It was recently reported that Electronic Arts (EA) was the victim of a cyberattack in which hackers claimed to steal 780GB of source code for some of the company’s most popular games. So far, limited details have been released about the breach’s extent, but given that EA is publicly-traded, it will eventually be required to share with investors any information that is deemed material to the business. Currently, there is only room to speculate, but some early signs suggest this breach could be wide-reaching and potentially lead to significant and dangerous follow-on attacks.
The source code for EA is the crown jewel of its business — the backbone and intellectual property on which its games and tools are built — and would be highly sought-after. If it were exposed or copied, this could have deep and lasting impacts on EA’s business for a few reasons.
First, accessing EA source code could give industry competitors a massive advantage in creating new games. Second, the source code could act as something of a guide, helping attackers identify ways to take advantage of other existing bugs or flaws in EA’s software. For example, as a result, hackers could use this to generate a remote code execution exploit, whereby attackers send specific data to a victim’s gaming console via the internet and take control of the user’s system. Lastly, if the attackers were able to access source code, they may have also accessed EA’s server side. Since many of these online games follow client server models, everyone who uses them connects back to the servers. If the attackers have access to those servers, they may have access to the victim computers. Another potentially negative outcome is that this could evolve into a supply chain attack as the hackers may be able to get into the software update path.
Unfortunately, there is no way of accurately knowing the extent or future danger of this attack without knowing the motivation. In the meantime, EA is surely performing an internal security review and working to patch the stolen code immediately and to quickly provide updates for its customers. As for the code that was stolen, there is likely little that EA — even with the assistance of law enforcement — can do to prevent its sale. However, given the FBI’s recent successful recovery of Bitcoin from the Colonial Pipeline ransomware attack, authorities have recently shown their teeth and may deter these sellers.
To ensure customers are protected, EA gamers must remain vigilant. If attackers accessed user data, customers may be targeted with hard-to-spot social engineering attacks, phishing and more. When successful, these types of attacks can result in stolen identity, monetary loss and more. People should remember to never open emails from suspicious senders, click strange links or provide personal information.
The EA attack has proven the rule that the initial impact of a cybersecurity incident is almost never the full scope. To effectively combat evolving threats, organizations of all sizes and in all industries, from oil pipelines to video game makers, must ensure they are taking extensive efforts to improve their cybersecurity postures.
Blog post authored by Jim Gogolinski, VP of Research and Threat Intelligence at iboss.