Cybersecurity and Online Gaming

December 16, 2020
Posted in Blog
December 16, 2020 The Florida Nerds

Cybersecurity and Online Gaming

Cybersecurity and Online Gaming should go hand in hand, but unfortunately, most gamers don’t take security seriously or even think it’s a thing. We’re going to break down some lapses in online gaming cybersecurity and what you as a gamer can do to close the door to nefarious people and cyber attacks.

 

A Bit of History

At the start of January 2019, a major U.S. cybersecurity firm published the results of a poll on gamers and security. It was a bit disappointing. It discovered that three-quarters of gamers be worried about the safety of gambling in the future; 55% of gamers reuse passwords across accounts; and also, the average gamer has undergone almost five cyberattacks – and has no idea it even happened.

But within the sport, it’s a completely different world where just some of the rules of civilized behavior apply. Hackers hack gamers and steal virtual goods. Then they sell these goods to other gamers within the game for real-world money. The best game-account hackers can make a lot of money.

 

Why In-Game Account Hacking Occurs

Video games are now the world’s largest entertainment industry. Compared with books, movies, TV, and music, it is also the most inherently electronic medium. While video games are entertainment, players often anticipate as much of their personal information to game companies as they would to their workplace, to online shopping, or perhaps to monetary institutions. So, what do hackers stand to gain from targeting video games and their players?

 

Virtual valuables

In-game economies have basically provided a precursor to cryptocurrency. Although the virtual money earned in-game can not be utilized in the real world, it is nevertheless a commodity with real value to players.

Accounts with considerable quantities of in-game currency or access to rare, prestigious in-game things can fetch high real-world rates. No matter how old the match, where there’s a powerful player-base, there’s value.

A moderator (aka Mod Jed) for RuneScape, one of those longest-running online games, lately exploited his elevated privileges to steal virtual currency (45 billion in-game coins) using a real-world value of $100,000 from gamers.

This also applies to the games themselves. Many games are printed, marketed, and authenticated online on distribution platforms like Steam, Origin, GOG Galaxy, and others. Players frequently manage all or most of their matches through one account, and long-term Steam users may have libraries of hundreds of games.

Steam also allows players to trade and hold supplementary, virtual things such as wallpapers, stickers, and in-game cosmetics.  There have been cases of hackers concealing these things from Steam inventories, in addition to concealing entire accounts.

 

Theft of Data

Most frequently, however, it’s players’ accounts that are the most precious to hackers, and so the most frequently targeted. Online and mobile games gather a lot of data on their customers. The more personal the information, the more precious it’s to hackers, and cellular games frequently track such intimate information as to location, media engagement, and even phone calls.

In-game transactions and monthly subscriptions for internet games mean that financial information can be included with a user’s data.

 

The Dangers Gamers Face

If it’s the hacker who is planning to take over an account for the digital wealth of the player’s character or the participant’s real-world data, they have a variety of approaches to achieve a successful hack. The methods themselves are no different from what users in any other field confront, but gamers can experience a few unique risk factors and circumstances.

 

Terrible Authentication

Password reuse is a frequent issue, as the ordinary gamer needs to handle accounts for multiple distribution platforms, publishers, and games themselves. Each distribution platform — Steam, Origin, etc. — demands an account; some game companies such as Epic Games and Rockstar need an account to play games or access societal features; most multiplayer online games will need a password all to themselves. This leaves gamers needing to remember and manage dozens of passwords, and older games are easily forgotten with accounts credentials going un-updated for years.

Many games also complete half of the work for possible attackers by themselves; often, just seeing another player in-game will reveal their username. As an example, Battlefield 5 includes a competitive mode of up to 64 players, so one game gives a possible malicious attacker around 63 usernames on that to try common or default passwords.

Other games will give you access to players’ scores, so supplying access to basically all the user titles used in the sport — or at least those of the best players, which will be even more precious.

 

Phishing

Phishing campaigns are often targeted against players of popular games. Phishers are not limited to the standard fraudulent emails typically used to fool consumers into giving up login credentials. One frequent tactic is to set up a bogus login page, or to present as a friend and try to send malicious links via chat platforms. The common interest in gaming brings credence, and even trust, to a phishing email.

Games also give powerful phishers more options compared to other areas. A successful phishing attack may not result in a full takeover of the participant’s account, but instead allows the intruder to take anything valuable in their Steam inventory or MMO personality and proceed.

 

Malware

Vectors for spreading malware to gamers often overlap with phishing methods. If Steam chat may be utilized to spread links to fake authentication pages, it may certainly be used to send hyperlinks to drive-by malware downloads. With aggressive matches, many players can be convinced to voluntarily download malicious applications assuring cheats, hacks, or other ways to get an edge over other players.

 

Cybersecurity Defects In Games and Sites

When there are lots of ways for gamers to fall prey to malicious actors, this doesn’t absolve the game publishers from responsibility. Players rely on secure infrastructures and software just as far as they rely on their own skill to spot a threat. Regrettably, this isn’t a responsibility that game companies always maintain successfully.

