During two separate Apex Legends Global Series live streams this week, hackers were caught inserting so-called “cheat tools” into the game to illegally benefit players. Electronic Arts, publisher of Apex Legends, was then forced to postpone the rest of the tournament – with a total prize pool of $5 million – while they tried to understand how the cyber attack occurred.
“Due to the competitive integrity of this series being compromised, we have made the decision to postpone [North American] finals right now,” the Apex Legends Esports social media account announced on March 17. “We will share more information soon.”
There are questions about where the permitted Remote Code Execution (RCE) vulnerability lies hackers to disrupt Apex Legends Global Series game. The anti-cheat systems provider of the popular shooting game, Easy Ant-Cheat, has denied that its systems contain the RCE flaw in question, according to the site the company’s tweet from March 18th.
“At this time, we are confident that no RCE vulnerabilities are being exploited within EAC,” Easy Anti-Cheat’s statement reads.
However, game volunteer “Anti-Cheat Police Department” advised players to avoid not just Apex Legend, but really any game that uses Easy Anti-Cheat, in a tweet this week following the tournament hacks.
“Currently, RCE is abused to inject cheats into streamers’ machines, which means they have the ability to do anything like install ransomware software and lock down the entire PC,” the group’s statement informs.
Gaming tournaments are a new attack surface
THE gaming industry has a particularly challenging attack surface to defend against cybercrime, and it is becoming increasingly difficult to protect. In 2021, hackers managed to do just that steal the source code of EA’s FIFA 21 game with a homemade social engineering attack. Now, e-sports tournaments have emerged as a new facet of the gaming attack surface, something that cyber teams will need to consider more carefully, according to an emailed statement from Jamie Boote, associate principal security consultant at Synopsys Software Integrity Group.
“Moving forward, e-sports organizers should consider participants’ gaming computers as part of their attack surface that needs to be protected,” Boote said. “Future e-sports tournament organizers will need to assume that it is a question of when, not if, an event like this will happen again and how to prevent or minimize disruption if it does.”