Hackers, Scammers and Thieves – Understanding Cybersecurity in the Gaming Industry

Hackers, Scammers and Thieves – Understanding Cybersecurity in the Gaming Industry

Articles about cybersecurity in the gaming industry always quote eye-popping figures to illustrate that DDOS attacks are one of the biggest problems in the industry. But here’s the thing: while DDOS attacks cause companies to lose revenue, it remains a well-known business risk, and gaming companies are set up to deal with the fallout.

Players, on the other hand, face more savage threats. Their problems are smaller, but the damage is personal and can be financially and emotionally devastating. There’s a vast difference between a bit of frustration at a server that’s down because of a DDOS attack and logging in to find that your account has been zeroed, you’ve run up thousands on your credit card bill, or that your account has been hijacked and is lost forever.

One of the most significant risks to players is Man-in-the-Middle (MITM) attacks, which, ironically, can be easily prevented if only someone at a gaming company would stand up and say: “Hey, folks, use a VPN on PS5 to avoid some of the common risks in the gaming community!”  Has the time come for gaming companies to force gamers to use more secure ways to connect to gaming servers?

Hackers are gamers, too – they know how to trap their prey

Almost every hacker alive starts on some online game, looking for ways to gain a personal advantage over their fellow players. It’s a fantastic place for wannabe hackers to learn how to write automated tools and practice their social engineering and phishing skills, which they will one day use to steal login details, do account takeovers, steal in-game digital assets, or snatch private information and credit card details.

The damage for affected players ranged from zeroed accounts and massive credit card bills to being doxed online and threatened IRL.

Common techniques to attack individual players

Apart from the oft-quoted DDOS attacks on gaming servers, there are three important ways hackers attack gamers on a personal level.

1.    Man-in-the-middle (MITM) attacks:

That’s when attackers intercept and alter the data flow between the game and the server. Players run this risk every time they use a non-secure or non-encrypted Wi-Fi or data connection to play. Skilled hackers can alter a gamer’s experience by, e.g., changing a hit to a miss in a shooter game or allowing a player to take shortcuts through walls. But, on a more pedestrian level, that’s one of the main ways attackers steal login credentials, credit card information, and other sensitive data.

Defense:  This threat can be defeated by using a VPN to secure their connection to the game. A VPN encrypts the data flow and passes it along a secure communication channel to prevent hackers from snooping on what you’re doing. In a perfect world, gaming companies would use app attestation to allow only highly secured, encrypted connections to their network API.

2.    Phishing and social engineering:

Gaming companies generally do a great job of layering their protection measures to make it more complicated and expensive for attackers. They moderate and manage mods, use cutting-edge technology to make hacking more difficult, and can identify and block problem accounts. But they should never forget the gaming community’s Achilles heel: Gaming is a deeply emotional experience, and attackers know this because they are usually gamers.

Attackers know that some players will do almost anything to win and that most players will be at least deeply tempted to try something that might give them an edge. And that’s why players fall for phishing scams, promises of cheats or bots, or spam links. Don’t trust links, even if they come from a gamer friend. Use the mouse-over function to discover complete URLs before you click.

Defense: Fortunately, players can mostly defeat this threat by using a reputable VPN to secure their connection to the game.

3.    Structured query language (SQL) injection:

It injects hostile code via in-game vulnerabilities to, e.g., log in with a stolen username without knowing the password. The attacker can tamper with the game’s data, steal login credentials, or access players’ accounts and inventories.

Defense: This runtime environment risk lies entirely within the game developers’ responsibility. This is where companies who use a privacy-focused software development approach can gain an edge.

Remember the basic cybersecurity rules for gaming

Players can effectively counter at least two of the three main gaming attack avenues using a VPN to secure their connection to the gaming server.  Apart from a secure connection, players should also practice basic cybersecurity hygiene whenever they log in:

  • Keep your identity fuzzy: Use a pseudonym to play, and don’t connect your social media accounts to games. Don’t overshare!
  • Protect your IP address: Use a gaming-optimized VPN to protect your location
  • Share less: Don’t make it easy for identity thieves to steal your data or identity. You could become a victim of swatting.
  • Use legal software: Pirated games usually come with a backdoor to let in malware and viruses
  • Install antivirus software: Endpoint protection for all your devices
  • Make it complex: Use Multi-factor authentication (MFA) and complex, unique passwords to secure your accounts.

The risks are real: Be careful

While gaming companies generally do a lot to protect players, perhaps the industry could do more to inform players about the dangers of insecure connections which can deliver malware and lead to account takeover, identity theft, and swatting. Gaming companies should be encouraging players to secure endpoints with commonly available security tools such as VPNs.


Related Posts