Esports and its cyber threats

Why is esports an attractive target?

1. Introduction

“One of the most popular games to watch on eSports is ‘League of Legends,’ a game that blends role-playing, managing resources and shouting at your friends. Again, if I had another thousand words, I might be able to scratch the surface of this game, but all you need to know is that gamers love to play it, and even more of them love to watch it.” - Rob Manuel

We can hardly imagine our lives today without the use of the Internet. But the convenience and opportunities come at a price: it also generates a wealth of cybersecurity issues, including cyberattacks and information leaks.

And cybersecurity has long become a global issue of great importance, a constant threat to learn to live with. And living in the shadow of an ongoing cyber threat is only possible in the long run if we know the threats we face and the solutions we can use to minimise the risks.

Many areas are affected by cyberattacks, and the computer game industry and esports are particularly suitable targets for cybercriminals. Cybersecurity issues with games have become increasingly apparent as the Internet becomes more popular.

Photo by Branden Skeli on Unsplash

In the beginning, there were single-player video games followed by LAN games. Now we are living in the age of Internet gaming. The latter, in particular, is increasingly focused on information transfer and human-to-human interactions. Games have increasingly entered cyberspace and the transmission of information, especially between networks, carries many potential security risks.

The rapid spread of video games is not just due to a pandemic that has forced people to find new ways to entertain themselves and save their social lives away from their relatives and fellow human beings. There are about 3.24 billion players globally, and their numbers are growing every day.

This article examines the risks and dangers of cybersecurity, especially in relation to esports. However, we also do not forget about the non-professional players who play and have fun at home and the dangers that threaten them.

2. What is esports?

“Esports… New way to meet great people online.” – Nikhil Bhandari

Esports is the short form of “electronic sports,” meaning video games that can be played competitively, either as an individual or as a team. Gamers use their physical and mental abilities to compete in various games in a virtual, electronic environment. We may also refer to esports as competitive video gaming.

Many people are against calling this game and its professional level a sport. The counter-arguments, in this case, are that a sport requires us to be outdoors, walk, run, bounce or do some physical activity while doing it.

However, these arguments are not entirely valid, as no lexicon mentions that an individual or team should use physical exertion. But many cite chess as an example, which is also not a physical sport and is not played outdoors. Chess is an intellectual sport, and similarly to sports, there are significant events and competitions in this sport.

Photo by Yan Krukov from Pexels

In esports, athletes do not perform physical actions directly but indirectly influence the playing field through an electronic device: they issue commands that the game’s programming recognises and turns into action.

The difference between traditional sports and esports is that viewers see esports not as an actual physical manifestation of the athlete but as a projection in the digital space it causes. Esports are essentially the real actions of players in virtual space, and these actions determine the outcome of the game. Thus, esports can no longer be called a traditional sport, but because of their complexity and preparation, they deserve to be mentioned on the same page as a sport in the traditional sense.

Esports take many forms: from local casual competitions to worldwide international events. In terms of its structure and supporting industries, it is now very similar to (mainstream) sports. Two or more players try to defeat the other in a video game during esports based on their knowledge or skill.

The theme of the games can be anything from sports simulators to strategy games to combat battles. The only thing is that the competition is not against the machine but another player or team. The key to success lies in which player or team has more knowledge of the game, which strategy is better, or who has better reflexes.

3. A little bit of esports ‘history’

“The team that keeps winning is not the most talented but the most hard-working.” - Zoltan Andrejkovics

The roots of competitive video gaming go back to 1972 when Stanford University students were able to compete in a game called ‘Spacewar’.

Spacewar! And the birth of esports

The 1980 Space Invaders Championship, organised by Atari, has moved more than ten thousand people into space. Of course, no one thought what esports would grow into back then.

With the broader availability of the Internet in the ’90s, we no longer had to play games alone in our own homes or with friends. More and more games were released that we could find teammates or opponents from anywhere in the world.

The actual birth of esports can be traced back to the 1990s when the necessary technical and technological conditions were in place. Thanks to all this, people can now play not only against the computer but also against each other.

In 1996, ID Software released a multi-player shooting game called Quake, a huge success and the foundation of modern esports. The fast-paced gameplay of the Doom-like game and the well-designed tracks provided a solid foundation for the world’s first tournament.

The well-known form of esports began to emerge in the late ’90s with the proliferation of video games that could be played over the Internet. Interestingly, the South Korean government was the first to recognise the importance of involving many young people in esports.

The American company Blizzard released its legendary game, Starcraft, on March 31, 1998. The game conquered the Korean market like a storm: everyone played Starcraft, and racing soon started thanks to the multi-player mode. So many people were interested in Starcraft tournaments in the southern part of the peninsula that there were separate channels dedicated to the game on TV as well, and it was possible to watch different matches all day long.

KeSPA, the Korean Esports Association, was the first esports organisation

As a result, the first organisation (the Korean Esports Association) was set up, whose primary task was to regulate and promote esports. Players were able to compete in ten tournaments as early as 2000, and the popularity of esports has been unbroken ever since: by 2010, the number of tournaments had grown to 260 a year, in South Korea alone.

After the government, the Korean companies also recognised the potential of competitive video games: TV channels began to broadcast events with serious cash prizes, sponsors appeared, teams were formed, and the signing of the best players began.

Over time, the esports frenzy that has taken off in South Korea has “infected” the rest of the world, and competitive video games have erupted almost everywhere from China to the United States, with the decisive involvement of the state and on a purely business basis.

Players initially competed in games developed for online multi-player entertainment such as Quake, Counter-Strike, Starcraft, or Warcraft III. However, over time, big video game companies also realised how big the business of esports was. They created new games to make it the perfect base material for esports competitions and tournaments.

Dota 2, League of Legends, Heroes of the Storm, Hearthstone, StarCraft II, and Overwatch were already made in this spirit, and it is no coincidence that several of those listed are Blizzard games. The US. company is not just interested in development but has launched its own global championship called the Overwatch League, where American, Asian and European teams competed against each other.