In January 2018, a flaw in the Fortnite authentication procedure was disclosed. The login URL was not supported, leaving it vulnerable to a redirect attack. To make things worse, the investigators who found the flaw also discovered and compromised an unused and vulnerable Epic subdomain. Now, Epic’s authentication employs social website login. A genuine login petition would also be redirected into the endangered subdomain, which would request the user’s login credentials, get them, and send them to the attacker.

Both the real user and the attacker would have proper login credentials to access the Fortnite account. The participant would have the ability to steal artifacts, any personal information it contains (perhaps even bank card details), and purchase and steal in-game currency (V-Bucks, which he could then sell for real money outside the sport ). And all the attacker would need to do is convince the victim to use the malicious redirect URL to log — which is standard social engineering.

 

How Gamers Can Cover Themselves

The situation isn’t as bleak as it might appear. It is often true that consumers are the weakest point in any security system, but most gamers are digital natives. A certain quantity of familiarity with technology often makes it easier to educate users on finer points of safety and information protection. There are numerous precautions people can take to better safeguard their accounts out of injury. Here are some of those possibilities:

 

Good Password Practices

Good password practices are equally as helpful in gaming as they’re elsewhere. Gamers should follow guidelines for password strength and think about using passphrases to help memory and safeguard against brute-forcing. A fantastic password manager might be useful as well. Most importantly, it’s crucial that you avoid reusing the same password across multiple accounts, or a compromised Overwatch account could become a compromise of Steam, Origin, and even the user’s personal email or bank account.

 

Phishing Awareness

Standard phishing advice applies to gamers as much as anyone else. Never click on a link without being sure where it goes even links sent by buddies could be malicious in the case of accounts.

Bear in mind that real emails from sports suppliers will not request login information or personal information. If it’s not possible to tell for certain if an email is genuine, speak to the game’s service team directly and ask. Gamers should be wary of “too good to be true” deals.

A fellow player offering an apparent bargain trade could possibly be trying to lure people into a phishing scheme, and a site offering unbeatable competitive advantages is more than likely a scam of some type.

 

Malware security

Many gamers have an antipathy to conducting antivirus software as it’s frequently perceived as a drain on performance. Some antivirus products are also more likely to false-positives when it comes to games or sports platforms.

It’s still possible — and certainly advisable — to find a fantastic antivirus that includes “game mode” features to maintain performance high, and that won’t discourage gamers from remaining secure with false-positives.

 

MFA

Many games and vendors offer alternatives for two-(or more)-factor authentication. These should be turned on, if available.  It adds an extra step into the login procedure, sending a code into a registered email or phone number. Though inconvenient, game companies encourage 2FA or MFA for improved account safety, and some are beginning to supply in-game rewards to players who enable it.

 

How Game Publishers Can Help?

Typically, the greatest responsibility for keeping accounts protected lies with all the players. However, this doesn’t mean that developers, publishers, and distributors can not — or should not — do anything to help their players remain as secure as possible.

These are a few measures that game companies can take to maintain a high standard of cybersecurity:

cyber

User assistance and safety features

A number of the approaches gamers can use to shield themselves depend on just what the video game company in question has supplied. Multi-factor authentication is great, but only as long as the software has a framework for this. There should be support in place for users to have the ability to quickly lock their accounts when compromised, especially if financial data is demanded.

 

Backend safety

There are also features developers can implement that need never be seen by the participant. Geofencing can be an effective tool to protect user accounts and is currently employed in a number of other fields. Behavioral biometrics might also be a choice to take into account. While behavioral biometrics remains in its infancy and very costly to implement, gambling is in a unique position to explore the technology. A rudimentary form of behavioral biometrics is already employed in some matches’ cheat-detection systems, able to flag potential cheaters from inconsistencies in play. A tiny innovation could easily expand this to cybersecurity and account security.

 

Support User knowledge

There is nothing any company can do, gaming or otherwise, to induce their users to become cybersecurity-savvy. However, there is no reason not to make the information as accessible and readable as you can. An easily-accessed page of fundamental safety best practices, presented in concise and user-friendly language, would surely not go amiss. Any famous, lively threats should be declared on a game’s launch screen or main menu, along with the very best way for players to protect themselves.

 

Respect Users’ Personal Data

Data is valuable, both to legitimate data processors and to malicious actors seeking to compromise it. Mobile games and societal media apps both share the exact same reputation for collecting unnecessary data on their users, meaning that any violation results in a much larger loss than it must have been.

Many games had to shut down in the aftermath of the GDPR, as it would have been too expensive to update their sweeping data collection systems to abide by the new regulations. Game businesses, as with any company gathering or storing data on its clients, should follow best practices for cybersecurity and never collect more data than is necessary.

 

Video gaming has an exceptional sort of duality when it comes to cybersecurity. A gamer is a software user exactly like every other; he or she’s subject to the exact same security risks and threats as any other user. The identical cybersecurity principles are equally as powerful and important. However, every threat also entails an exceptional twist, including a complication that is not seen in almost any other area. Attackers have more choices to undermine a player’s security, and the players must tailor their practices to account for them. By understanding which aspects of cybersecurity are the exact same and which are different, game companies and their customers can protect themselves, and stay secure in a way of life that’s “just for fun” while still containing a real value and the potential for actual reduction.

If you need help securing your gaming computer in Port St Lucie, West Palm Beach, Fort Pierce, or anywhere on the treasure coast, call these guys