.
Cybersports and professional competitive video gaming have seen tremendous growth over the last decade, penetrating into mainstream recognition, viewership and revenues. Global cybersports revenue is projected to surpass $1 billion in 2020, with extensive sponsorship opportunities from brands, media rights acquisitions, advertising, merchandise sales and ticketed live events [1]. Millions tune into popular tournament live streams like League of Legends World Championships, with sold-out venues and extensive online audiences. Such meteoric rise in a nascent sector based fundamentally on digital technologies and intensive online engagement platforms brings immense opportunities, but also significant cybersecurity threats that require urgent attention.
Myriad sensitive data from players, teams, vendors and partners distributed across numerous systems create attractive targets for malicious actors. The integrity of high-stakes tournaments depends crucially on robust protections against cheating, manipulation, and disruption. Extensive fan engagement layers spanning streaming, fantasy leagues and wagering expand the attack surface. As cybersports gains mainstream popularity and monetization avenues, cyber threats pose existential risks undermining trust and growth. Proactive governance and tailored safeguards matching the sector’s specialized infrastructure prove essential to enable sustainable expansion. Diverse stakeholders across the cybersports ecosystem must act collectively to uplift cyber-resilience through frameworks balancing security, usability and innovation. This article the present cybersecurity landscape in cybersports and outlines key priorities for uplifting protections.
Competitive cybersports represents an intricate, technology-driven ecosystem with immense volumes of sensitive data in motion and at rest across stakeholders like players, teams, leagues, vendors and broadcast partners. Granular game telemetry, anti-cheating systems, digital infrastructure like gaming platforms and venue networks, augmented reality systems and extensive online engagement channels constitute complex attack surfaces vulnerable to threats like data breaches, denial-of-service attacks and hacking. The sector’s foundational reliance on robust cybersecurity protections becomes even more vital as projected growth brings it further into the mainstream.
Player information like credentials, contact data, financial details, biometric health data and behavioral analytics possesses immense sensitivity. Cybercriminals routinely steal and sell such data enabling identity fraud and account takeovers [2]. Compromised personal data also risks enabling psychological manipulation or physical stalking against players from obsessive followers. Teams invest hugely in proprietary performance optimization algorithms and strategic insights derived from gameplay analytics. Data breaches destroying confidentiality give unfair advantages to competing teams who obtain unauthorized access to strategies and intellectual property. Broadcast partners facing outages from attacks lose monetization opportunities and credibility.
Tournament organizers handle registration data, player accommodation details, payment systems etc. necessitating protection. Vendor management systems also contain sensitive logs and communications. Such extensive personal and competitive data distributed across numerous systems make cyberattacks potentially highly rewarding for threat actors while profoundly damaging for victims. Far beyond just financial costs from stolen banking details, threats like compromised strategies enable cheating with disastrous competitive impacts. Integrity constitutes the lifeblood for maintaining trust in a sector premised on fair play.
The inherently networked nature of competitive cybersports with numerous interconnected systems and extensive spectator engagement channels massively expands attack surfaces. Broadcast production systems like video rendering and editing tools require protection. Stadium networks including displays, surveillance systems and point-of-sale systems become potential threat vectors. Augmented reality systems layering digital information into live matches also introduce new risks. Myriad websites, fantasy league platforms and mobile apps servicing fans represent weak points penetrable through software vulnerabilities or credential stuffing attacks to compromise accounts. Such complex, heterogeneous digital assets and engagement pathways make holistic cybersecurity exceptionally challenging.
With online wagering and gambling on matches also gaining popularity, cyber risks amplify further through incentives for match-fixing [3]. Compromised insider access to supposedly secure competition servers could enable cheating through modifying game configurations, map choices or referee decisions to tilt outcomes. DDoS attacks disrupting specific tournament stages unfairly hurt target teams. Such manipulation risks make cybersecurity fundamental for maintaining competitive integrity and trust. While high payouts from large betting volumes tempt corruption, lax cyber protections inadvertently enable unfair play. Ultimately all stakeholders stand to lose if rampant cheating and distrust take hold. The industry must hence uphold competitive integrity through proactive cybersecurity.
In summary, cybersports comprises an intricate digital ecosystem storing and generating immense volumes of lucrative personal data, competitive insights and monetization opportunities around engagement. Ensuring cybersecurity is hence imperative for the entire sector's sustained growth. However, with numerous fragmented systems across youth-oriented startups and decentralized global activities, awareness and investment in resilience often lag presently. Constructive collaboration across stakeholders can uplift protections before catastrophic breaches cause loss of competitive integrity or public trust. The following sections analyze prominent risks and outline priorities organizations should undertake.
