Ubisoft Reports 'Cyber Security Incident'Lapsus$, the Gang Behind Nvidia and Samsung Hacks, Implies Responsibility
Video game developer Ubisoft has confirmed that a cybersecurity incident caused "temporary disruption" to some of its games, systems and services, and the ransomware gang Lapsus$, which was behind the breaches at Samsung and Nvidia, is implying that it may have been responsible.
"Our IT teams are working with leading external experts to investigate the issue. As a precautionary measure, we initiated a companywide password reset" Ubisoft says.
The company also confirmed that all of its games and services were functioning normally and that at this time there is no evidence that any player personal information was accessed or exposed as a by-product of this incident (see: New Malware 'BloodyStealer' Targets Gaming Accounts).
"Given the data breach suffered by Ubisoft less than three months ago, this latest incident is somewhat embarrassing," says Nigel Jones, co-founder of the U.K.-based privacy firm Privacy Compliance Hub. "Although the company is saying that there is no evidence of any personal information being accessed or exposed, the fact that they have forced a password reset suggests that they are not 100% sure that is the case or that the breach may not put users at risk."
Jones also says that it isn't enough to say after the event that cybersecurity experts are looking into it. Ubisoft, he says, needs to get ahead of the hackers by creating a culture of continuous privacy compliance to ensure that its staff don't make a mistake that lets the perpetrators through the door in the first place.
The incident comes after many Ubisoft users started complaining about login issues.
Is anyone else having a problem connecting their Ubisoft account to GOG? I've been searching and reading and the fixes I've found haven't worked for me...— Seena (@Seena_SWG) March 4, 2022
A spokesperson for Ubisoft was not immediately available to provide more details about the attack or to confirm whether Lapsus$ was behind it.
Lapsus$ Creating Ruckus
Unlike the Samsung and Nvidia breaches, Lapsus$ has not formally claimed responsibility for this attack, although multiple media platforms are attributing it to Lapsus$ operators.
The group has, however, posted a hint in its official Telegram channel, which has over 30,000 members. It included a smirk emoticon in a shared article from The Verge, which first reported the attack.
"In most cases, it takes time to uncover the full details of a successful cybersecurity attack. Any initial announcement that occurs quickly after the incident should be interpreted as an incomplete account of what actually happened," says Tim Erlin, vice president of strategy at cybersecurity firm Tripwire.
Erlin also says that technology companies, by definition, have an expansive attack surface. Their business requires that they use technology and connected systems extensively, and the more complex the systems are, the more complex securing them tends to be.
The Lapsus$ gang was recently found tricking users into installing malware by disguising it as verified and signed certificates, which are believed to have been stolen from the Nvidia and Samsung source code leaks (see: How Lapsus$ Uses Stolen Source Code to Disguise Malware).
Researchers at security firm Check Point said that by having possession and control over source codes, Lapsus$ could create a massive supply chain reaction, which could lead to numerous organizations and machines being infected and harmed.
The Lapsus$ group first came to public attention in December 2021 following a ransomware attack on websites owned by Brazil's Ministry of Health. The group claimed to have stolen and subsequently deleted around 50TB of data from the ministry's systems.
Subsequently, Lapsus$ claimed responsibility for attacks seemingly targeted at other Brazilian or Portuguese-speaking organizations, such as Impresa, Claro, Embratel, NET and Localiza.
The popularity of attacks on the gaming industry is no surprise. One of the highest growth climbers of 2020, gaming saw an increase in both credential stuffing attacks (up 224%) and web attacks (up 340%), compared to the previous year, according to software company Akamai. DDoS attacks against gamers were down by 20%, but they still made up nearly 50% of all DDoS attacks, it says.
The mobile gaming industry recorded revenue of $77.2 billion in 2020, but Akamai says mobile gamers have also experienced an increase in phishing attacks.