Photo by dronepicr - Starcraft Gamescom 2017 (Wikipedia)

The rise of the Internet has helped esports, and the fact that matches were available to anyone online has also contributed to their explosive growth. Some of these games do not require any significant hardware requirements. Anyone can participate in the game; all you need is an Internet connection.

The most popular and most significant revenue-generating esports games take place online, so Internet access is a critical issue in the spread of esports. Developed regions, like most countries in the European Union, already have an established Internet network. However, there are regions where the lack of Internet access can severely hamper the spread of esports.

Online games make it much easier to find an opponent or team. At the same time, in traditional sports, you have to find people who want to play football, basketball or handball nearby (not to mention sports that require special equipment or environments such as skiing or hockey).

Video games have built-in partner-finding systems that connect people without the need for social interaction. You do not have to make an appointment with your buddies and call them to arrange a place and time or rent a gym and pay for it. This is simplified in the online world, as those online are ready to play, and up to hundreds of thousands or, millions can play the same game simultaneously.

One of the features of video games is that it evaluates the player and ranks how good a particular player is within a game. The instinct for competition between people has been with us since the beginning of time, and this further enhances our love and attraction to games as we want to be better and move up in the virtual rankings.

While the skills acquired can be drastically different from traditional sports, there are also professional leagues and teams in esports with contract players whose earnings rival traditional sports or even more than some.

Photo by ELLA DON on Unsplash

In the last two years, the pandemic has dealt an enormous blow to traditional sports. Athletes were often unable to attend sporting events because most of the physical events were cancelled or not organised.

In contrast, online space has flourished in all respects and received a new impetus as more and more people turned to virtual space (doing business, shopping, studying, etc.).

Esports has not stopped either, as in the quarantine, many people kept in touch with their friends and buddies, played games, and tried to get through this difficult period together.

The primary platform for esports broadcasts has been Twitch, launched in 2011. It is already a Mecca for video players, as millions are broadcast every day as they play, and up to 4-5 million people watch major esports tournaments at the same time.

4. Is esports a sport or not?

“When gamers can play a game together with all of their friends, regardless of the devices they own, you have a much more compelling social experience. That applies to all multi-player games.” - Tim Sweeney

Although competitive video games are not yet officially recognised as a sport almost anywhere, it is not ruled out that this may change in the future, nor is the idea of esports appearing in some form at the Summer Olympics over time.

In 2017, esports enthusiasts witnessed a breakthrough, as the International Olympic Committee (IOC) stated for the first time that it does not rule out the possibility that esports would be accepted alongside traditional sports.

“eSports are showing strong growth, especially within the youth demographic across different countries, and can provide a platform for engagement with the Olympic Movement.”

– International Olympic Committee

Moreover, the Committee also stated that if esports are compatible with the Olympic values, there will be no obstacle to its appearance at the Olympic Games.

“Competitive “eSports” could be considered as a sporting activity, and the players involved prepare and train with an intensity which may be comparable to athletes in traditional sports.”

– International Olympic Committee

We had to wait for the first debut of esports until the 2021 Tokyo Olympics, where five video games were introduced: virtual baseball, virtual sailing, virtual rowing, virtual cycling, and Gran Turismo Sport (GTS).

Image by byronton from Pixabay 650

Professional e-athletes are already recognised as official athletes by several countries (Canada, the USA, Turkey, and the Philippines). It is undeniable that players prepare in the same way for all competitions as officially recognised athletes and do things that an average person would not know about in various competitions.

It is not uncommon in the lives of e-athletes to have 8-12 hours of “training” with the team. Like top athletes, they have to keep a strict agenda before various competitions and tournaments. They need to develop skills like speed, eye-hand coordination, and making decisions, all in a team.

While it is easy for an outside observer to think that playing video games all day is just fun and laughing, it is not really about that. Players face a severe mental strain during preparation and competitions, and very few can stay on top for many years: an average esports career lasts about five to ten years.

Just as competitive sports cannot be practised for a long time and athletes are considered ‘old’ over the age of 30, esports requires a great deal of mental strain on their practitioners, and it is challenging to stay among the best in the long run.

But do not think that in the case of esports, players only have to endure mental strain. They are also exposed to physical exertion: fast hand and wrist movements, extremely many clicks, fast eye movements, and a lot of sitting.

5. Online gaming and cyber threats

“The future of mobile is the future of online. It is how people access online content now.” - David Murphy

In this chapter, the online gaming ecosystem is presented. Then, the future of gaming, i.e. the development of the smartphone market and the dangers that smartphone users playing on their phones face, is discussed.

5.1. The online gaming ecosystem

Terms such as “online gaming” and “esports” are often confused when esports is just one segment within the vast online gaming ecosystem. The below list shows the components of the online gaming ecosystem (by Visualcapitalist):

• Distributors and Retailers: Platforms that distribute and sell games
• Streaming Services: Services that allow users to live-stream games
• Hardware Developers: Companies that build the electronic infrastructure required to play games
• Gaming Arenas: Venues that host gaming events
• Esports: Organised, multi-player video game competitions, typically between professional players
• Software Developers: Develop applications that allow users to do specific tasks
• Game Publishers: Companies that finance and distribute games
• Game Developers: Studios that develop games

The online gaming ecosystem is thus a complex, multi-player entity, an industry that is perhaps the most dynamically evolving today, despite the economic, health and other adverse effects that surround us.

The gaming ecosystem - - Visualcapitalist

5.2. The future of gaming: mobile

Online gaming platforms on which games are played fall into three main categories: PC gaming, console gaming, and mobile gaming. Mobile gaming is the largest online gaming segment, generating $ 68.5 billion in 2019, accounting for 45% of the total market. And the trend seems unstoppable, as this rate is projected to increase further to 49% by 2022.

As shown in the figure below, gaming on PCs is declining, while console usage has retained its share of about 31-32 per cent in recent years. However, mobile gaming is evolving more dynamically, and the number of people playing mobile has been increasing over the last few years.

