Over the last 17 months cyber-criminals are reported to have carried out in the region of 12 billion credential-stuffing attacks against gaming websites. Here PCR talks to gaming security experts, David Emm at Kaspersky and Lars Rensing, at Protokol about why gamers need to have their wits about them.
David Emm, Principal Security Researcher, Global Research & Analysis Team (GReAT), at cybersecurity company, Kaspersky and Lars Rensing, CEO of enterprise blockchain provider, Protokol discuss the critical need for tighter gaming security in a sector that doesn’t always play by the rules.
What are some of the most common security risks to gamers?
David Emm, Kaspersky: “Contrary to many layman perceptions of hacks and data breaches, much of the risk surrounding cybercrime hinges on the victim being deceived into activity that compromises the safety of their devices, data, and personal information. Video games are no exception to this rule, and with the increasingly lucrative and competitive nature of online games, we are seeing many more tactics that involve stealing in-game inventory, or entire online profiles themselves.”
Lars Rensing, Protokol: “From a security perspective, some of the biggest risks to gamers are distributed denial-of-service (DDoS) attacks. These attacks can interrupt service, games or even tournaments, making them a serious concern.
Another threat for games is data leaks of personal information or payment information, both of which can cause serious harm.
A lesser known, but deeply impactful security risk is the risk of gamers either having their in-game assets stolen, or unknowingly buying fake items. This can be a disaster for players, as it can cut into a large chunk of their progress or stats.
For example, the spread of malware in the gaming community has been seriously exacerbated due to the popularity of pirated games, mods and online cheat codes. Often downloaded directly from unofficial sites, these can be the ideal platforms for burying harmful malware that, when installed, can take over online accounts, sell in-game inventory, and even steal financial information.
In a similar vein, phishing scams, a tactic in which spoof emails are used to cultivate log in details, is becoming a popular way to access gamers accounts, and steal in-game items.
Although potentially devastating both on and offline, avoiding these deceptive tactics is very straightforward once you are aware of them. As a rule, gamers should never trust unofficial sites or emails with their financial information, or software. We also recommend using simple online protection tools, which can prevent your browser from opening fake sites.
As the prevalence of micro-transactions and the use of real currency in video games increases, so does the need for gamers to remain vigilant.”
How can gamers protect themselves from cybercrime?
David Emm, Kaspersky: “Due to the system intensive nature of video games, we strongly recommend gamers invest in security solutions that have a minimal impact on system performance. One of the reasons that gamers don’t use security solutions, or disable them while gaming, is because they can affect the game experience. The competitive nature of online gaming has made any sort of speed lag or pop-up inadmissible to even the most casual of gaming fans. So using a security product that doesn’t impact the playing of games is really important.
Additionally, one of the biggest concerns for online gamers, regardless of ‘skill level’, surrounds being locked out of their in-game and online profiles. Anticipating this, many gamers often make the worrying decision to use less secure passwords, and even choose to opt out of two-factor authentication.
Only by taking appropriate precautions can people be truly confident that their valuable accounts are protected. It has never been more crucial to use unique, 15-character plus passwords, combining letters, numbers, and special characters. Two-factor authentication is equally important, as it makes it even harder to compromise an account.”
Lars Rensing, Protokol: “For gamers, tactics like using VPNs, ensuring software and equipment is regularly updated, or protecting their personal information with secure passwords can help to provide protection and deter cybercriminals. To prevent DDoS attacks and protect gamers, game creators, tournament organisers and eSports teams can use blockchain to create a decentralised network of devices. This means that data and computation is distributed across a number of computers, or nodes, in the network, rather than all in one centralised location. For DDoS attacks to be successful, the majority of the nodes in the blockchain network would have to be attacked simultaneously, which is almost impossible. This level of protection is revolutionary in cybersecurity, and would provide gamers with a greater level of protection.
Not only can blockchain technology protect against DDoS attacks, but it also enables data to be securely encrypted on an immutable blockchain. In practice this means that gamers can be protected against data breaches, and having their personal or payment data leaked. Solutions such as identity-as-a-service or self-sovereign identity (enabled by blockchain technology) go even further and would allow gamers to have complete control of their personal data.
Blockchain digital collectables can also help eliminate the risk of in-game assets being stolen; ownership and authenticity of these collectables is provable via the blockchain, and assets are secured in digital wallets, meaning they cannot be forged, replicated or destroyed. This means gamers can avoid losing their in-game assets. What’s more, blockchain technology enables secure transfer of payment for these collectables, further ensuring the security of gamers’ funds.”
Do you think there needs to be more warnings about the need for security in the gaming sector?
David Emm, Kaspersky: “Given that threats can impact players both directly within a game and outside of it, more awareness surrounding specific threats is needed; especially with the popularity of gaming increasing during lockdown. Namely, not all gamers are aware that as they progress their in-game profiles, they will become an increasingly attractive target for scammers.
With the nature of both cybercrime and gaming as it is, gamers should start by forming a safety checklist that includes:
- Installing an optimal security solution and not switching it off
- Updating operating system and applications as soon as updates are available
- Only downloading games, mods and other content from reputable sites
- Using complex, unique 15-character plus passwords and two-factor authentication
- Never responding to unsolicited messages
If you do all of these, you will be in a great position to know your account and devices are significantly more protected against common cybercrime tactics.”
Lars Rensing, Protokol: “Security is an essential issue that needs to be addressed for both professional and amateur gamers, and is certainly something that could be further emphasised. However, warning industry participants is no longer enough, game publishers and network providers need to do more to protect their gamers from serious threats like DDoS and data breaches, or risk losing business as more gamers decide not to take the risk.”
Read the latest edition of PCR’s monthly magazine below: