A new generation of hackers target the gaming industry
Hackers love a crowd. That's true when it comes to social media networks, government system Web sites, financial institutions, retailers and, based on recent headlines, gaming sites too.
For an industry that is projected to be worth about R1.4 trillion in 2016, gaming offers a lucrative industry for cyber criminals. "Last year, gaming accounted for one in every 50 e-commerce fraud transactions, a number that will only continue to grow alongside the industry itself," highlights Heidi Bleau, principal integrated marketing manager at RSA, The Security Division of EMC.
It was reported that Warframe and, separately, the game "Clash of Kings" were separately compromised by attacks that left more than 2.3 million users vulnerable to data and, presumably, identity theft. "While the reasons for the hackers' success is speculative, mostly attributed to security vulnerabilities, the larger issues behind the compromises loom large," continues Bleau. "Then we can't forget the wave of fake Pokemon Go apps designed to spy on mobile users' activity, including eavesdropping on phone calls and intercepting SMS messages."
Bleau says earlier this year, a wave of similar attacks against Steam, a leading digital entertainment distribution platform for many in the gaming community looking to expand their libraries, was breached. "The malware, whom many believe originated in Russia, was implemented to gain unlawful access to Steam accounts. These accounts, stolen through an exploit, became available on the Dark Web starting at around R43."
Darker reality of today's make-believe gaming world
Then there are "gambling" gaming sites which are the pure moneymakers for cyber criminals looking to cash out stolen credit cards, shut down the Web site with ransomware, or simply cheat to win.
Fault lines among developers and gamers
There is a wide divergence of opinions on why these attacks are so successful. It is, however, both a developer and a user problem. Many developers fail to take proper precautions and apply security best practices during the application development process.
"With quick dev cycle turnarounds expected, especially with gamers looking for the latest updates, it is not unheard of to see security take the back seat to user experience. This leaves many apps exposed with flaws that could potentially expose personal information," says Bleau.
"Then there are gamers (myself included) who are not always, shall I say, careful. Gamers object to anti-virus apps slowing down their machines or causing them to lose frame rate, which in turn leads them to disable anti-virus applications or remove them altogether. Gamers carelessly download ‘free' versions of popular apps that are promoted as ‘ad free' to avoid paying about R28 in fees, but instead potentially open up their devices to spyware, ransomware and other forms of malicious software. And then there are the permissions. What are we really authorising many of these apps to access on our device?" she asks.
Safe gaming guidance
Bleau lists the following simple precautions gamers can take to keep personal information safe from hackers:
Make sure the Web site you're on or the app you are downloading is the real deal. "This seems like a tip where you might shake your head and say, "Duh." But I can't tell you how many times I have seen my own friends download gaming apps touted as being the ‘free' version of a popular app because they don't want to pay a couple of rands to remove the ads," she says.
Be suspicious. Bleau cautions to treat any in-game messaging from unknown users with suspicion. She adds: "We demand our kids not talk to strangers online. Take your own parental advice."
Read permissions carefully. "I am a reformed non-reader, I admit. When I started to actually read the permissions an app was requesting, it was quite alarming. I decline apps access about 90% of the time these days. Besides, I don't want to be one of those annoying Facebook friends that allows an app to post to my page every time I crush a piece of candy, filling the news feeds of my associates. My friends don't care that I answered a question in Trivia Crack correctly," comments Bleau.
Take advantage of two-factor authentication functionality, where available. It will uniformly protect you and your data from being compromised.
In other words, if you're a gamer, treat your virtual environment as you do your real one: with vigilance and without letting your in-game experience cloud your judgment or behaviour. Most importantly, stop being cheap. If you want to remove the ads, pay the rands.
Anton Jacobsz, MD at Networks Unlimited, a value-added distributor of RSA products in more than 20 African countries, says education in this regard is key to safeguarding individuals and their information. "The gaming community is pretty clued up on staying safe; however, as more gaming apps catch on in the region due to the proliferation of smartphones and other mobile devices on the continent, it is important to highlight the risks and keep players' data and money safe."