Cybersports companies and infrastructure face a diverse array of cyber threats trying to unlawfully access competitive insights or compromise integrity for profit. Prominent risks include:
Overloading tournament servers and network infrastructure with fake traffic can severely disrupt competitions and live broadcasts [4]. The ESL One Cologne tournament faced significant disruption from DDoS attacks in 2015. Such attacks on integrity can unfairly alter outcomes by hampering specific teams. Extensive preparation is vital for prompt threat detection and mitigation.
High-profile cyber vandalism of tournament pages or team websites harms reputations. Defacements often serve propaganda aims by hacktivist groups seeking media attention rather than data theft. Platform vulnerabilities like unpatched software and poor access controls enable takeovers. Proactive hardening and monitoring help prevent such embarrassing incidents.
Deceptive emails, phone calls or messages pretending to be staff contacts, technical support etc. target insiders across organizations to install malware, share credentials or authorize fraudulent transactions. Strong security education for personnel can combat such manipulation risks. Email security solutions providing phishing simulation to build employee immunity also help thwart social engineering-based infiltration.
Numerous vectors like malicious attachments, compromised vendor accounts, insecure public wifi, player device malware etc. facilitate unlawful access to tournament systems and organizational networks hosting sensitive data [5]. Modern techniques like multi-factor authentication, microsegmentation and behavioral analysis counter external threats. Insider risks warrant stringent access controls, monitoring and threat reporting procedures.
Player accounts compromised through phishing, brute force credential stuffing or password database leaks enable accessing gaming platforms to manipulate matches through cheating, high-value asset theft or disruption [6]. Robust authentication protections like IP allow-listing, strong credentials and multi-factor authentication provide vital safeguards against takeover. Prompt freeze protocols upon suspicious activity also limit damage.
Prominent recent attacks crippled infrastructure of football club Tottenham Hotspur and Formula 1 racing team Williams Racing [10]. Relative to traditional sports, esports companies tend to have higher digital integration and younger workforces more vulnerable to social engineering - factors implicating similarly grave ransomware risks. Maintaining offline backups, system redundancies and incident response plans provides basic resilience.
Code secretly commandeering organization systems for cryptocurrency mining remains prevalent, imposing tangible resource usage costs [7]. Identifying anomalous application loads and device activity patterns enables detecting illicit mining. Malware entry through infected storage media also requires user education. Periodic monitoring, prompt software patching and restricting unnecessary application permissions limit infection risks.
Attacks directly on telco networks like the 2017 DDoS attack with peak traffic exceeding 630 Gbps leveraging weaknesses in SS7 and Diameter telecom protocols demonstrate risks from cunning adversaries (9). While challenging to mitigate, multi-provider redundancy, intelligent traffic monitoring, and collaboration with telecom partners provide vital safeguards.
Beyond external attacks, employees, players or partners with authorized access but malicious aims can inflict vast damage through data theft or integrity loss. Stringent least privilege access policies, activity audits, and threat reporting mechanisms coupled with personnel training constitute imperative countermeasures.
Attempts to unfairly manipulate tournament outcomes through hacking in-game environments, exploiting software vulnerabilities, using unauthorized external aids like aimbots etc. fundamentally undermine competitive integrity [11]. While technology protections help, holistic prevention necessitates encouraging integrity across teams through education, incentives and deterrent sanctions.
This sample of threats reveals that strong information security foundations across people, processes and technology provide essential resilience for cybersports entities. Beyond just technical protections, cultivating cultures of integrity, responsible risk behavior, and organizational security stewardship prove imperative.
Some major cybersecurity incidents impactingcybersports entities demonstrate the practical reality of such threats:
- September 2022: 35 million user account details allegedly stolen from popular gaming platform EA leaked online for sale by hackers [12]. Sources included FIFA and NHL games, demonstrating risks from compromised central identity management systems.
- August 2022: Canadian esports organization OverActive Media suffered a cyberattack with corporate data stolen and leaked. Extortionistsdemanded $2 milliontopreventfulldisclosure[13].
- January 2022: The Africa Cup of Nations 2022 football tournament faced significant disruptions including broadcasting outages from cyberattacks linked to a separatist movement [14]. This demonstrated risks around major sporting events.
- November 2016: Competitive team TeamSoloMid (TSM) suffered an email phishing attack against its general manager enabling exposure of player personal and financial account details [15].
- July 2016: Popular augmented reality game Pokémon Go had to disable logins via Google accounts after a blanket account hijacking of gamer accounts [16]. Such third-party identity provider risks apply equally to competitive cybersports platforms.
These sample incidents across gaming organizations, tournaments and public-facing platforms highlight the need for urgent and consistent cybersecurity prioritization. Integrity harms become magnified under competitive settings. Given geographically distributed global events and decentralized team activities, consistently uplifting protections across the board remains challenging but imperative.
