Connect with us

Biz & IT

Epic Games, the creator of Fortnite, banked a $3 billion profit in 2018

Published

on

Epic Games had as good a year in 2018 as any company in tech. Fortnite became the world’s most popular game, growing the company’s valuation to $15 billion, but it has helped the company pile up cash, too. Epic grossed a $3 billion profit for this year fueled by the continued success of Fortnite, a source with knowledge of the business told TechCrunch.

Epic did not respond to a request for comment.

Fortnite, which is free to play but makes money selling digital items, has popularized the battle royale category — think Lord of the Flies meets Hunger Games — almost single-handedly, and it has been the standout title for the U.S.-based game publisher.

Founded way back in 1991, Epic hasn’t given revenue figures for its smash hit — which has 125 million players — but this new profit milestone, combined with other pieces of data, gives an idea of the success the company is seeing as a result of a prescient change in strategy made six years ago.

This past September, Epic commanded a valuation of nearly $15 billion, according to The Wall Street Journal, as marquee investors like KKR, Kleiner Perkins and Lightspeed piled on in a $1.25 billion round to grab a slice of the red-hot development firm. However, the investment cards haven’t always been stacked in Epic’s favor.

China’s Tencent, the maker of blockbuster chat app WeChat and a prolific games firm in its own right, became the first outside investor in Epic’s business back in 2012 when it injected $330 million in exchange for a 40 percent stake in the business.

Back then, Epic was best known for Unreal Engine, the third-party development platform that it still operates today, and top-selling titles like Gears of War.

Why would a proven company give up such a huge slice of its business? Executives believed that Epic, as it was, was living on borrowed time. They sensed a change in the way games were headed based on diminishing returns and growing budgets for console games, the increase of “live” games like League of Legends and the emerging role of smartphones.

Speaking to Polygon about the Tencent deal, Epic CEO Tim Sweeney explained that the investment money from Tencent allowed the company to go down the route of freemium games rather than big box titles. That’s a strategy Sweeney called “Epic 4.0.”

“We realized that the business really needed to change its approach quite significantly. We were seeing some of the best games in the industry being built and operated as live games over time rather than big retail releases. We recognized that the ideal role for Epic in the industry is to drive that, and so we began the transition of being a fairly narrow console developer focused on Xbox to being a multi-platform game developer and self publisher, and indie on a larger scale,” he explained.

Tencent, Sweeney added, has provided “an enormous amount of useful advice,” while the capital enabled Epic to “make this huge leap without the immediate fear of money.”

LOS ANGELES, CA – JUNE 12: Gamers ‘Ninja’ (L) and ‘Marshmello’ compete in the Epic Games Fortnite E3 Tournament at the Banc of California Stadium on June 12, 2018 in Los Angeles, California. (Photo by Christian Petersen/Getty Images)

Epic never had a problem making money — Sweeney told Polygon the first Gear of Wars release grossed $100 million on a $12 million development budget. But with Fortnite, the company has redefined modern gaming, both by making true cross-platform experiences possible and by pulling in vast amounts of money.

As a private company, Epic keeps its financials closely guarded. But digging beyond the $3 billion figure — which, to be clear, is annual profit not revenue — there are clues as to just how big a money-spinner Fortnite is. Certainly, there’s room to wonder whether analyst predictions this summer that Fortnite would gross $2 billion this year were too conservative.

The most recent data comes from November when Sensor Tower estimates that iOS users alone were spending $1.23 million per day. That helped the game bank $37 million in the month and take its total earnings within Apple’s iOS platform to more than $385 million.

But, as mentioned, Fortnite is a cross-platform title that supports PlayStation, Xbox, Switch, PC, Mac, Android and iOS. Aggregating revenue across those platforms isn’t easy, and the only real estimate comes from earlier this year when Super Data Research concluded that the game made $318 million in May across all platforms.

That is, of course, when Fortnite was fresh on iOS, non-existent on Android and with fewer overall players.

