The global pandemic has seen online gaming sky-rocket as a favourite pastime in lockdown and isolation. On 4 April 2020, shortly after the first wave of lockdowns were imposed on nations worldwide, the online gaming platform Steam reported a record-setting day with 24 million players online, of which 8 million were playing simultaneously.
What was already a $159 billion industry in 2019 is projected to reach $200 billion by 2023.
Cheating: the nightmare of game developers
With the ever-increasing popularity of online gaming, unfortunately comes another phenomenon that spoils the fun, which is cheating. In their study Cheating in Online Games: A Social Network Perspective, the University of South Florida defined cheats as “software components that implement game rule violations, such as seeing through walls or automatically targeting a moving character.”
Aimbots and wallhacks are the most common forms of deceiving in online shooters because they give new players or players who are less proficient in the game a significant advantage over others. Some cheats are more obvious than others. Wallhacks, for example, can stay undetected for months.
As avid gamers at The Missing Link, our team have experienced our fair share of cheaters who are able to see through walls, control our gun’s recoil or shoot people far away without missing.
What exacerbates the problem is that cheats are bought and sold online, and players can find them easily. So it comes to no surprise that cheating is one of the biggest nightmares for game developers who are trying to stop hackers who search for vulnerabilities in a game’s code to get special advantages. Because if players are frustrated because they can’t win a game, they will often switch to other games, which can hurt the developer’s profits.
With millions of people playing online throughout the year, hackers also used credential stuffing attacks. Hackers use these attacks to get into people’s accounts by reusing credentials from old data breaches to compromise new accounts. This is especially common if gamers recycle existing usernames and passwords. On top of that, phishing campaigns to trick gamers into signing in and revealing their login credentials have also grown in numbers.
The gaming industry under attack
It’s not only the single-player that is under threat. Cybercriminals are also launching relentless waves of attacks against gaming companies and websites with the goal to compromise accounts, steal and profit from personal information and in-game assets, and gain competitive advantage.
Looking at the attack landscape, SQL Injection (SQLi) is still the number one attack vector, closely followed by Local File Inclusion (LFI) attacks. Both methods manipulate the backend database to access information that was not intended to be displayed, including sensitive company data, user lists, or private customer details.
In addition to web-based attacks, companies also need to contend with DDoS attacks. Akamai observed 3,072 targeted DDoS attacks between July 2019 and June 2020, where “legitimate users are unable to access information systems, devices, or other network resources due to the actions of a malicious cyber threat actor.”
What can gamers do to protect their account?
Our experts as The Missing Link recommend three strategies to protect your account:
- Keep changing your passwords regularly and use a password manager to store them.
- Multi-factor authentication (MFA). With MFA, you can set up multiple ways to confirm your identity:
- Your password
- An authenticator app on your mobile phone
- Facial or fingerprint recognition to access your phone and the app.
- Log in through official gaming apps and services, NOT through third parties.
Finally, be vigilant! If you receive a request from a customer support or company representative for a game to provide personal or financial information, or authenticator codes to use your account, you are most probably the victim of a scam.
If you liked this article, you may also like:
Privileged access in the new world
Red Teaming and the origins of anonymous hacking
What do you do after a data breach