In conclusion, cybersports represents an emerging sector marrying competitive gaming, digital technologies and online entertainment. Its blend of extensive sensitive personal data, competitive insight assets, interconnected network infrastructure and complex fan engagement ecosystems poses immense cybersecurity challenges. As evidenced by major data breaches and tournament outages, existing controls lag the pace of growth. The entire industry including teams, platforms, leagues and vendors must hence act urgently and collectively to mature cyber-resilience capabilities before catastrophic breaches erode competitive integrity or public trust.
Internal capability building through hiring expert security leadership and ongoing training constitutes a basic imperative. Migrating to cloud platforms natively offering sophisticated protections provides agility. Collaborative mutually protective efforts like threat intelligence sharing, collective integrity action and incident response agreements prove force multipliers, preventing fragmented efforts. Independent audits and readiness exercises build maturity. Appropriately tailored cyber-insurance creates financial mitigation mechanisms allowing continued innovation. Ultimately all stakeholders must jointly commit to “cybersecurity first” as a non-negotiable foundation enabling the industry’s tremendous potential for growth. With proactive efforts, cybersports can pioneer governance frameworks balancing security, usability and trust for the broader digital economy.
References:
- Newzoo. (2020). Newzoo global esports market report 2020: Light version. Retrieved from URL: // https://newzoo.com/insights/trend-reports/newzoo-global-esports-market-report-2020-light-version/ (accessed 07.11.2023)
- Goslin, M. (2022). Pennsylvania Attorney General’s Office Notifies Gamers of 2020 Data Breach. ESPN. URL: // https://www.espn.com/esports/story/_/id/34344010/pennsylvania-attorney-general-office-notifies-gamers-2020-data-breach (accessed 07.11.2023)
- Schwiddessen, S. (2019). Match-fixing in competitive online gaming: Legal and regulatory challenges. Gaming Law Review, 23(9), 656-666. URL: // https://doi.org/10.1089/glr2.2019.2398 (accessed 07.11.2023)
- Seo, Y. (2016). Electronic sports: A new marketing landscape of the experience economy. Journal of Marketing Management, 32(13-14), 1542-1560. URL: // https://doi.org/10.1080/0267257X.2016.1242560 (accessed 07.11.2023)
- ThotWave. (2020). Esports cybersecurity guide. Retrieved from URL: // https://thotwave.com/esports-cyber-security-guide/ (accessed 07.11.2023)
- Bishop, S. (2022). Data Breach & Cyber Security in Esports& Gaming. Enix Cybersecurity. URL: // https://www.enixcybersecurity.com/post/esport-data-breach (accessed 07.11.2023)
- Barlow, M. (2021). Cryptomining: The most popular forms of crypto mining malware. Auth0. URL: // https://auth0.com/blog/cryptomining-the-most-popular-forms-of-crypto-mining-malware/ (accessed 07.11.2023)
- Imperva (2019). DDoS Attack That Disrupted Internet Was Largest of Its Kind in History. URL: // https://www.imperva.com/blog/ddos-attack-that-disrupted-internet-was-largest-of-its-kind-in-history/ (accessed 07.11.2023)
- Talposh, L. (2022, March 4). How the Williams and Tottenham cyber-attacks unfolded. BBC. URL: // https://www.bbc.com/news/technology-60670765 (accessed 07.11.2023)
- Pfau, C., Koch, T., Heck, A., Birnkammerer, S., &Zanker, M. (2020). How (not) to manipulate esport competitions. In T. Ahram, W. Karwowski, & R. Taiar (Eds.), Human Systems Engineering and Design III (pp. 63-68). Springer. URL: // https://doi.org/10.1007/978-3-030-57805-5_11 (accessed 07.11.2023)
- Freeman, W. (2022, September 20). EA data breach: FIFA and NHL logins stolen and sold online. BBC. URL: // https://www.bbc.com/news/technology-62943453 (accessed 07.11.2023)
- CBC News. (2022, August 30). Cyberattack steals OverActive Media data, demands $2M ransom. CBC. URL: // https://www.cbc.ca/news/canada/toronto/overactive-media-cyber-attack-1.6567629 (accessed 07.11.2023)
- Talposh, L. (2022, January 25). Africa Cup of Nations: How cyber-attacks impacted AFCON 2022. BBC. URL: // https://www.bbc.com/news/technology-60108014 (accessed 07.11.2023)
- Tassi, P. (2016, November 23). How ‘League Of Legends’ pro team got hacked because of its general manager’s T-Mobile account. Forbes. URL: // https://www.forbes.com/sites/insertcoin/2016/11/23/how-league-of-legends-pro-team-got-hacked-because-of-its-general-managers-t-mobile-account/?sh=58ef51dd5f4b (accessed 07.11.2023)
- Ravenscraft, E. (2016, July 25). Pokémon Go leaked login credentials for thousands. How to change your password. How-To Geek. URL: // https://www.howtogeek.com/265401/pokemon-go-leaked-login-credentials-for-thousands-how-to-change-your-password/ (accessed 07.11.2023)