Almost everyone lives with at least one video game enthusiast. If you’re a parent, you probably live with a few. The proliferation and popularity of gaming has led to a massive increase in gamer attacks since the start of the pandemic.
Gaming Has Gotten Huge
Cyber criminals love a large attack surface. Today, more than 215 million Americans play video games regularly. Three-quarters of these players are over 18 which means that well over 50 million are kids. This is a virtually bottomless pool of potential victims, many of whom are young and gullible.
Another way to look at the scope and scale of gaming is through the amount of money involved. Game developers have focused on making their products cross-platform compatible which means more people are gaming in more places and more frequently than ever. The cloud gaming market grew to $244 million in 2020 and is poised to expand to $21.95 billion by 2030.
As gaming has grown, so have gamer attacks. A report from Akamai explored the breadth and depth of such attacks. It found that from May 2021 to April 2022 there was a 167% year-on-year increase in web application attacks. These attacks exploit vulnerabilities in online programs like mobile games. And Kaspersky Lab found a 13% increase in malicious software attacks on games in the first half of 2022.
Gamers are Great Targets
A Norton survey revealed that 47% of American gamers have experienced a cyberattack to their device or gaming account. Three-fourths of those attacked lost money as a result. (An average of $744!) The same survey shows that gamers struggle with following basic security guidelines. They repeat passwords, share personal info (like names and birthdates) online, and download add-ons from dubious sources.
Gaming itself is not any less secure than other ways to be online. But sometimes, when a thing is just for fun, we can forget that it involves risk. Making big online purchases, filling out health forms, and applying for financial products all feel like serious business and likely have you on some level of alert. But logging in for a session on your favorite Minecraft server is the definition of downtime–a moment to relax and stop thinking about the ways the world is out to get you.
Another reason that gamers are such great targets is that many gamers are kids. And kids are gullible! They can easily be lured in with a cheap (or free) game download or cool in-game upgrade. They have even less discretion than adults at leisure. And, because they are likely to live in a home with an adult using company-issued devices, kids can be the gateway to lucrative corporate targets. (More on that later.)
Types of Attacks
The usual suspects are typically at play in gamer attacks. Phishing, ransomware, malware, and hacking accounts to steal personal information and in-game assets are all common. PC gamers are also vulnerable to cryptojacking. Avast estimates that hackers in the Czech Republic have made over $2 million with cryptojacking malware called Crackonosh.
A huge amount of money is tied up in the gaming community. There are microtransactions within games that can be compromised. And, believe it or not, online gaming currencies have been used in money laundering schemes.
Last year, researchers uncovered a huge number of Trojan Horse virus files hidden within a scripting engine for Roblox cheat codes. The tool installs an executable file and gives the program wide latitude to change data on the host computer and even send information back to the hacker.
From Home to Office
As if working from home with kids wasn’t hard enough… Now there’s a chance that your kid’s gaming habits could put you at the epicenter of a cyber attack on your employer.
The main concern is kids (or adults) playing games on devices like phones, tablets, or laptops that are connected to company servers. In the case of the Roblox Trojan attack mentioned previously, a device connected to OneDrive would be a premium target of interest.
Preventing Gamer Attacks
Most of the strategies for preventing gaming related cyber attacks are the same as for any other type of attack. But because gaming is at stake, be sure to get the kids involved. This is a great training ground for good cybersecurity practices in other areas too.
- Always use two-factor authentication when logging into…anything.
- Use a unique, strong password or passphrase for every account. (A password manager makes this easier!)
- Only download games from official stores like Apple App Store, Google Play, etc. (Tell the kids to ask mom or dad if they are not sure what is an official store.)
- If a game can only be purchased directly from the manufacturer, shop directly on the company’s website and check the URL to make sure you aren’t on a spoofed site.
- Beware of potential phishing schemes. Don’t click on links in emails or in game chat. Do NOT open files from strangers.
- Update your OS and any other software as soon as you become aware of an update.
For employers, avoid Bring Your Own Device (BYOD) policies unless there is no other way for the business to function. If you must allow outside devices, consider limiting it to phones and using a strong mobile device management (MDM) solution.