Connect with us

Biz & IT

Epic Games, the creator of Fortnite, banked a $3 billion profit in 2018

Published

on

Epic Games had as good a year in 2018 as any company in tech. Fortnite became the world’s most popular game, growing the company’s valuation to $15 billion, but it has helped the company pile up cash, too. Epic grossed a $3 billion profit for this year fueled by the continued success of Fortnite, a source with knowledge of the business told TechCrunch.

Epic did not respond to a request for comment.

Fortnite, which is free to play but makes money selling digital items, has popularized the battle royale category — think Lord of the Flies meets Hunger Games — almost single-handedly, and it has been the standout title for the U.S.-based game publisher.

Founded way back in 1991, Epic hasn’t given revenue figures for its smash hit — which has 125 million players — but this new profit milestone, combined with other pieces of data, gives an idea of the success the company is seeing as a result of a prescient change in strategy made six years ago.

This past September, Epic commanded a valuation of nearly $15 billion, according to The Wall Street Journal, as marquee investors like KKR, Kleiner Perkins and Lightspeed piled on in a $1.25 billion round to grab a slice of the red-hot development firm. However, the investment cards haven’t always been stacked in Epic’s favor.

China’s Tencent, the maker of blockbuster chat app WeChat and a prolific games firm in its own right, became the first outside investor in Epic’s business back in 2012 when it injected $330 million in exchange for a 40 percent stake in the business.

Back then, Epic was best known for Unreal Engine, the third-party development platform that it still operates today, and top-selling titles like Gears of War.

Why would a proven company give up such a huge slice of its business? Executives believed that Epic, as it was, was living on borrowed time. They sensed a change in the way games were headed based on diminishing returns and growing budgets for console games, the increase of “live” games like League of Legends and the emerging role of smartphones.

Speaking to Polygon about the Tencent deal, Epic CEO Tim Sweeney explained that the investment money from Tencent allowed the company to go down the route of freemium games rather than big box titles. That’s a strategy Sweeney called “Epic 4.0.”

“We realized that the business really needed to change its approach quite significantly. We were seeing some of the best games in the industry being built and operated as live games over time rather than big retail releases. We recognized that the ideal role for Epic in the industry is to drive that, and so we began the transition of being a fairly narrow console developer focused on Xbox to being a multi-platform game developer and self publisher, and indie on a larger scale,” he explained.

Tencent, Sweeney added, has provided “an enormous amount of useful advice,” while the capital enabled Epic to “make this huge leap without the immediate fear of money.”

LOS ANGELES, CA – JUNE 12: Gamers ‘Ninja’ (L) and ‘Marshmello’ compete in the Epic Games Fortnite E3 Tournament at the Banc of California Stadium on June 12, 2018 in Los Angeles, California. (Photo by Christian Petersen/Getty Images)

Epic never had a problem making money — Sweeney told Polygon the first Gear of Wars release grossed $100 million on a $12 million development budget. But with Fortnite, the company has redefined modern gaming, both by making true cross-platform experiences possible and by pulling in vast amounts of money.

As a private company, Epic keeps its financials closely guarded. But digging beyond the $3 billion figure — which, to be clear, is annual profit not revenue — there are clues as to just how big a money-spinner Fortnite is. Certainly, there’s room to wonder whether analyst predictions this summer that Fortnite would gross $2 billion this year were too conservative.

The most recent data comes from November when Sensor Tower estimates that iOS users alone were spending $1.23 million per day. That helped the game bank $37 million in the month and take its total earnings within Apple’s iOS platform to more than $385 million.

But, as mentioned, Fortnite is a cross-platform title that supports PlayStation, Xbox, Switch, PC, Mac, Android and iOS. Aggregating revenue across those platforms isn’t easy, and the only real estimate comes from earlier this year when Super Data Research concluded that the game made $318 million in May across all platforms.

That is, of course, when Fortnite was fresh on iOS, non-existent on Android and with fewer overall players.

We can deduce from Sensor Tower’s November estimate that iOS pulled in $385 million over eight months — between April and November — which is around $48 million per month on average. Android is harder to calculate since Epic skipped Google’s Play Store by distributing its own launcher. While it quickly picked up 15 million Android users within the first month, tracking that spending off-platform is a huge challenge. Some estimates predicted that Google would miss out on around $50 million in lost earnings this year because in-app purchases on Android would not cross its services.

