Online gaming flourished especially during the global COVID lockdowns, as it provided a much-needed outlet for entertainment and social interaction, with hundreds of thousands of new accounts created and new communities born.
Obviously, this was a boon to would-be hackers, with an estimated 1 billion online gamers worldwide in 2020, with China, South Korea, and Japan having the biggest online gaming reach amongst the population according to Statistic. They estimate that by 2025, online gaming audiences are projected to surpass 1.3 billion.
Cybersecurity firm Check Point warns that now that gaming is one of the world’s largest entertainment industries, it is also one of the major targets of cybercriminals. Companies in the gaming industry that have fallen victim to cyberattacks include CD Projekt Red, Electronic Arts and Ubisoft. This is because gamers often hand over as much personal information to companies in this industry as they would to their employer, bank or when online shopping.
“Video games are an open door for many types of cyberattacks and taking extreme precautions is no longer an option but a necessity. Having two-factor authentication to access the account, installing protection software or knowing the signs of a phishing attack are key to avoiding becoming the next victim. Online games are becoming more and more popular and by using them on a daily basis, it is very easy to let your guard down and become overconfident. The main problem is that cybercriminals are always alert and will not miss an opportunity to strike,” says Pankaj Bhula: Check Point’s EMEA Regional Director: Africa.
There are a few different reasons why a cybercriminal targets gamers:
- To sell your virtual assets for real-world money – Cybercriminals will often breach gamers’ accounts and steal their virtual goods in order to then sell them to other users for real-world money. In many ways, video game economies have essentially been the forerunners of cryptocurrencies. It should always be kept in mind that the virtual money earned in a game cannot be used in the real world, but it has a value to gamers and be traded.
- To steal games from your inventory – Many games are published, sold and authenticated online via platforms such as Steam, Origin and GOG Galaxy. CPR reported on major vulnerabilities in popular Valve games networking library, which if exploited could take over hundreds of thousands of computers without needing users to click on phishing emails, as victims will be affected by simply logging onto the game. People will typically manage all of their purchases from a single account, and long-term users are known to have libraries with hundreds of games. Cybercriminals will sometimes hack into accounts to steal some of these games for their own use.
- To gain as much information about you as possible for identify theft and bank fraud – With online transactions and monthly subscriptions, there is a lot of financial information at play, which is attractive to cybercriminals. Sometimes they can even track information as sensitive as your location or listen into phone calls in the case of a mobile game.
So, how can you stay protected? Here are three key tips from Check Point:
- Use two-factor authentication (2FA): Many games make it easy for attackers to do their job; often, simply looking at another participant will reveal their username. For example, Battlefield 5 has a competitive mode for up to 64 players, meaning that a single game provides a cybercriminal with up to 63 usernames with which to test common or default passwords. It’s important to have two-factor authentication enabled – when a separate code is required if logging in from a new device – to keep accounts secure.
- Beware of phishing: Phishing campaigns frequently target users of popular games. A common tactic used by cybercriminals is to create a fake login page, or to impersonate a friend and attempt to send malicious links via chat platforms. The shared interest in video games lends credibility and builds trust. Make sure to look out for anything that doesn’t look right and never click on any links.
- Beware of ‘too good to be true’ promises: In this world, malware propagation vectors often coincide with phishing methods. If Steam chat can be used to spread links to fake authentication pages, it can certainly be used to send links to unintentional or ‘drive-by’ malware downloads. In the case of competitive gaming, many players can be convinced to willingly download malicious applications that promise ‘cheats’, hacks or other ways to gain advantage over other users. You need to be aware of any such offers and only download applications from official app stores. Add to this the risk of malware managing to spread to devices connected to a corporate network, and the danger is much higher.