Hackers love a crowd. That's true when it comes to social media networks, government system websites, financial institutions, retailers, and, based on recent headlines, gaming sites. For an industry projected to be worth nearly $100 billion in 2016, gaming offers a lucrative industry for cybercriminals. Last year, gaming accounted for 1 in every 50 e-commerce fraud transactions, a number that will only continue to grow alongside the industry itself.
As reported, Warframe and, separately, the game "Clash of Kings" were separately compromised by attacks that left more than 2.3 million users vulnerable to data and presumably, identity theft. While the reasons for the hackers' success is speculative - mostly attributed to security vulnerabilities - the larger issues behind the compromises loom large. Then we can't forget the wave of fake Pokemon Go apps designed to spy on mobile users' activity, including eavesdropping on phone calls and intercepting SMS messages.
Earlier this year, a wave of similar attacks against Steam, a leading digital entertainment distribution platform for many in the gaming community looking to expand their libraries, was breached. The malware, whom many believe originated in Russia, was implemented to gain unlawful access to Steam accounts. These accounts, stolen through an exploit, became available on the Dark Web starting at around $3.
Fault Lines Among Developers and Gamers
There is a wide divergence of opinions on why these attacks are so successful. However, it is both a developer and a user problem. Many developers fail to take proper precautions and apply security best practices during the application development process. With quick dev cycle turnarounds expected, especially with gamers looking for the latest updates, it is not unheard of to see security take the back seat to user experience. This leaves many apps exposed with flaws that could potentially expose personal information.
Then there are gamers (myself included) who are not always, shall I say, careful. Gamers object to antivirus apps slowing down their machines or causing them to lose frame rate which in turn leads them to disable antivirus applications or remove them altogether. Gamers carelessly download "free" versions of popular apps that are promoted as "ad free" to avoid paying the $1.99 fee, but instead potentially open up their devices to spyware, ransomware and other forms of malicious software. And then there are the permissions. What are we really authorizing many of these apps to access on our device?
Safe Gaming Guidance
While we can't change shortcuts a developer might take in sacrificing security to meet time to market demands, we can be good noodles and take some very simple precautions as gamers to keep our personal information safe from hackers.
- Make sure the website you're on or the app you are downloading is the real deal. This seems like a tip where you might shake your head and say, "Duh." But I can't tell you how many times I have seen my own friends download gaming apps touted as being the "free" version of a popular app because they don't want to pay a couple of dollars to remove the ads. Or need I mention my son's attempt to download the "free" version of Minecraft and I got instead on my laptop.
- Be suspicious. Treat any in-game messaging from unknown users with suspicion. We demand our kids not talk to strangers online. Take your own parental advice.
- Read permissions carefully. I am a reformed non-reader, I admit. When I started to actually read the permissions an app was requesting, it was quite alarming. I decline apps access about 90% of the time these days. Besides, I don't want to be one of those annoying Facebook friends that allows an app to post to my page every time I crush a piece of candy, filling the news feeds of my associates. My friends don't care that I answered a question in Trivia Crack correctly.
- Take advantage of two-factor authentication functionality, where available. It will uniformly protect you and your data from being compromised.
In other words, if you're a gamer like me, treat your virtual environment as you do your real one: with vigilance and without letting your in-game experience cloud your judgment or behavior. Most important, stop being cheap. If you want to remove the ads, pay the two dollars.
Author: Heidi Bleau
Category: RSA Fundamentals, Blog Post, Securing the Digital World
Keywords: Authentication, Cybercrime, Cybercrime and Fraud, Fraud, Malware