There are a few factors to add further uncertainty.

Fortnite spending tends to spike around the release of new seasons — updated versions of the game — since users are encouraged to buy specific packages at the start. The latest, Season 7, dropped early this month with a range of tweaks for the Christmas period. Given the increased velocity at which Fortnite is picking up players and the appeal of the festive period, this could have been its biggest revenue generator to date, but there’s not yet any indicator of how it performed.

More broadly, Fortnite has undoubtedly lost out on revenue in China, which froze new game licenses nine months ago, thereby preventing any publishers from monetizing new titles over that period.

Tencent, which publishes Fortnite in China, did release the game in the country but it hasn’t been able to draw revenue from it yet. The Chinese government announced last week that it is close to approving its first batch of new titles, but it isn’t clear which games are included and when the process will be done.

Already, the effects have been felt.

Games are forecast to generate nearly $40 billion in revenue in China this year, according to market researcher Newzoo. However, the industry saw its slowest growth over the last 10 years as it grew 5.4 percent year-over-year during the first half of 2018, according to a report by Beijing-based research firm GPC and China’s official gaming association CNG.

Fortnite and PUBG — another battle royale title backed by Tencent — have perhaps suffered the most since they are universally popular worldwide but unable to monetize in China. It seems almost certain that those two titles will receive a major marketing push if, as and when they receive the license and, if Epic can keep the game competitive as Sweeney believed it could back in 2012, then it could go on and make even more money in 2019.

Epic Games is taking on Steam with its own digital game store, which includes higher take-home revenue rates for developers.

But Epic isn’t relying solely on Fortnite.

A more low-key but significant launch this month was the opening of the Epic Games store, which is aimed squarely at Steam, the leader in digital game sales.

While Fortnite is its most prolific release, Epic also makes money from other games, Unreal Engine and a recently launched online game store that rivals Steam. Epic’s big differentiator for the store is that it gives developers 88 percent of their revenue, as opposed to Valve — the firm behind Steam — which keeps 30 percent, although it has added varying rates for more successful titles. Customers are promised a free title every two weeks.

Either way, Epic is betting that it can do a lot more than Fortnite, which could mean that its profit margin will be even higher come this time next year.

Source link

Source link

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Biz & IT

Safari and iOS bug reveals your browsing activity and ID in real time

Published

on

Getty Images

For the past four months, Apple’s iOS and iPadOS devices and Safari browser have violated one of the Internet’s most sacrosanct security policies. The violation results from a bug that leaks user identities and browsing activity in real time.

The same-origin policy is a foundational security mechanism that forbids documents, scripts, or other content loaded from one origin—meaning the protocol, domain name, and port of a given webpage or app—from interacting with resources from other origins. Without this policy, malicious sites—say, badguy.example.com—could access login credentials for Google or another trusted site when it’s open in a different browser window or tab.

Obvious privacy violation

Since September’s release of Safari 15 and iOS and iPadOS 15, this policy has been broken wide open, research published late last week found. As a demo site graphically reveals, it’s trivial for one site to learn the domains of sites open in other tabs or windows, as well as user IDs and other identifying information associated with the other sites.

“The fact that database names leak across different origins is an obvious privacy violation,” Martin Bajanik, a researcher at security firm FingerprintJS, wrote. He continued:

It lets arbitrary websites learn what websites the user visits in different tabs or windows. This is possible because database names are typically unique and website-specific. Moreover, we observed that in some cases, websites use unique user-specific identifiers in database names. This means that authenticated users can be uniquely and precisely identified.

Attacks work on Macs running Safari 15 and on any browser running on iOS or iPadOS 15. As the demo shows, safarileaks.com is able to detect the presence of more than 20 websites—Google Calendar, YouTube, Twitter, and Bloomberg among them—open in other tabs or windows. With more work, a real-world attacker could likely find hundreds or thousands of sites or webpages that can be detected.

