How Online Gaming Has Posed Major Cybersecurity Challenges?

Published on : 08 Nov 2021

Online gaming and cybersecurity

Online gaming is a sector often considered as a “winner” during the pandemic because it was spared from significant upheaval and actually experienced a lot of growth. However, a report called ‘Gaming in a Pandemic’ reveals that the cyber attack traffic targeting the video game industry also grew more than any other industry during the peak of COVID-19. According to the report, the video game industry suffered more than 240 million web application attacks in 2020, presenting a 340% increase from 2019.

As players engage in microtransactions to get virtual in-game items, gaming accounts are often connected to credit cards and payment processors like PayPal, which present a lucrative opportunity for bad actors. Cybercriminals who target gamers often belong to informal structures that can emulate the efficiencies of standard enterprise operations. This means it’s not just a cybersecurity problem exclusive to gaming; these malicious actors have the resources to attack other individuals and businesses. Here are three ways online gaming can pose major cybersecurity challenges-

Malicious threats

Cybercriminals can conceal malicious payloads and links into various virtual products, like cheats that help improve game performance, then sell these to unsuspecting players. These malicious goods can cause ransomware attacks and collect player information. Recently, a new malware called Bloody Stealer emerged in the gaming scene; for $10 a month, malicious actors can harvest account and session information from all major PC gaming platforms — and its uses can extend beyond PC gamers.

BloodyStealer’s capabilities include exfiltrating files from victims’ desktops, and capturing usernames, passwords, and bank account information from web browsers. According to a book published by Springer International Publishing, deep learning and artificial intelligence may be able to help cybersecurity experts defend systems from malware, but it may take some time to learn and implement these state-of-the-art techniques in the mainstream.

Social engineering

Social engineering tactics manipulate individuals to give up confidential information, and it is frequently used against teenage gamers who lack knowledge about online threats. As these young gamers are often active in social communities and have high disposable incomes, they are easy prey for cybercriminals. In his book about dark psychology on Scribd, author Adam Brown describes how malicious actors often use dark psychology techniques to motivate, persuade, manipulate, and coerce others to get what they want.

 A hacker may use online gaming communities to “befriend”, then manipulate unsuspecting users to give up passwords or answers to their security questions. Unfortunately, many adults outside the gaming community often fall victim to social engineering techniques as well.

Vulnerable accounts

Account takeover is a type of fraud where a malicious third party gains access to an online account, usually through a widespread phishing attack. Hackers perform account takeovers to steal victims’ virtual items, weapons, and other in-game accessories, or exploit in-game payment codes and trick players into divulging their financial information. This identity fraud type of attack is popular in apps that use third-party payment aggregators.

If a hacker manages to phish your gaming password from you, it can leave all of your accounts vulnerable if you are using the same password for every site. And as described in an interview with VISTA InfoSec founder Narendra Sahoo, many adults are working on their son’s and daughter’s laptops, while other parents are letting their children play games on office laptops — which can expose sensitive company files to account takeover or ransomware risks.

Modern cyberattacks, even if they seem to concern only specific groups like online gamers. These cybersecurity issues are expected to become more frequent and sophisticated, so consult with VISTA InfoSec and let our experts guide you through the best cybersecurity practices.

5/5 - (2 votes)
Narendra Sahoo
Narendra Sahoo

Narendra Sahoo (PCI QPA, PCI QSA, PCI SSF ASSESSOR, CISSP, CISA, CRISC, 27001 LA) is the Founder and Director of VISTA InfoSec, a global Information Security Consulting firm, based in the US, Singapore & India. Mr. Sahoo holds more than 25 years of experience in the IT Industry, with expertise in Information Risk Consulting, Assessment, & Compliance services. VISTA InfoSec specializes in Information Security audit, consulting and certification services which include GDPR, HIPAA, CCPA, NESA, MAS-TRM, PCI DSS Compliance & Audit, PCI PIN, SOC2 Compliance & Audit, PDPA, PDPB to name a few. The company has for years (since 2004) worked with organizations across the globe to address the Regulatory and Information Security challenges in their industry. VISTA InfoSec has been instrumental in helping top multinational companies achieve compliance and secure their IT infrastructure.