Global gaming revenues - Visualcapitalist

The following fundamental conclusion can be drawn from the data: those who play online games at home (not as professional players but rather as a leisure activity) mostly play on mobile. And if that is the case, we need to answer the question of what cybersecurity risks mobile gamers face and what to look out for when using mobile.

There may be several reasons for this. Perhaps we can get a smartphone with even a smaller investment than a PC or console (but then we use a lower quality mobile). But a much more likely explanation is that it is all for convenience: the mobile is always with us, easy to carry, we can start playing in seconds if we have an Internet connection, and so on.

The reason for the rapid development of mobiles lies, among other things, in the pleasant user experience, which is complemented by features such as in-app purchases and loyalty rewards.

Reasons for the spread of mobile games - Visualcapitalist

5.3. Threats to mobile users

Given that the use of online mobile games is so widespread, it is worth addressing this issue and looking at the threats to mobile users and the protection options available for them. Of course, these methods can also be used for game consoles and PC gaming.

5.3.1. Username and passwords from the dark web

Cybercriminals try to access games and game services through lists and devices that contain username and password combinations from the dark web. Take great care to protect your personal information, use encryption and beware of accidental data leakage.

5.3.2. Account takeover

The account takeover is also linked to the previous point. With an appropriate user name and password combination, anyone can access the account associated with that username and password combination. In case of an account takeover, an unauthorised person who knows the login information misuses it and enters an unauthorised activity on behalf of the authorised user.

Account takeover – Ravelin Insights

5.3.3. Increase in piracy and unauthorised installations

Unauthorised downloading of mobile games is on the rise and is mainly due to third-party app stores. Pirated or cloned copies of game software can also be found in these shady application markets. These fake programs not only spread viruses and can do great harm to the end-user but can also steal money from legitimate game developers. Always use only legal software downloaded from the official website of the game.

5.3.4. In-app purchases

A lot of mobile games offer in-app purchases to generate additional revenue. However, these often involve serious security risks that allow hackers to access various functions within the application.

5.3.5. Cloud-based games are becoming more widespread

Cloud-based games can leverage the capacity of the cloud for beautiful graphics, competitive gaming features and easy social media integration. The opportunity is tempting, but DDoS attacks are the most conspicuous and well-known threats to the cloud-based gaming industry.

The users’ accounts, passwords, data, and saved games are stored in the cloud. These attacks are directed against game servers, and if the service is stopped, no games can be played.

5.3.6. Reverse engineering is on the rise

Hackers make a significant effort to gather information about game users. Users of unprotected mobile software are at risk because by exploiting the insecure code in the game, attackers use reverse engineering techniques to control licenses and in-app purchases, giving others unrestricted access and generating revenue for themselves.

Photo by SCREEN POST on Unsplash

Mobile applications have always been among the primary targets of hackers, and the same is true for mobile games. The pandemic’s closures have further strengthened the mobile game market as more and more people turned to their smartphones to have fun and divert attention from stress and fear of isolation, loneliness, and the virus.

Because so many people play on mobile, the mobile gaming business is a precious area for hackers: many personal- and credit card information, passwords, access codes, etc., can be found on game servers.

6. Figures and statistics

“While the Super Bowl still smashes records for butts in the seats, eSports often run longer and never blinks. There’s no commercial break. There’s no halftime show. From start to finish, someone is going to walk home a champion, and you don’t want to miss a second of it.” - Rob Manuel

There is a lot of data available on the Internet about esports. Most of the data is about the growth of esports revenues, their distribution by regions, money prizes and their amounts.

55% of global players are in the Asia-Pacific region, followed by the Middle East and Africa with 15% and Europe with 14%. Latin America has a share of 10%, whereas 7% of the global players are from North America (as per Newzoo). Of course, this does not mean that even the most considerable amounts of money change hands or move in these regions in such a proportion and order.

According to a Deloitte survey, Poland (52%), Spain (49%) and Italy (48%) have the highest prevalence of esports in Europe. In addition, exposure to esports is high in the Nordic countries (38%), France (35%), the United Kingdom (35%) and Germany (33 %).

Esports penetration across European countries - Deloitte

To get a more nuanced picture, we need to approach the world of esports from several angles. In the following, we present statistical data according to various aspects, giving their reference as well.

6.1. Global esports revenue growth

According to a Newzoo survey, in 2019, the global esports market was worth $ 957.5 million. That value was $ 947 million in 2020 and $ 1.084 million in 2021. A slight decrease in 2020 is likely due to COVID-19, as no events could be organised that year. However, as the pandemic subsided, the games were reorganised, and revenues started to rise. Thanks to the unbroken growth of esports, by 2024, the global esports market could be worth $ 1.617 million.

Newzoo - Esports global revenue growth by

6.2. Global esports revenue streams

Newzoo’s data shows that much of the revenue in 2021 came from sponsorship ($ 641 million) and media rights ($ 193 million) as the audience for live broadcasts grows fast in esports.

Newzoo - Esports global revenue streams

The pandemic disrupted both the esports and live streaming markets. The restrictive measures resulted in a jump in views on all major platforms as more and more players were forced to stay at home and spend more time on platforms like Twitch, YouTube Gaming, and Huya.

6.3. Global esports audience growth

The audience for global live games reached 728.8 million by the end of 2021, an increase of 10% from the 2020 audience. By 2024, Newzoo forecasts an audience of 943 million. The epidemic has undoubtedly accelerated the growth of the live broadcast audience. Rapid audience growth is likely to slow as the epidemic subsides.

Newzoo - Esports live streaming audience growth 650

6.4. Regional esports statistics and figures

China is the most prominent esports market in the world: it is worth an estimated $360.1 million. The US is the second-largest esports regional market, worth an estimated $243 million, whereas Europe is the third with $205.8 million.

Live streaming platforms allow users to participate as content creators or viewers. The players broadcast their activity live or record it as they play and upload the game to a platform where those interested can view and even comment on the stream. The figure below shows the platforms used in different regions. Twitch and YouTube Gaming are the most commonly used platforms worldwide.

