Millions of people escaped the drudgery of
the
COVID-19 pandemic’s first year by turning to video games, where they could
cast spells, kill zombies, and compete as their favorite athletes.
اضافة اعلان
These virtual worlds also lured a different kind of
enthusiast — the kind who sought to steal people’s personal information and
real-world dollars.
In recent months,
cybersecurity firms have warned
that cybercrime in gaming has increased substantially since the start of the
pandemic, and that the vulnerabilities — for game studios as well as players —
are far from being vanquished.
“When you add more users or devices or applications
to a user pool, you’re creating a larger attack surface,” said Tony Lauro,
director of security technology and strategy at Akamai Technologies, a content
delivery company that hosts large swaths of the internet. “In general, that is
what is driving this massive increase over time.”
An Akamai report published in August said web
application attacks, which exploit vulnerabilities in online programs like
mobile games, were up 167 percent from May 2021 to April 2022 compared with the
same period the year before. And a report last month from Russian cybersecurity
company Kaspersky Lab found a 13 percent increase in malicious software attacks
on games in the first half of 2022 compared with the first half of 2021.
The range of attacks and targets in gaming is
enormous. Gaming companies can lose huge batches of data, and their games can
be taken offline temporarily. Individual players can lose game progress, money,
and sensitive personal data.
Jessica Geoffroy, 29, was in some ways lucky that
guilt was the main penalty she faced after she was hacked in December.
She realized something was wrong after she received
a flurry of phone notifications from friends asking why she was still sending
messages on Steam, a popular gaming platform, after she had gone to bed.
When Geoffroy found that she couldn’t log in to her
Steam account, she knew she had been hacked.
“My heart was racing,” she said. “I thought, ‘Oh,
God, what if they get my bank account information? What if they hack my friends
and get their bank account information?’ — not knowing how far this is going to
go.”
Fortunately, Geoffroy was able to reset her password
that night. Nothing appeared to have been stolen, she said, but she felt
“horrible” that the hacker had sent messages to her friends with the same
compromised link that she had mindlessly clicked on — which another friend
originally sent to her. That friend’s account disappeared after the link was
sent, and she has not been able to get in contact with that person.
“A lot of people I know don’t think this stuff is
going to happen to them,” she said. “They don’t realize it can happen and it
will happen.”
When you add more users or devices or applications to a user pool, you’re creating a larger attack surface
Justin Cappos, a professor of computer science and
engineering at
New York University, said one thing that makes the gaming
industry vulnerable is that developers are not hired to create secure software.
They are hired to deliver games fast and frequently.
“If you are writing code that is meant for security,
you often will spend a lot of time checking certain aspects of what is
happening in the program to make sure everything is OK,” Cappos said. “You
probably won’t have that same way of working through things if your primary
goal, the main thing you care about, is to be fast.”
According to the Akamai report, gaming is the
industry most hit by distributed denial-of-service, or DDoS, attacks, in which
an attacker uses an automated technique to overwhelm servers with requests,
severely slowing down the service or taking it offline altogether. These
attacks can eat into a company’s bottom line as it scrambles to restore access
and address customer complaints.
Akamai warned that as the gaming industry expands,
it will attract more cybercrime.
“Financial crime is happening to younger and younger
players all the time because they are in the gaming ecosystem now,” Lauro said.
Not all attacks involve exploiting source code or
crafting compromised links. Some are just straightforward scams. Lauro said he
once paid for a prize for his son on Roblox, an online game platform, and the
prize never showed up. But the transaction was so small — less than a dollar —
that his son was not really bothered by it, and Lauro knew that law enforcement
would not be, either.
“Little transactions of 60 cents here, there — who
is going to investigate that?” he said.
For the person running such a scam, thousands or
more of these payments, or microtransactions, can net a high reward. Lauro and
other cybersecurity firms have said that fraudsters often target small in-game
purchases, which have become more popular in recent years, although there have
been no major studies on how common these scams are.
Kaspersky warns that cheat codes are also a major
threat for gamers: Criminals can use fake cheat programs to disable a target’s
computer and steal information. In Kaspersky’s analysis of threats to 28
popular games, the company found thousands of files of this type, which
affected more than 13,600 people from July 1, 2021, to June 30, 2022.
Kaspersky itself has come under scrutiny,
underscoring the murky complexities of cybersecurity. In March, the
US Federal Communications Commission added the company, which is based in Moscow, to a
list of communications services it considers national security threats. Kaspersky
said the decision was made “on political grounds”. In any case, the company’s
gaming research is consistent with other reports on the industry.
Game studios have also struggled to fend off
attempts to steal their users’ data, take their games offline, or leak their
game code. In these attacks, hackers may use the stolen information as ransom
or try to auction it for huge sums of money.
In June 2021, a hacker stole game code from
Electronic Arts, the maker of the FIFA and Sims series. The stolen information
was put up for auction with a starting bid of $500,000, according to a
cybersecurity expert who spoke with the New York Times.
Rockstar Games, another prominent video game maker,
disclosed last month that “an unauthorized third party illegally accessed and
downloaded confidential information” from its systems, including unfinished
footage from the next game in the Grand Theft Auto series.
In July, Bandai Namco, which publishes popular
titles like Tekken and Elden Ring, said it was hacked. After an investigation,
the company said this month that it could not rule out “the possibility of
external leakage of information”.
Mayra Rosario Fuentes, a senior threat researcher at
Trend Micro, a cybersecurity company, said in an email that the big gaming companies
are prime targets because they make billions of dollars and have huge pools of
customers.
“Cybercriminals know they do not want customers
upset if their game goes offline, which then makes it to the media and could
hurt revenue,” Fuentes wrote.
Fuentes said gaming companies needed to patch
vulnerabilities in their code, improve employee training about hacks, and look
out for online leaks of employee credentials.
She and the other cybersecurity experts interviewed
for this article said that, despite the increase in threats, gamers could take
steps to protect themselves: Use two-factor authentication, do not reuse
passwords, and keep software updated.
Read more Gaming
Jordan News
