In the past few decades, the video game field has undergone earth-shaking changes. These changes also lead to the giant changes in the field of network threats, while game companies, games themselves, and players have begun to face these threats.
Cloud, mobile apps, and social networks, the diversity of games, and platforms, the popularity of streaming media, and variations in profit models for resource integration, these factors means that the attacks in the game industry have to be larger than ever. . Therefore, it is important that game companies must prepare for players to prevent threats and let them understand the types of threats that may face.
Whether using the loophole in the game platform, it is still bundled with the malware and the game, making advertising fraud, using the gamer’s credentials to phishing or carry out fraudulent activities, in all, in all aspects of the game industry, attackers can use A variety of potential threats for online crime.
Using software connection games and hosting platforms are already very common. Safety vulnerability risks in the software may be utilized by gamers and external attackers.
When the security software has failed, the company must repair the vulnerability and issue a patch as soon as possible. In August 2019, the researchers announced a 0day proposed vulnerability in a popular game, and the vulnerability was disclosed but did not repair. At the same time, a large video game company was prosecuted by vulnerabilities in its software, because the attacker used this vulnerability to fraudulently charge the customer credit card. If this is a online multi-person role playing game, the number of affected customers will reach millions.
Therefore, it is important that companies that provide game platforms and software must implement an effective vulnerability management program, which should include a comprehensive review of the vulnerabilities disclosed in third parties so that the necessary updates can be issued in time.
From the perspective of the game player, even if the vulnerability patch is released, if there is no timely software update, then it is not good to protect them. Therefore, the player must install all published updates as soon as possible.
On the application of the patch update, in order to prevent players from delaying updates, some companies such as Sony are disabled access to most applications and content until the player applies patch. This method can help reduce the risk of game platforms and users.
Recently, attackers have begun to use the game infrastructure and services, hidden in legitimate traffic in legal traffic.
One of the platforms used is Discord, which is a voice and text chat application for gamers. In October 2019, with the discovery of SpideyBot malware, the first case with DISCORD was also exposed. In addition to latter-door operations for local legal Discord applications, the malware also uses DiscordWeBhook to communicate and control (C & C) communications with infected hosts.
A month later, in another case of the report, a report on multiple malware infections using Discord was released. Among them, an attacker hosted its malicious file using its content distribution network (CDN). By sending malware payloads in the Discord message, an attacker can generate a link on the Discord legitimate field, and then send the link to snail the victim without the detection of the URL filter.
These cases show that companies need to ensure their own security and reduce the risk of distributing content or providing public API access. This means to protect the API token, implement anti-virus on the CDN, or create a flow used to identify and clear malicious content or accounts. Gamers using third-party services (such as chat platform) should be careful when clicking the unknown player’s link, even if the link is directly related to the platform they use.
As many streaming media platforms provide advertising income to their creators, people will find ways to increase the number of views. Some users may try to do this through illegal means.
I recently found a malware framework to introduce traffic into a particular YouTube video or TiWTCH platform. The company should monitor whether there is abnormal traffic in its network, which indicates that illegal activities may be present.
In a report in March 2019, Valve found that an attacker used a vulnerability infected with a vulnerability in a game called Counter-Strike and made unique fraud. After infection with the computer, this malware uses a variety of technologies to promote the game server. This feature is then sold to a legitimate game server owner as a service, so that its server will appear in the list of more users. It is worth mentioning that the traffic pattern related to the extensive botnet can help the company will ban illegal operations faster.
This is one of the most common attack methods, and the game players cannot be spared. There are a variety of topics for online phishing activities for gamers. In some cases, the attacker only uses the attraction of equipment or hang to induce the victim to pay for counterfeit products. If this temptation is quite credible, then the player will reveal the credit card information to these attackers, and then find that they have been cheated.
In other cases, network fishing attacks may be for the account credentials of the game player. These accounts have brought various benefits to attackers. These accounts may store credit card credentials to steal these credentials and used elsewhere. If there are high-class characters or rare items in the account, attackers may sell them to benefit. Finally, the account may be just used to take over the account, so the legal account can come with spam or fraud. Despite the partial responsibility of defending such an attack lies in the game players, the game companies also need to give full play to a positive role.
In order to reduce the opportunity to successfully obtain account credentials online fishing, the company should provide a multi-factor authentication (MFA) option to the game player. For the company, it is also a good idea to notify the current known online fishing event for its players. For platforms requiring higher security levels, gaming companies can choose to implement a security solution to help verify legal players and block malicious activities.
Dark network game voucher
IBM’s X-Forceiris researchers conducted a dark network research, investigating the latest examples related to the gaming industry, undermine. In February 2020, they identified two types of dumps. A dump is a set of 881000 credentials for a variety of game player accounts, including accounts for video games and platforms. In another dump, nearly 33 million user credentials are disclosed from the platform of mobile and online game developers.
With the recent cross-platform games, attackers have noticed that there is a chance to use social engineering, using game temptation to attract player users. Typically, this requires distributing seemingly legal payloads, popular games, and Trojans applications. In fact, attackers have infected these applications with malicious code.
For example, this popular game ApexLegends can download on mobile through developers’ websites. However, an attacker has established a similar website and claims that they are legal to deceive players. If the player accesses the fake website, the downloaded payload hidden spyware, which can infect their equipment or steal their credentials with fishing content.
An example is raised, the Baldr Trojan disguised into tools hang in the game, but in fact, it can steal information. Similarly, the attacker also begins to use the so-called FortNiteCheats means to infect player equipment and steal data.
Similar to phishing activities, most of the defense measures against these attacks require players’ vigilance. However, by increasing security (eg, MFA) to protect the player identity and make the player understand the known threat, such an attacker’s success will be greatly reduced.
Most gamers know that the zombie process will harass the social aspects of the game platform. It is not uncommon to start false dialogues and invitations using zombie procedures. This problem has lasts for a long time, especially related to PlayStationNetWork and Xbox Live Spambot events.
Use botnet to disseminate adult content or redirect users to the specified malicious page. When this situation is widely emerged, the social network of the game platform will gradually be unbeaten.
If these platforms have a minor, the problem is more serious. Game companies can announce the specific circumstances of malicious content and zombie procedures, but perhaps, it can also take more positive attitudes, early detection and preventing such situations again, so that players will never encounter such problems again.
The game industry continues to expand the attack surface
The game has become more common part of our culture, so it is increasingly attractive to attackers. Whether it is a network fishing attack, malware distribution, or vulnerability, fraud activities, these are attackers can profit from gamers and companies. Although not like a financial industry, game companies will not be considered to be the primary goal of the global attack pattern, but all kinds of threat attacks are endless, so gaming companies and players should understand related threats and prevent such attacks.