An annual pdf report of Newzoo about the live-streaming market in 2020

6.5. Esports game statistics

In the first half of 2021, no game had a larger total esports prize pool than Counter-Strike: Global Offensive. The total prize pool for the first-person shooter game was equivalent to $ 7.98 million in the first six months of 2021. The figure below shows the list of the 10 top games worldwide in 2021 by cumulative tournament prize pool. As it can be seen, the list is led by Counter-Strike: Global Offensive (CS GO), closely followed by PlayerUnknown’s Battlegrounds (PUBG).

The Esports Observer: Top 10 games by prize money in the first half of 2021

Several games hosted major international tournaments in the first half of 2021, including Rainbow Six Siege, PlayerUnknown’s Battlegrounds, and Valorant. In 2021, the PUBG handed out more cash prizes ($ 7.8 million) than its total budget of $ 4 million in 2020. Dota 2, Fortnite, and Rainbow Six Siege are also hugely popular among the top 10 prize-winning esports games.

While most top-level esports are on this list, those familiar with this topic may have noticed that two particularly popular games (League of Legends and Overwatch) are missing from the list. It is because the vast majority of their winnings are reserved for their World Championship tournaments, which are held in the second half of the year (both games are always in the top 10 by the end of the year).

6.6. Esports statistics for 2022 (so far)

Below you can read some selected statistics from the Esports Earnings website for 2022:

• Top player: Ceng, Zehai (China); earning: $316,000.00
• Top country: China with 315 players with earning $2,617,733.98
• Top game: PlayerUnknown’s Battlegrounds Mobile with a $3,644,485.00 payout
• Top team: Nova esports with $3,644,485.00 earning

Overall esports stats for 2022 – Esports Earnings

6.7. Esports demographics

This topic would deserve a separate article. Below is a very brief overview of the most basic statistics on the demographics of esports. In general, the proportion of women is still very low, but it is rising, and this trend will continue in the future.

• Roughly 60% of esports viewers are casual
• 70% of US esports viewers in 2019 were male
• The average esports career is five to ten years long
• Females make up only 5% of the esports player base
• The average age of a pro player is 24 for male players and 27 for female players
• People aged 18-22 spend 77% more time watching esports than traditional sports.

As per the above-mentioned Deloitte survey, the age distribution across consumer groups depicts an unexpected phenomenon. Contrary to many assumptions, the average e-athletes do not come from the youngest generation but players between the ages of 26 and 40. The survey also notes that these people have above-average qualifications and income.

Esport players’ age distribution across consumer groups - Deloitte

7. Why is the gaming industry an attractive target?

“Why should the televised stuff be only about pro gamers? For me, it’s more fascinating to see who’s going to be the next god of gods than watching some pro gamer.” - Peter Molyneux

With the advent of online games, very few have played with them. Also, there were only a few games to choose from, and these games were usually played alone at home for the first time.

Then, over time, the games transformed: they shifted more and more towards community gaming and online gaming, which means that more and more people were able to join the game, and games were increasingly taking place in cyberspace. In addition, there was a growing choice of games, and more and more people started playing online at the same time.

Isolated offline games have thus become more and more online games with ever-increasing gaming communities and cybersecurity endpoints that are becoming increasingly difficult to defend, and the chances of cyberattacks are increasing.

Today, esports has evolved into a multi-billion dollar industry where players can earn vast sums of money with teams, coaches, and managers.

Photo by Florian Olivo on Unsplash

So why is the gaming industry an attractive target? In addition to the above background information, the causes can be grouped as follows:

7.1. Quick development, colossal cash flow

The online gaming and esports industry has developed quickly over the past few years. Its value is estimated at well over 100 billion dollars worldwide. As a result, the esports industry has become a popular target for hackers and cybercriminals.

7.2. Video games are delivered through online platforms

Video games can be purchased on various online platforms, including Steam, Battle.net, and EA Origin. These platforms store the personal information of hundreds of millions of players (name, date of birth, address, credit card information, etc.) and are one of the main targets of cyberattacks.

7.3. Online games are trendy

The more people use the Internet and the more devices connected, the greater the chances that cybercriminals will successfully carry out their attacks.

7.4. Huge gaming events

A big esport event means more attendance and more risk. Popular events are also more often targeted by hackers, as there are more targets there, and the larger an esport event, the more likely they are to carry out a dangerous attack. Because of this, those who attend such events need to be more careful, although there are still many ways to defend themselves.

Tens of thousands of people attend tournaments and conventions. There is almost always public Wi-Fi in such events, which is an easy target for cybercriminals.

Esports tournament - photo by Jakob Wells on Wikimedia

Tournaments are growing in size, with hundreds or even thousands of players. Many thousands gather in the arena while the tournament is being watched by millions more online. A similarly big fuss characterises these events like the Superbowl, European Football Championship, or World Cup.

7.5. Esports events are public

In the past, these events were small and local. They are now public, international, and often broadcast online or live on TV. This publicity can attract hackers who want to make a name for themselves.

7.6. Different technologies at esports events

Many different technologies can be present at an esport event, even many older ones. This in itself increases the risk of a cyberattack, as each technology can have different vulnerabilities and together, it is more difficult to defend against cyberattacks.

Photo by Alex Haney on Unsplash

7.7. Esports competitions are international

The fuss around esport competitions is growing, and these events are also broadcast online. Players or fans can come from all over the world. Major international events have the potential to be more frequent targets.

7.8. Esports has been commercialised

Esports has been commercialised, and there is a growing interest in betting on matches as well. And the bets are hotbeds of fraud and cyberattacks, as they are now in the millions or billions of dollars. To offset this, the highest level competitions are held in leased facilities where competitors play on a local, well-protected LAN connection.

7.9. Many fans are not paying attention

At a big esport event, most fans (understandably) pay attention to the race itself, and cybersecurity is not the most important thing for them to worry about as they came to have fun or just race. Many times, it takes days for someone to report being hacked. By then, the hack could be quite severe.

While it is a bold move to break into an esport show, it can be very successful simply because many targets may not notice or expect to be hit. Players tend to spend much time online, which means they are prone to hacking, primarily if they use public Wi-Fi or download games frequently.