We can deduce from Sensor Tower’s November estimate that iOS pulled in $385 million over eight months — between April and November — which is around $48 million per month on average. Android is harder to calculate since Epic skipped Google’s Play Store by distributing its own launcher. While it quickly picked up 15 million Android users within the first month, tracking that spending off-platform is a huge challenge. Some estimates predicted that Google would miss out on around $50 million in lost earnings this year because in-app purchases on Android would not cross its services.

There are a few factors to add further uncertainty.

Fortnite spending tends to spike around the release of new seasons — updated versions of the game — since users are encouraged to buy specific packages at the start. The latest, Season 7, dropped early this month with a range of tweaks for the Christmas period. Given the increased velocity at which Fortnite is picking up players and the appeal of the festive period, this could have been its biggest revenue generator to date, but there’s not yet any indicator of how it performed.

More broadly, Fortnite has undoubtedly lost out on revenue in China, which froze new game licenses nine months ago, thereby preventing any publishers from monetizing new titles over that period.

Tencent, which publishes Fortnite in China, did release the game in the country but it hasn’t been able to draw revenue from it yet. The Chinese government announced last week that it is close to approving its first batch of new titles, but it isn’t clear which games are included and when the process will be done.

Already, the effects have been felt.

Games are forecast to generate nearly $40 billion in revenue in China this year, according to market researcher Newzoo. However, the industry saw its slowest growth over the last 10 years as it grew 5.4 percent year-over-year during the first half of 2018, according to a report by Beijing-based research firm GPC and China’s official gaming association CNG.

Fortnite and PUBG — another battle royale title backed by Tencent — have perhaps suffered the most since they are universally popular worldwide but unable to monetize in China. It seems almost certain that those two titles will receive a major marketing push if, as and when they receive the license and, if Epic can keep the game competitive as Sweeney believed it could back in 2012, then it could go on and make even more money in 2019.

Epic Games is taking on Steam with its own digital game store, which includes higher take-home revenue rates for developers.

But Epic isn’t relying solely on Fortnite.

A more low-key but significant launch this month was the opening of the Epic Games store, which is aimed squarely at Steam, the leader in digital game sales.

While Fortnite is its most prolific release, Epic also makes money from other games, Unreal Engine and a recently launched online game store that rivals Steam. Epic’s big differentiator for the store is that it gives developers 88 percent of their revenue, as opposed to Valve — the firm behind Steam — which keeps 30 percent, although it has added varying rates for more successful titles. Customers are promised a free title every two weeks.

Either way, Epic is betting that it can do a lot more than Fortnite, which could mean that its profit margin will be even higher come this time next year.

Source link

Source link

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Biz & IT

US government strikes back at Kremlin for SolarWinds hack campaign

Published

on

Matt Anderson Photography/Getty Images

US officials on Thursday formally blamed Russia for backing one of the worst espionage hacks in recent US history and imposed sanctions designed to mete out punishments for that and other recent actions.

In a joint advisory, the National Security Agency, FBI, and Cybersecurity and Information Security Agency said that Russia’s Foreign Intelligence Service, abbreviated as the SVR, carried out the supply-chain attack on customers of the network management software from Austin, Texas-based SolarWinds.

The operation infected SolarWinds’ software build and distribution system and used it to push backdoored updates to about 18,000 customers. The hackers then sent follow-up payloads to about 10 US federal agencies and about 100 private organizations. Besides the SolarWinds supply-chain attack, the hackers also used password guessing and other techniques to breach networks.

After the massive operation came to light, Microsoft President Brad Smith called it an “act of recklessness.” In a call with reporters on Thursday, NSA Director of Cybersecurity Rob Joyce echoed the assessment that the operation went beyond established norms for government spying.

“We observed absolutely espionage,” Joyce said. “But what is concerning is from that platform, from the broad scale of availability of the access they achieved, there’s the opportunity to do other things, and that’s something we can’t tolerate and that’s why the US government is imposing costs and pushing back on these activities.”

Thursday’s joint advisory said that the SVR-backed hackers are behind other recent campaigns targeting COVID-19 research facilities, both by infecting them with malware known as both WellMess and WellMail and by exploiting a critical vulnerability in VMware software.