When users are logged in to one of these sites, the vulnerability can be abused to reveal the visit and, in many cases, identifying information in real time. When logged in to a Google account open elsewhere, for instance, the demo site can obtain the internal identifier Google uses to identify each account. Those identifiers can usually be used to recognize the account holder.

Raising awareness

The leak is the result of the way the Webkit browser engine implements IndexedDB, a programming interface supported by all major browsers. It holds large amounts of data and works by creating databases when a new site is visited. Tabs or windows that run in the background can continually query the IndexedDB API for available databases. This allows one site to learn in real time what other websites a user is visiting.

Websites can also open any website in an iframe or pop-up window in order to trigger an IndexedDB-based leak for that specific site. By embedding the iframe or popup into its HTML code, a site can open another site in order to cause an IndexedDB-based leak for the site.

“Every time a website interacts with a database, a new (empty) database with the same name is created in all other active frames, tabs, and windows within the same browser session,” Bajanik wrote. “Windows and tabs usually share the same session, unless you switch to a different profile, in Chrome for example, or open a private window.”

How IndexedDB in Safari 15 leaks your browsing activity (in real time).

Bajanik said he notified Apple of the vulnerability in late November, and as of publication time, it still had not been fixed in either Safari or the company’s mobile OSes. Apple representatives didn’t respond to an email asking if or when it would release a patch. As of Monday, Apple engineers had merged potential fixes and marked Bajanik’s report as resolved. End users, however, won’t be protected until the Webkit fix is incorporated into Safari 15 and iOS and iPadOS 15.

For now, people should be wary when using Safari for desktop or any browser running on iOS or iPadOS. This isn’t especially helpful for iPhone or iPad users, and in many cases, there’s little or no consequence of browsing activities being leaked. In other situations, however, the specific sites visited and the order in which they were accessed can say a lot.

“The only real protection is to update your browser or OS once the issue is resolved by Apple,” Bajanik wrote. “In the meantime, we hope this article will raise awareness of this issue.”

Continue Reading

Biz & IT

Microsoft warns of destructive disk wiper targeting Ukraine

Published

on

Getty Images

Over the past few months, geopolitical tensions have escalated as Russia amassed tens of thousands of troops along Ukraine’s border and made subtle but far-reaching threats if Ukraine and NATO don’t agree to Kremlin demands.

Now, a similar dispute is playing out in cyber arenas, as unknown hackers late last week defaced scores of Ukrainian government websites and left a cryptic warning to Ukrainian citizens who attempted to receive services.

Be afraid and expect the worst

“All data on the computer is being destroyed, it is impossible to recover it,” said a message, written in Ukrainian, Russian, and Polish, that appeared late last week on at least some of the infected systems. “All information about you has become public, be afraid and expect the worst.”

Around the same time, Microsoft said in a post over the weekend, “destructive” malware with the ability to permanently destroy computers and all data stored on them began appearing on the networks a dozens of government, nonprofit, and information technology organizations, all based in Ukraine. The malware—which Microsoft is calling Whispergate—masquerades as ransomware and demands $10,000 in bitcoin for data to be restored.

But Whispergate lacks the means to distribute decryption keys and provide technical support to victims, traits that are found in virtually all working ransomware deployed in the wild. It also overwrites the master boot record—a part of the hard drive that starts the operating system during bootup.

“Overwriting the MBR is atypical for cybercriminal ransomware,” members of the Microsoft Threat Intelligence Center wrote in Saturday’s post. “In reality, the ransomware note is a ruse and that the malware destructs MBR and the contents of the files it targets. There are several reasons why this activity is inconsistent with cybercriminal ransomware activity observed by MSTIC.”

Over the weekend, Serhiy Demedyuk, deputy head of Ukraine’s National Security and Defense Council, told news outlets that preliminary findings from a joint investigation of several Ukrainian state agencies show that a threat actor group known as UNC1151 was likely behind the defacement hack. The group, which researchers at security firm Mandiant have linked to the government of Russian ally Belarus, was behind an influence campaign named Ghostwriter.

Ghostwriter worked by using phishing emails and theft domains that spoof legitimate websites such as Facebook to steal victim credentials. With control of content management systems belonging to news sites and other heavily trafficked properties, UNC1151 “primarily promoted anti-NATO narratives that appeared intended to undercut regional security cooperation in operations targeting Lithuania, Latvia, and Poland,” authors of the Mandiant report wrote.