It is the responsibility of the event organisers to minimise the occurrence of a cyberattack and its potential detrimental effects. It is essential to install security systems at the events which automatically detect if the system may be compromised.

7.10. Some players are just kids

While they may have fantastic talent and skill in certain games, their cybersecurity knowledge may be no more than that of an average user. It is the responsibility of the game organisers to provide adequate safeguards for the players. In addition, the organisers of the event must observe as many safety measures as possible.

Photo by Tima Miroshnichenko from Pexels 650

7.11. Not only are there winners in an esports competition

We should not forget that not only are there winners in a sports tournament, but most people also lose just as they lose in gambling. These players can be very frustrated, and their behaviour can sometimes be unpredictable; they can misuse their knowledge or reveal the details of another player’s partner in public.

7.12. Esports games will not be entirely safe for some time to come

Increasing profits or gaining a reputation is a top priority for some esports event organisers while ensuring an adequate level of cybersecurity during the event is not a top priority for them. Building a robust cybersecurity system requires a lot of money and is ‘only’ provided temporarily for the duration of the game.

8. Common cybersecurity threats in the gaming industry

“Gamers are everywhere, coming in all ages and genders, and developers have grown up, too.” - Warren Spector

Boasting millions of fans, professional players and elite teams, the massive success of the esports industry has also caught the attention of cybercriminals. As a result, the esports gaming industry has become a major target for malicious campaigns.

Scams and hacks are widely available in underground markets that serve players looking for an unfair advantage in tournaments. Besides, criminal groups exploit DDoS and ransomware attacks, data leaks, and targeted malware for profit.

The most common types of threats in the online gaming industry are ransomware, data breaches, phishing and stolen accounts. Let us look at these threats (and others) one by one in a little more detail below:

8.1. Phishing

Phishing is one of the biggest cybersecurity threats in esports and online gaming platforms. Phishing campaigns often target clients of gaming platforms to obtain their credentials or payment card information in order to pass it on to other cybercriminals. In some cases, these phishing campaigns are also used to spread malware.

Photo by Yan Krukov from Pexels

8.2. Data leaks

We often encounter data leaks related to online gaming companies offered and shared on various criminal forums. The players’ personal and financial information and login credentials are on sale in most cases. However, besides the players’ personal information, the source code for an entire game or some platform databases may be offered for sale and taken by the highest bidder on the dark web.

8.3. DDoS attacks

DDoS (Distributed Denial-of-Service) attacks are the most common malicious campaigns to sabotage an esports event. Hackers can route Internet traffic to servers hosting esports tournaments and matches by slowing them down and overloading them. As a result of a DDoS attack, the connection slows down, and the response time increases, which can easily cause the affected team to lose.

DDoS attacks can cause serious latency problems, which is critical because milliseconds can often decide between two teams or two players who are the winner and the loser. Considering the fact that tournament payouts are also increasing, and more and more serious sums of money can be won or lost, it obviously matters if such an attack disrupts the outcome of the game or not.

DDoS attacks can damage the reputation of a tournament or be used for extortion, where criminals demand money. Many DDoS-related ‘services’ are already available in the underground market, such as DDoS devices, paid services and even DDoS protection.

Illegitimate DDoS offer in the underground market (example) - TrendMicro

A virtual private network (VPN) is one of the most critical security tools: a VPN encrypts your Internet connection and hides your IP address to protect your online activity from hackers. Many players use it to cover up their real whereabouts and defend themselves against possible DDoS attacks.

8.4. Ransomware

Hackers also use ransomware to take a player’s files hostage and demand payment to help the player recover the files. Victims are forced to pay, especially if there is an upcoming tournament and they desperately need their locked files to participate.

8.5. Stolen accounts

Hackers often target esports accounts to hack them and exclude owners from their accounts. They also use password cracking software to decrypt account credentials and crack the account.

It is advisable to use a password manager against these types of attacks. You can create strong, random passwords and store them securely in the cloud or on your device with a password manager. Most password managers include a browser extension that protects you from keystroke loggers by allowing you to automatically fill in your login information when you sign in to your account.

8.6. Theft of intellectual property

One of the main concerns for online gaming companies is intellectual property theft. Gaming companies that have suffered a cyberattack are often involved in the development of games. Creating a single product requires not only a large volume of capital investment but also intellectual capital.

High-value game programs and accumulated intellectual capital (source code of a game) are desirable targets for hackers or players involved in corporate espionage.

It is also a favourite target for other types of cyberattacks due to the size of the online gaming industry. Some cybercriminals want to profit from stolen accounts, online scams and extortion programs.

Photo by Erik Mclean on Unsplash

8.7. Hacking

In online games, hacking is also a widespread problem, and hacking can have two forms.

With a keyboard capture feature, Trojans can record keystrokes and the sequence of user actions and then send the recorded password information and data to the current Trojan controller to complete the hacking operation.

Trojans can analyse the password for an online gaming account with network data monitoring capabilities. If a network data monitoring Trojan is installed on an unmanaged machine on the same LAN, it may eavesdrop on the password to log in and send that info to the Trojan controller to complete the hack.

8.8. Man-made hacking

Yes, people are still the weakest link, and social engineering remains one of the most significant threats. Human ingenuity to deceive others is almost inexhaustible, as people always find newer and newer ways to deceive information from others without their victims’ knowledge.

Some hackers may expose themselves to the customer service staff of the gaming platform and steal confidential personal information from players with the promise of a big prize, which can be used to steal a player’s account.

Attackers often pretend to be legitimate esports sites and try to persuade players or fans to share their confidential personal information, such as their passwords, bank details, and credit card information. Phishing scams can be committed via emails, text messages, or social media. Watch out for seemingly official phone calls, text messages, and emails that ask for confidential information.

Photo by Yan Krukov from Pexels

Some scammers may also send fake information to players, like “official gifts” and other means to entice the player to a well-designed phishing site similar to the game’s official website.