The advisory went on to say that the Russian intelligence service is continuing its campaign, in part by targeting networks that have yet to patch one of the five following critical vulnerabilities. Including the VMware flaw, they are:

  • CVE-2018-13379 Fortinet FortiGate VPN
  • CVE-2019-9670 Synacor Zimbra Collaboration Suite
  • CVE-2019-11510 Pulse Secure Pulse Connect Secure VPN
  • CVE-2019-19781 Citrix Application Delivery Controller and Gateway
  • CVE-2020-4006 VMware Workspace ONE Access

“Mitigation against these vulnerabilities is critically important as US and allied networks are constantly scanned, targeted, and exploited by Russian state-sponsored cyber actors,” the advisory stated. It went on to say that the “NSA, CISA, and FBI strongly encourage all cybersecurity stakeholders to check their networks for indicators of compromise related to all five vulnerabilities and the techniques detailed in the advisory and to urgently implement associated mitigations.”

CISA

The US Treasury Department, meanwhile, imposed sanctions to retaliate for what it said were “aggressive and harmful activities by the Government of the Russian Federation.” The measures include new prohibitions on Russian sovereign debt and sanctions on six Russia-based firms that the Treasury Department said “supported the Russian Intelligence Services’ efforts to carry out malicious cyber activities against the United States.”

The firms are:

  • ERA Technopolis, a research center operated by the Russian Ministry of Defense for transferring the personnel and expertise of the Russian technology sector to the development of technologies used by the country’s military. ERA Technopolis supports Russia’s Main Intelligence Directorate (GRU), a body responsible for offensive cyber and information operations.
  • Pasit, a Russia-based information technology company that has conducted research and development supporting malicious cyber operations by the SVR.
  • SVA, a Russian state-owned research institute specializing in advanced systems for information security located in that country. SVA has done research and development in support of the SVR’s malicious cyber operations.
  • Neobit, a Saint Petersburg, Russia-based IT security firm whose clients include the Russian Ministry of Defense, SVR, and Russia’s Federal Security Service. Neobit conducted research and development in support of the cyber operations conducted by the FSB, GRU, and SVR.
  • AST, a Russian IT security firm whose clients include the Russian Ministry of Defense, SVR, and FSB. AST provided technical support to cyber operations conducted by the FSB, GRU, and SVR.
  • Positive Technologies, a Russian IT security firm that supports Russian Government clients, including the FSB. Positive Technologies provides computer network security solutions to Russian businesses, foreign governments, and international companies and hosts recruiting events for the FSB and GRU.

“The reason they were called out is because they’re an integral part and participant in the operation that the SVR executes,” Joyce said of the six companies. “Our hope is that by denying the SVR the support of those companies, we’re impacting their ability to project some of this malicious activity around the world and especially into the US.”

Russian government officials have steadfastly denied any involvement in the SolarWinds campaign.

Besides attributing the SolarWinds campaign to the Russian government, Thursday’s release from the Treasury Department also said that the SVR was behind the August 2020 poisoning of Russian opposition leader Aleksey Navalny with a chemical weapon, the targeting of Russian journalists and others who openly criticize the Kremlin, and the theft of “red team tools,” which use exploits and other attack tools to mimic cyber attacks.

The “red team tools” reference was likely related to the offensive tools taken from FireEye, the security firm that first identified the Solar Winds campaign after discovering its network had been breached.
The Treasury department went on to say that the Russian government “cultivates and co-opts criminal hackers” to target US organizations. One group, known as Evil Corp. was sanctioned in 2019. That same year, federal prosecutors indicted the Evil Corp kingpin Maksim V. Yakubets and posted a $5 million bounty for information that leads to his arrest or conviction.

Although overshadowed by the sanctions and the formal attribution to Russia, the most important takeaway from Thursday’s announcements is that the SVR campaign remains ongoing and is currently leveraging the exploits mentioned above. Researchers said on Thursday that they’re seeing Internet scanning that is intended to identify servers that have yet to patch the Fortinet vulnerability, which the company fixed in 2019. Scanning for the other vulnerabilities is also likely ongoing.

