In this digital age, gaming has become more than just a hobby or a form of entertainment; it is a powerful tool that brings millions of people together. However, as the gaming experience becomes more and more advanced, so do the challenges that come along with it. One of the main challenges that has been on the rise with gaming is cybersecurity challenges. Between May 2021 and April 2022 alone, Akamai has found that there are over 800 thousand web application attacks in the gaming industry. In this blog, we will dive into the trends and types of cyberattacks that are circulating in the gaming world, along with tips on how to avoid them.
Types of Cyberattacks
Theft of Sensitive Information
Theft of Players' Data
One of the most famous forms of cyberattacks that target gamers these days is phishing attacks. The goal of a phishing attack is to steal personal information or to trick people into sending money. Cybercriminals carry out phishing attacks by tricking their victims into downloading a malicious file. This will allow attackers to gain access to their victim's sensitive information. Gamers are a popular target because most of them usually purchase items in their games. This gives criminals the chance to gain their victims' payment credentials once they can access the devices.
According to Kaspersky's research, cybercriminals nowadays are targeting the younger population who play games. This is because most of them lack knowledge of cybersecurity issues. Moreover, kids usually use their parents' devices to play video games. Thus, by tricking these kids into downloading malicious files, attackers can gain access to the parents' personal information.
Moreover, the research also found that in 2022 alone, over 878,000 phishing pages were created for Roblox, Minecraft, Fortnite, and Apex Legends. These are all popular games among the younger population. Cybercriminals usually trick their victims into installing malicious files by promoting the files as cheat codes for these games.
In addition to stealing data through phishing, cybercriminals also often try to gain access to players' accounts through brute force methods and social engineering techniques. Social engineering techniques may include posing as a gaming company staff to trick players into revealing their usernames and passwords. Aside from gaining the player's payment credentials, gaining access to the player's account can give criminals the chance to sell that account for a sum of money. This especially applies to accounts that have a high level or a lot of items on the game.
Theft of Gaming Companies' Data
Aside from stealing personal information from gamers, cybercriminals also often try to steal game source codes and other sensitive data from gaming corporations. Similar to how they gain the personal information of gamers, cybercriminals also try to gain access to these source codes by distributing phishing links. The only difference is that this time, the phishing attacks are targeting the gaming companies' employees.
In 2022, criminals stole GTA's source code, and they even released video footage of GTA's unreleased game. This happened because the criminals were able to enter the slack channel of GTA's employees.
A game called Neopets, also got their source codes stolen by cybercriminals in 2022. It was reported that 69 million Neopets member registrations and source codes were listed for sale for 4BTC. The company also confirmed that the stolen data included its players' usernames, e-mail addresses, birth dates, gender, IP addresses, Neopets PINs, hashed passwords, as well as data generated during the game.
Similarly, in 2023, it was discovered that 4GB of Roblox company data had been exposed, with the cybercriminals posting some of this data on the dark web. The criminals were able to lay their hands on these data from an employee, through social engineering tactics.
DDoS Attack
The goal of a DDoS attack is to make an online server go offline or unavailable to its users or visitors. To achieve this, attackers will flood the target's server with traffic. They can generate this traffic by hacking into devices and turning them into an army of bots. Some gaming servers, unfortunately, may not flag requests from these bots as malicious. This gives attackers a chance to launch their DDoS attack. According to Akamai's research published in 2022, DDoS attacks against the gaming industry accounted for 37% of the DDoS traffic observed across all industries.
For game developers, a DDoS attack on your gaming server may cost you some downtime. For game players, if the game you're playing is attacked by DDoS, you may get logged out from your gaming account, experience some lagging, and you might not be able to reach the gaming server for some time. As a result, this will reduce the game's satisfaction rate among its players.
How to Avoid Them
For Gamers
Implement Two-Factor Authentication
For gamers, it's important to always turn on Two-Factor Authentication for your login method. This way, cybercriminals won't be able to access your account directly even if they have your username and password. It adds a layer of security to your accounts.
A lot of game developers have added the option to enable 2FA for their users. These include Steam, Ubisoft, League of Legends, Xbox Live, and more.
Educate Yourselves on Cybersecurity Trends
By staying up-to-date with the latest cybersecurity trends, you are not just protecting yourself but also the people around you. You can do this by reading the latest tech news or blogs on cybersecurity. Equipping yourself with cybersecurity knowledge can help you recognize a scam or phishing attack when you see one. After educating yourself, do not forget to share what you have learned with the people around you. especially the younger ones.
Watch Out for Those Asking Credentials
When we play online games, it's common for us to interact with strangers on the internet. Thus, we must always be careful with what we share with the people we encounter on the internet. Moreover, we also should be careful of people who claim they are staff of a gaming company and ask us to share our personal information with them. Usually, gaming companies won't request your personal information through e-mails, calls, chats, or suspicious websites.
Make sure that your devices are protected with security software, and make sure that they are always turned on
Some suspicious websites specifically request their visitors to turn off their antivirus when downloading their files. This is so that the malware can infect the device without getting detected. Thus, we must always make sure that our devices are protected with reliable security software, and that they are always turned on. This is a preventive measure that can help us stay away from unwanted applications that aim to infect our devices.
For Game Developers
Deploying Firewalls
By deploying firewalls, game developers can filter the incoming and outgoing network traffic. This protects the game server from security threats or unauthorized access.
Extra Protection for Sensitive Data
To prevent unwanted parties from gaining access to your sensitive data, you can apply data encryption, and enforce strict access controls to ensure that only the authorized personnel can gain access. Moreover, we also recommend you implement 2FA or MFA for an additional layer of security. This way, you can further prevent unauthorized parties from gaining access to your system.
Backup and Disaster Recovery
You need to regularly back up your data and make sure that it can be restored quickly. This is necessary to prevent data loss and minimize downtime. You can also outsource this job to a backup service provider, and let them help you in making sure that your data is safe and protected.
Active Monitoring
Continuously monitoring your game's performance and server in real-time can help you identify any suspicious activities and address those issues quickly.
DDoS Protection
Another major cause of downtime aside from data loss is DDoS. Aside from actively monitoring your infrastructure, you can also protect your site against DDoS attacks by partnering with a security provider that provides DDoS protection and mitigation services. This way, you can focus on other business processes and let your provider make sure your operations are running smoothly.
Conclusion
We have learned how important it is to implement cybersecurity measures even in the gaming world, as there has been an increase in cyberattacks targeting gamers and/or gaming companies. For gamers, it's important to implement 2FA, stay updated with the latest cybersecurity news, watch out for people who ask for credentials, and make sure that all devices are protected with security software. Game developers can also implement security measures in their environment by deploying firewalls, protecting sensitive data, having backup and disaster recovery strategies, actively monitoring their infrastructure, and applying DDoS protection strategies.