In this case, the phishing website does the hard work that the hacker did in person in the previous example, persuading the players to release their personal information in some fraudulent way. The hacker then can log into the account with the information obtained to game currency and other virtual things and sell these for real money offline.

8.9. Hardware hacks

In professional tournaments, players may bring their own hardware, such as a mouse or keyboard. This also provides an opportunity for fraud: in 2018, for example, a player named “Ra1f” cheated in the Counter-Strike: Global Offensive competition, where he could bypass ESEA anti-fraud technology with his hardware.

The number of methods is almost inexhaustible, insurmountable: more and more ideas come to the surface so that others can be tricked by hackers to obtain their data and thus gain an advantage or money.

8.10. Server maintenance problem

In addition to manipulating and hacking virtual data, server maintenance is one of the most common security threats in online gaming.

Server maintenance must generally pass specific parameters to achieve standard access procedures. The admin staff should pay special attention to the verification operation when the server is under maintenance and check that these parameters are valid.

Vulnerable game servers will always be a popular target for hackers. By their nature, servers are almost always online, further increasing their exposure to cyberattacks. Direct attacks on servers are one of the most efficient ways to disrupt esports games and steal information.

8.11. The most common attack types and their effects

The most common types of threats can vary depending on whether they are related to professional players, gaming companies, or tournaments. The following three figures summarise the types of attacks and their effects.

The most common attacks and their effects on professional players - TrendMicro

The most common attacks and their effects on game companies - TrendMicro

The most common attacks and their effects on tournaments - TrendMicro

9. Security threats for an average gamer

“The one point gamers all hate is the point where they have to put the controller down.” - Reggie Fils-Aime

Esports is a diverse market, and the gaming industry is attractive to cybercriminals. We tend to think of professional esports players competing in teams in huge arenas and earning millions of dollars with their skills. However, it should not be forgotten that most players are not professional: most people play on their machines at home, often alone or with their friends or strangers.

The range of online games is almost limitless. We would have a hard time finding a topic that the developers had not already worked on and made a video game about. And with such a wide selection, anyone can find an online game that they would love to play or compete with others.

Photo by Sam Pak on Unsplash

Video games have become a prevalent form of entertainment. Their popularity and the vast amount of money and personal data are becoming more and more attractive to hackers.

9.1. Threats on online gaming platforms

The online gaming industry is centred around platforms like Battle.net or where players register by entering their personal and card information. As a result, users disclose their personal information when purchasing video games and in-game products.

Many people do not even think a cyberattack could hit them through a gaming platform. We all know that we should protect our email- or other online accounts with strong and unique passwords, but many players do not treat their gaming platform account like a basic social networking account or an email.

One of the most common mistakes is to use the same password for multiple accounts. If one of the passwords is leaked and matches the password in your gaming platform account, hackers will gain access to your credit card information.

When we register or shop on a gaming platform, we leave our cyber footprint there (our password, login details, credit card info, etc.). When using these platforms, use two-factor authentication and unique passwords. Why would gaming platforms be an exception if you shop online and always pay attention to these?

Photo by Ella Don on Unsplash

Using the same passwords is a matter of convenience. We usually use similar or identical account information to make passwords memorisable. For most users, convenience remains paramount.

For further information and tips for safer password usage, please check the article: Safer user authentication and password hygiene.

You can create strong and unique passwords for each account without remembering them: you should not write them down on paper; use a password manager instead. This application automatically saves your username and unique password for each account and creates strong passwords for new registrations. Proxy servers and password managers are indispensable tools in the gaming industry to avoid cyber security threats.

Accounts on online platforms can contain up to hundreds of purchased video games. Compromising an account on an online gaming platform can result in severe financial loss.

But we do not just have to think about the inconvenience of being excluded from our account and then reporting it to the platform admin and hoping that the situation will ‘clear up’ and we can play again over time. For many, it is a tragedy if they lose their points, their status in their games, or are unable to continue playing because they are already so addicted that they cannot live a day without playing.

Photo by Anh Nguyen on Unsplash

Let’s face it: many players also experience it as a tragedy (even if they only play alone or without a bet) when they lose a game and have to start at the same level from the beginning.

On the other hand, think of a situation where, for example, you have registered on a gaming platform for three years and have had significant successes. Your friends do not only recognise your playing skills, but they also look up to you. What is more: you may have already achieved a reputation on a championship table of the game you are very proud of. You have spent a lot of energy, time and money, and there are several games in which you have already reached high levels or scores. And then someone logs in for you and demolishes what you have been working and building with hard work …

Keep in mind that by misusing your card information, others may shop online on our behalf. They can request services, buy products, and until your card is disabled, they can do so and spend as much as they want. So watch out for gaming industry cybersecurity threats to protect your account!

10. How to defend against attacks?

The video game industry traditionally has been a very male-dominated field. You know, with the advent of the iPhone, the number of women gamers exploded." - Brianna Wu

High-volume professional matches and battles are generally well secured from a cyber defence standpoint. However, in the case of minor tournaments that may use free Wi-Fi or private players who do not have cybersecurity procedures at home, cyberattacks can occur more often.

Some solutions can help avoid DDoS attacks and other types of interruptions that may affect the outcome of a match. Proxy servers can protect the network identity of a player during online tournaments, for example.

To protect ourselves from security threats, esports athletes and casual gamers alike need to use password managers and proxy servers to mask their IP addresses and avoid duplicate passwords.

Image by Ian van der Linde from Pixabay

10.1. A well-designed data encryption system

To address the information security risks of the game, establish and maintain a proficient data encryption system. OpenSSL has comprehensive and powerful features, including cryptographic algorithms, SSL protocol, and certificate package-management capabilities.

10.2. Use of advanced authentication procedures

It is essential to use proper authentication procedures to ensure that the authorised player is connected to the server. Therefore, to achieve the safety of network information in the game, it is essential to implement advanced identification technology.

Operators can distribute authentication operations to multiple different servers and then integrate the results of the systems to authenticate the users for network identities to avoid possible identity misjudgment. When encrypting, multiple servers share the same public key, and each system has a private key that can be used to decrypt it. For further information on public and private keys, please check the article Encryption: the unnoticed law enforcement force in cyberspace.