People managing networks, particularly any that have yet to patch one of the five vulnerabilities, should read the latest CISA alert, which provides extensive technical details about the ongoing hacking campaign and ways to detect and mitigate compromises.

Continue Reading

Biz & IT

100 million more IoT devices are exposed—and they won’t be the last

Published

on

Elena Lacey

Over the last few years, researchers have found a shocking number of vulnerabilities in seemingly basic code that underpins how devices communicate with the Internet. Now, a new set of nine such vulnerabilities are exposing an estimated 100 million devices worldwide, including an array of Internet-of-things products and IT management servers. The larger question researchers are scrambling to answer, though, is how to spur substantive changes—and implement effective defenses—as more and more of these types of vulnerabilities pile up.

Dubbed Name:Wreck, the newly disclosed flaws are in four ubiquitous TCP/IP stacks, code that integrates network communication protocols to establish connections between devices and the Internet. The vulnerabilities, present in operating systems like the open source project FreeBSD, as well as Nucleus NET from the industrial control firm Siemens, all relate to how these stacks implement the “Domain Name System” Internet phone book. They all would allow an attacker to either crash a device and take it offline or gain control of it remotely. Both of these attacks could potentially wreak havoc in a network, especially in critical infrastructure, health care, or manufacturing settings where infiltrating a connected device or IT server can disrupt a whole system or serve as a valuable jumping-off point for burrowing deeper into a victim’s network.

All of the vulnerabilities, discovered by researchers at the security firms Forescout and JSOF, now have patches available, but that doesn’t necessarily translate to fixes in actual devices, which often run older software versions. Sometimes manufacturers haven’t created mechanisms to update this code, but in other situations they don’t manufacture the component it’s running on and simply don’t have control of the mechanism.

“With all these findings, I know it can seem like we’re just bringing problems to the table, but we’re really trying to raise awareness, work with the community, and figure out ways to address it,” says Elisa Costante, vice president of research at Forescout, which has done other, similar research through an effort it calls Project Memoria. “We’ve analyzed more than 15 TCP/IP stacks both proprietary and open source and we’ve found that there’s no real difference in quality. But these commonalities are also helpful, because we’ve found they have similar weak spots. When we analyze a new stack, we can go and look at these same places and share those common problems with other researchers as well as developers.”

The researchers haven’t seen evidence yet that attackers are actively exploiting these types of vulnerabilities in the wild. But with hundreds of millions—perhaps billions—of devices potentially impacted across numerous different findings, the exposure is significant.

Siemens USA chief cybersecurity officer Kurt John told Wired in a statement that the company “works closely with governments and industry partners to mitigate vulnerabilities … In this case we’re happy to have collaborated with one such partner, Forescout, to quickly identify and mitigate the vulnerability.”

The researchers coordinated disclosure of the flaws with developers releasing patches, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, and other vulnerability-tracking groups. Similar flaws found by Forescout and JSOF in other proprietary and open source TCP/IP stacks have already been found to expose hundreds of millions or even possibly billions of devices worldwide.

Issues show up so often in these ubiquitous network protocols because they’ve largely been passed down untouched through decades as the technology around them evolves. Essentially, since it ain’t broke, no one fixes it.

“For better or worse, these devices have code in them that people wrote 20 years ago—with the security mentality of 20 years ago,” says Ang Cui, CEO of the IoT security firm Red Balloon Security. “And it works; it never failed. But once you connect that to the Internet, it’s insecure. And that’s not that surprising, given that we’ve had to really rethink how we do security for general-purpose computers over those 20 years.”

The problem is notorious at this point, and it’s one that the security industry hasn’t been able to quash, because vulnerability-ridden zombie code always seems to reemerge.

“There are lots of examples of unintentionally recreating these low-level network bugs from the ’90s,” says Kenn White, co-director of the Open Crypto Audit Project. “A lot of it is about lack of economic incentives to really focus on the quality of this code.”

There’s some good news about the new slate of vulnerabilities the researchers found. Though the patches may not proliferate completely anytime soon, they are available. And other stopgap mitigations can reduce the exposure, namely keeping as many devices as possible from connecting directly to the Internet and using an internal DNS server to route data. Forescout’s Costante also notes that exploitation activity would be fairly predictable, making it easier to detect attempts to take advantage of these flaws.