All evidence points to Russia

Ukrainian officials said UNC1151 was likely working on behalf of Russia when it used its skill in harvesting credentials and infiltrating websites to deface Ukraine’s government sites. In a statement, they wrote:

As of now, we can say that all the evidence points to the fact that Russia is behind the cyber attack. Moscow continues to wage a hybrid war and is actively building forces in the information and cyberspace.

Russia’s cyber-troops are often working against the United States and Ukraine, trying to use technology to shake up the political situation. The latest cyber attack is one of the manifestations of Russia’s hybrid war against Ukraine, which has been going on since 2014.

Its goal is not only to intimidate society. And to destabilize the situation in Ukraine by stopping the work of the public sector and undermining the confidence in the government on the part of Ukrainians. They can achieve this by throwing fakes into the infospace about the vulnerability of critical information infrastructure and the “drain” of personal data of Ukrainians.

Damage assessment

There were no immediate reports of the defacements having a destructive effect on government networks, although Reuters on Monday reported Ukraine’s cyber police found that last week’s defacement appeared to have destroyed “external information resources.”

“A number of external information resources were manually destroyed by the attackers,” the police said, without elaborating. The police added: “It can already be argued that the attack is more complex than modifying the homepage of websites.”

Microsoft, meanwhile, didn’t say if the destructive data wiper it found on Ukrainian networks had merely been installed for potential use later on or if it had actually been executed to wreak havoc.

There’s no proof that the Russian government had any involvement in the wiper malware or the website defacement, and Russian officials have flatly denied it. But given past events, Russian involvement wouldn’t be a surprise.

In 2017, a massive outbreak of malware initially believed to be ransomware shut down computers around the world and resulted in $10 billion in total damages, making it the most costly cyberattack ever.

NotPetya initially spread spread through a legitimate update module of M.E.Doc, a tax-accounting application that’s widely used in Ukraine. Both Ukrainian
and US government officials have said Russia was behind the attacks. In 2020, federal prosecutors charged four Russian nationals for alleged hacking crimes involving NotPetya.

Continue Reading

Biz & IT

Backdoor for Windows, macOS, and Linux went undetected until now

Published

on

Researchers have uncovered a never-before-seen backdoor written from scratch for systems running Windows, macOS, or Linux that remained undetected by virtually all malware scanning engines.

Researchers from security firm Intezer said they discovered SysJoker—the name they gave the backdoor—on the Linux-based Webserver of a “leading educational institution.” As the researchers dug in, they found SysJoker versions for both Windows and macOS as well. They suspect the cross-platform malware was unleashed in the second half of last year.

The discovery is significant for several reasons. First, fully cross-platform malware is something of a rarity, with most malicious software being written for a specific operating system. The backdoor was also written from scratch and made use of four separate command-and-control servers, an indication that the people who developed and used it were part of an advanced threat actor that invested significant resources. It’s also unusual for previously unseen Linux malware to be found in a real-world attack.

Analyses of the Windows version (by Intezer) and the version for Macs (by researcher Patrick Wardle) found that SysJoker provides advanced backdoor capabilities. Executable files for both the Windows and macOS versions had the suffix .ts. Intezer said that may be an indication the file masqueraded as a type script app spread after being sneaked into the npm JavaScript repository. Intezer went on to say that SysJoker masquerades as a system update.

Wardle, meanwhile, said the .ts extension may indicate the file masqueraded as video transport stream content. He also found that the macOS file was digitally signed, though with an ad-hoc signature.

SysJoker is written in C++, and as of Tuesday, the Linux and macOS versions were fully undetected on the VirusTotal malware search engine. The backdoor generates its control-server domain by decoding a string retrieved from a text file hosted on Google Drive. During the time the researchers were analyzing it, the server changed three times, indicating the attacker was active and monitoring for infected machines.

Based on organizations targeted and the malware’s behavior, Intezer’s assessment is that SysJoker is after specific targets, most likely with the goal of “​​espionage together with lateral movement which might also lead to a ransomware attack as one of the next stages.”

Continue Reading

Trending