10.3. High performing server and wide bandwidth

Adequately high-performance servers and bandwidth must serve players and their requests securely and seamlessly. Network stability is key to the normal operation of online games. To avoid server downtime and cybersecurity risks to the game, you may need to use more high-performance servers to resolve this issue.

Photo by RODNAE Productions from Pexels

Login Gate is primarily used for network communication between the player and the client at login and encrypting, decrypting, and verifying communication data between the client and the Login Server. On the other hand, the Game Gate mainly handles network communication between the game server and the client during gaming: it encrypts, decrypts, and verifies the data between the game server and the client.

10.4. Use VPN: it is not just for PCs and laptops

A VPN is one of the easiest ways to protect your laptop, phone, or console, and it also carries a much lower risk when attending an esports event. While there are many VPNs, it is worth choosing a professional VPN service that provides enhanced protection against cyberattacks and has the bandwidth, speed, and latency required for gaming.

In addition to protecting you from abuse, VPNs can also be used to increase (or stabilise) Internet speed and performance. No one wants to lose a match because of a delay and latency, and the truth is that the Internet can often fluctuate at a big event. Whether you are primarily concerned about security or performance, a VPN can help.

11. Esports in Luxembourg

“A game is the complete exploration of freedom within a restrictive environment.” - Vineet Raj Kapoor

Despite COVID-19, the Luxembourg Esports Federation (LESF) was founded, and the first Post esports League was organised in 2020. Since then, the Luxembourg esports ecosystem has maintained its steady growth. In 2021, memorable events took place, such as the second edition of the Post and 11F Luxembourg competition, the Orange eLeague competition and the Tango High-School Cup.

The first Orange eLeague competition started with a prize pool of € 5,000, whereas the total prize pool of the Post and 11F Luxembourg competition was € 20,000. There were also many professional and amateur players among the participants.

Luxembourg Esports Federation - LESF

More and more investors increasingly realise the potential of esports in Luxembourg. In addition to Telco, business associations such as the Luxembourg Private Equity Association (LPEA) are also involved in promoting esports: they organise events and draw the attention of professionals and investors to the business opportunities in the sector.

Against the above results, it must be admitted that Luxembourg esports is still in its infancy, and the breakthrough is yet to come. However, the above trends give hope that the Luxembourg esports market is well on its way.

It can be concluded that the Luxembourg esports ecosystem still has untapped potential and has not yet been recognised as an official sport by the Ministry of Sport and the National Olympic Committee (Comité Olympique et Sportif Luxembourgeois).

Formal recognition would be essential as it would allow esports players to address existing challenges more effectively and consistently, such as the lack of a single regulatory framework, the need for a sustainable funding model and dependence on game developers.

Daniel finishes fifth at the IESF eFootball World Championships in 2021

Daniel “Diffside45” Araujo was the first Luxembourger to qualify for the IESF World Championship Final and competed for the IESF eFootball World Championship title in 2021 in Eilat, Israel. With an incredible performance, he became fifth!

If you are interested in who are the most prominent esports prize winners in Luxembourg, you can check them out on the Esport Earnings page.

12. Esports and cybersecurity

“Everybody wants to game; whether you’re a casual gamer or an enthusiast gamer, there’s a large market for us.” - Lisa Su

It may sound strange at first, but esports and cybersecurity have many things in common. Both are team games: we can only succeed in esports or cybersecurity if we form a team, with team members working together and helping each other achieve their goals.

There are many “soft” skills that players (esports players, red team or blue team members, etc.) can use to achieve success, such as working within a team, mastering tactical skills, and paying attention to detail. All of these can be key to gaining victory over your opponent.

Also, a common point (between the practitioners of esports and cybersecurity) is the interest in and love for IT and some area of it, as there is no way to succeed without being interested in and not fully committed to it.

Whether we are talking about esports gamers or cybersecurity professionals, they all have a common interest in making an esports event (and the world of online gaming in general) as free from cyber attacks and threats as possible. By doing that, they may allow players to focus on their games unworriedly.

Many stakeholders in the gaming industry need to work together and take a multi-layered security approach to protect applications and player data proactively. The stakeholders can do the following in their power to minimise the negative consequences of cyber security threats:

Gamers should apply adequate password hygiene to secure their privacy and multifactor authentication to prevent online identity theft and account takeovers. They should also be aware of social engineering attacks such as phishing.

Game makers need to use and integrate tools into their games, such as security information and event management (SIEM) solutions. This allows for real-time analysis of security alerts, enabling security personnel to detect and mitigate threats.

Game developers should create an incident response and disaster recovery plan to manage account recovery processes and anti-fraud procedures.

Gaming companies should install a bot management tool in the firewall to prevent DDoS attacks.

Besides the above stakeholders, leagues, event operators, streaming platforms, sponsors, gaming associations, and fans can also be mentioned.

However, the above is not enough. After all, for the world of gamers to really act effectively against cyber threats, the participants must also work together, inform each other, and the very many participants must work together as a team to confront the threats. So, how do these communities contribute to each other?

12.1. Synergies between the gaming community and cybersecurity professionals

Gaming companies need to educate their communities so that players understand the value of their gaming accounts and notice and report suspicious behaviour. They need to draw players’ attention to the current cyber security risks and possible attacks. They also need to prepare players for what to do if they notice some strange behaviour, whom to turn to, and where to report it.

Game makers and developers need to make sure game upgrades are straightforward, and players are always prompted to download a new development as soon as possible (or cannot continue to play).

Consistency, transparency, clarity, and accountability are all needed among the stakeholders for quick and efficient information sharing.

Esports stakeholders need to develop and implement sound security policies and prepare for unavoidable security and fraud incidents by developing strong security practices and a standardised regulatory system to address new security challenges.

Rapid and secure communication channels among the gaming stakeholders, information sharing and education, awareness-raising and proper regulations are all part of the successful path to a more secure environment for the gaming world.