When it comes to long-term solutions, there’s no quick fix given all the vendors, manufacturers, and developers who have a hand in these supply chains and products. But Forescout has released an open source script that network managers can use to identify potentially vulnerable IoT devices and servers in their environments. The company also maintains an open source library of database queries that researchers and developers can use to find similar DNS-related vulnerabilities more easily.

“It’s a widespread problem; it’s not just a problem for a specific kind of device,” Costante says. “And it’s not only cheap IoT devices. There’s more and more evidence of how widespread this is. That’s why we keep working to raise awareness.”

This story originally appeared on wired.com.

Continue Reading

Biz & IT

Microsoft acquires Nuance—makers of Dragon speech rec—for $16 billion

Published

on

Enlarge / In this 2011 photo, Dr. Michael A. Lee uses Dragon Medical voice-recognition software to enter his notes after seeing a patient.

Earlier today, Microsoft announced its plans to purchase Nuance for $56 per share—23 percent above Nuance’s closing price last Friday. The deal adds up to a $16 billion cash outlay and a total valuation for Nuance of about $19.7 billion, including that company’s assumed debt.

Who is Nuance?

In this 2006 photo, Rollie Berg—who has extremely limited use of his hands due to multiple sclerosis—uses Dragon NaturallySpeaking 8 to interact directly with his PC.
Enlarge / In this 2006 photo, Rollie Berg—who has extremely limited use of his hands due to multiple sclerosis—uses Dragon NaturallySpeaking 8 to interact directly with his PC.

Nuance is a well-known player in the field of natural language recognition. The company’s technology is the core of Apple’s Siri personal assistant. Nuance also sells well-known personal speech-recognition software Dragon NaturallySpeaking, which is invaluable to many people with a wide range of physical disabilities.

Dragon NaturallySpeaking, originally released in 1997, was one of the first commercially continuous dictation products—meaning software that did not require the user to pause briefly between words. In 2000, Dragon Systems was acquired by ScanSoft, which acquired Nuance Communications in 2005 and rebranded itself as Nuance.

Earlier versions of Dragon software used hidden Markov models to puzzle out the meaning of human speech, but this method had serious limitations compared to modern AI algorithms. In 2009, Stanford researcher Fei-Fei Li created ImageNet—a massive training data set that spawned a boom in deep-learning algorithms used for modern, core AI tech.

After Microsoft researchers Dong Yu and Frank Seide successfully applied deep-learning techniques to real-time automatic speech recognition in 2010, Dragon—now Nuance—applied the same techniques to its own speech-recognition software.

Fast forward to today, and—according to both Microsoft and Nuance—medically targeted versions of Dragon are in use by 77 percent of hospitals, 75 percent of radiologists, and 55 percent of physicians in the United States.

Microsoft’s acquisition play

Microsoft and Nuance began a partnership in 2019 to deliver ambient clinical intelligence (ACI) technologies to health care providers. ACI technology is intended to reduce physician burnout and increase efficiency by offloading administrative tasks onto computers. (A 2017 study published in the Annals of Family Medicine documented physicians typically spending two hours of record-keeping for every single hour of actual patient care.)

Acquiring Nuance gives Microsoft direct access to its entire health care customer list. It also gives Microsoft the opportunity to push Nuance technology—currently, mostly used in the US—to Microsoft’s own large international market. Nuance chief executive Mark Benjamin—who will continue to run Nuance as a Microsoft division after the acquisition—describes it as an opportunity to “superscale how we change an industry.”

The move doubles Microsoft’s total addressable market (TAM) in the health care vertical to nearly $500 billion. It also marries what Microsoft CEO Satya Nadella describes as “the AI layer at the healthcare point of delivery” with Microsoft’s own massive cloud infrastructure, including Azure, Teams, and Dynamics 365.

The acquisition has been unanimously approved by the Boards of Directors of both Nuance and Microsoft, and it is expected to close by the end of 2021.

Continue Reading

Trending