Is The Gaming Industry In The Cross Hairs Of Cyber Criminals As Their Next Big Target?

The gaming industry, worth over USD 100 Billion, has been the target of crime almost for as long as it has existed. However, with the change in the nature of games and the gamer’s base, what also changes is the kind of crime that the industry is subjected to.

While until now, game piracy and illegal copies of games have been the primary motives of the illicit players in the market, yet, their focus in crime might just be about to shift from the game developers to the game players.

The Changing Trend In Cybercrime

Trends in the recent times have proven that the game hacking business is becoming quite lucrative for cyber criminals, and the gaming community is by the day becoming an attractive target.

A reason for this is the fact that the gaming industry is comparatively fluid, in comparison to financial services and retail. “Whereas other industries now have cyber security rules, regulations and standards to adhere to, online video games are just now recognizing that in-game cyber attacks exist and are harmful to both revenue and reputation,” stated a report by Panopticon Labs in regard to cyber security.

A case in point here would be that of Steam.

A Case Of Bad Steam

Steam is a platform that was started by a company called Valve as an e-store for video games. It consists of about 125 million active users, and thousands of games. You can of course buy games there, but there is also more than you can do — like trading cards, and other valuable goods attached to game user’s accounts.

The last part is where the catch lies. Since you can now trade goodies attached to your user profiles on various games, these user profiles have also become important, meaning they have also become vulnerable to the target of hackers in the market.

This fuelled the development of Steam Stealer, a new breed of malware that is responsible for hijacking millions of user accounts. Once a hacker gains access to a user’s profile, he of course has access to the financial information of the user, as well as any assets stored in the account. He can simply sell them on Steam Trade, make money, and walk away.

In some cases, these goodies sell for hundreds of dollars, if not more, making it a considerable market in itself. Reportedly about 77,000 accounts are stolen and broken into every month on the Steam platform alone, for the goodies associated with the video games.

… And Other Diseases

Steam, of course, has not been the only platform under attack by cyber criminals. Origin, by Electronic Art, is another platform that suffered a major attack recently. They, however, have refused to confirm it. VTech’s gaming platform, used to download games to the firm’s range of child-friendly tablets was also under attack not too long ago.

To put all the cards on the table, however, gaming platforms are not the only ones that get attacked. Kaspersky, the Moscow-based anti-virus software firm, whose research I have extensively used for this article, was also recently attacked! The hackers were allegedly after intelligence about nation-state attacks the company was investigating, along with information regarding how the company’s software worked.

The Enlarged Pool

Research led by Kaspersky (whose main focus is cyber security), in this regard has shown even scarier figures. They have reported about 1,200 types of the malware.

Specially highlighting Steam Stealer, they stated that it is delivered through run-of-the-mill phishing campaigns, infected clones of gaming sites such as RazerComms and TeamSpeak or through fake versions of Steam extensions, developed the internet browser Chrome.

What’s more is that now malware is available on the black market for extremely low prices, which can enable even the unsophisticated internet users susceptible to using them for the buck involved, enlarging the pool of cybercriminals in the process.

And that is just with the platform Steam, only a miniscule fraction of what might be out there for the gaming market as a whole!

The Vulnerability Factor

The games and users are vulnerable alike, but the basic question is that of “why”.

The truth of the matter is that game developers do treat security in their games with importance, but it is not of the utmost on their priority lists.

Developers and publishers are still focused on hardening their code against reverse engineering and piracy, mostly because their brains are still hardwired to protect themselves against piracy, while the rising threat of data breaches against games and gamers aren’t getting enough attention. Users, on the other hand, also have their issues to deal with, in regards to security.

While Pontiroli, the researcher from the Kaspersky team, did point a finger at the developers, he also pointed a finger at the game players, stating, “There’s this view from the other side of the table — from gamers — that antivirus apps slow down their machines, or cause them to lose frame rate.” He believes that this prejudice leads gamers to disable anti-virus software on their gaming devices, making them further vulnerable. “Nowadays you just need to realize that you can lose your account and your information”.

Can We Do Anything?

There is always something to do. Efforts in most regards are obviously already being made but there is a long way to go.

A Guard For The Case Of Bad Steam

Steam, for example, has rolled out Steam Guard, a shield against account hacking, and is also offering two-factor and risk-based authentication through the Steam Guard Mobile Authenticator. They have also added new regulations such as a15-day hold on traded items in order to mitigate the risks of fraud in addition to various levels of email confirmations.

Even with all of this, in place, however, there is still the problem of awareness, and the lack thereof.

The Awareness Issue

“While the security features do provide a certain level of safety to their users, not all are aware of their existence or know how to properly configure them”, says Pontiroli. “Even with all the solutions in the world you still need to create awareness among the gaming crowd”.

On The Publisher’s Front

One thing that the publishers can do is fight back and eliminate fraudulent or harmful activities, provided they get a head start in securing their games and are dedicated to keeping bad players out after they’re gone.

They need to work more on securing their games against account hacks, and not just against piracy. As Kaspersky’s Pontiroli puts it, “Security should not be something developers think about afterwards but at an early stage of the game development process. We believe that cross-industry cooperation can help to improve this situation”.

On The External Security And Protection Front

As for the users concerned, they must stay up to date with the gaming market, and use advised anti-virus software, in addition to other precautions.

Even the anti-virus companies are getting in line, and providing most software with a ‘gaming mode’, that allows players to keep their antivirus software active but avoid receiving notifications until the end of their session.

There are firms, such as Panopticon, that are working on in-game security solutions, that distinguish suspicious in-game activities from normal player behavior through anomaly detection and analytics. This wouldn’t be quite different from what is used by financial and banking services.

The Final Word

Every online game and platform has become the target of cybercriminals, and the truth remains that no one is safe. The only guard, in the true sense, is awareness about what kind of crime, and protection, are out there, so that you know the streets before you are out on them.

Originally published at Chip-Monks.