12.2. Snatched examples of successful collaborations

And the fact that the theory described above can be put into practice, that is, there can be working collaborations between esports players, gamers, and cybersecurity experts is no more proven than the examples that have already been established. So let’s look at some snatched examples of successful collaboration for cooperation as follows:

QinetiQ has partnered with the British Esports Association to promote the link between the gaming community and the cybersecurity sector. Hackers and esports players played the Rocket League together. The event provided an opportunity for the different teams to get to know each other better and, as in the case of a cyber exercise (where the red and the blue teams are fighting each other), compare each other’s strengths.

One of the most basic conditions for enjoyable esports games is a secure and latency-free Internet connection. It is no surprise that one of the most prominent players in the industry, Cisco, also saw an opportunity to ensure the security and quality of the network for esports events and competitions. And so, Cisco has partnered with Riot Games to become the official networking partner of League of Legends esports since 2020.

Cisco and Riot Games’ cooperation for stable network connection during esports events (YouTube)

The well-known security company Kaspersky and London-based Fnatic esports firm have signed an agreement to develop digital content jointly. The Kaspersky Lab partnered with the Vodafone Giants (a Spanish esports team) and provided the team with its antivirus software.

TikTok is not necessarily related to cybersecurity or esports if you hear its name. Still, the company took an important step when it participated in an esports competition as a sponsor. TikTok is well-known, and its presence and sponsorship of the game could pique the interest of many people in Internet security. Awareness of cyber security issues is essential, but sponsoring an event can also be significant because it can encourage cyber experts to learn about and participate in esports.

12.3. Can a cybersecurity career be appropriate for esports players?

One of the goals of the U.S. Cyber Games is to promote a cybersecurity career among esports players and help alleviate the underrepresentation of the cybersecurity profession in the job market and gain as many people as possible to benefit the profession. The Games also use the Workforce Framework for Cybersecurity (NICE Framework) to help research effective cybersecurity workforce development practices.

But we can approach the same problem from the opposite angle. Cybersecurity competitions and exercises are outstanding opportunities to draw the attention of cybersecurity experts to esports. Experts are convinced that cybersecurity competitions can be ideal areas for the development of esports, as these events can be a lifelong experience for young people, arousing their interest in both the esports and the cybersecurity profession.

“We have a shortage of talent and a shortage of diversity in the cybersecurity field, and I think, if we turn this into a sport, we could really address both of those issues.” - Daniel Manson

The number of open positions in the cybersecurity profession is growing, causing increasing concerns for the industry. It can take years to train a skilled, well-performing workforce, which means that labour shortages in this field will persist for years to come.

The global audience of esports is hundreds of millions, and there are many commonalities and overlaps between the two areas. After that, it seems evident that the cybersecurity profession is trying to solve its workforce problems by winning and “seducing” esport players.

“Millions of fans world-wide watch professional videogame players compete in tournaments of Halo and Call of Duty. In the future, some experts say, this audience could be watching cybersecurity teams compete to hack one another’s systems.” - James Rundle (The Wall Street Journal)

13. Conclusions

“The gaming world isn’t filled only with violence and depravity. In fact, it’s mostly enchanting.” - Naomi Alderman

As the esports industry has become very valuable, it also has become a prime target for cyber threats. Most games are shipped through digital platforms, and users store their credentials (including banking information) on those platforms. As a result, digital platforms like Steam, EA Origin, or Blizzard’s Battle.net have become prime targets for malicious attacks.

Cybersecurity is a major challenge in competitive games. As hackers follow lucrative businesses, it is no surprise that the competitive gaming industry is a very popular target for them: esports has more than $ 1 billion in revenue and an audience of more than 400 million worldwide.

With more and more players on the platforms and esports events attracting more and more crowds, all of which are connected to a public Wi-Fi network, these events are the hotbeds of malicious attacks.

Many companies (like Activision Blizzard, Riot Games, Nintendo, Capcom, and CD Project red) developing esports games have been hit by cyberattacks.

However, we should not forget about mobile phone users either, as the trend shows that an increasing number of people are using their mobile phones to play online games.

More and more non-professional gamers are using their cell phones and less and less using their desktops and consoles. It is also imperative to be aware of the dangers they face when using their smartphone for gaming.

Despite the series of problems existing in the current stage of online games, such as malicious tampering of virtual data, account theft, server maintenance, etc., these problems are not unsolvable.

For game users and operators, a good data encryption system should be built with more advanced identification technologies and high-performance servers or broadband to mitigate some of the in-game information security issues and clean up the current game and network environment. At the same time, the development of many emerging disciplines, such as artificial intelligence, can contribute to building more stable and safer systems.

Jobs related to cybersecurity are notoriously understaffed and underperformed in many industries, including games. Even though the cybersecurity profession is developing rapidly and more and more professionals are joining the field day by day, the number of staff cannot keep pace with the growing demands.

It is becoming more common for companies to know what they should be doing in theory. However, they lack the human resources, time, or financial assets to build and maintain adequate protection.

Achieving the right level of cybersecurity requires teamwork. Security experts and executives have long recognised that it is not enough to have only a few professionals in a company: the general knowledge of the company’s employees about cybersecurity needs to be raised as well.

On top of all this, players need to recognise that beyond the game, they need to pay the same attention to cyberattacks as they would any time they do any activity online.

The esports industry is facing the same level and type of cyberattacks as the gaming community has been for some time, but to a greater extent, given the massive increase in the number of players, events, etc. All entities involved in esports face these threats, such as identity theft, financial loss, or reputational damage.

All parties need to be more aware of online security and ensure the security of their profiles and accounts. Organisers need to be fully aware of the threat of esports and apply appropriate security solutions to sophisticated cyberattacks such as known exploits, targeted malware, DDoS attacks, ransomware, etc.

The trend is apparent: in the future, more and more players will join the world of online gaming, more and more professional esports players will be born, and more and more esports events will be organised. Translating all this into IT means that there will be more endpoints to protect and more challenges for cybersecurity professionals to combat against.

Image by Rafael Javier from Pixabay