Are You a Gamer? Watch Out for These Cyber Threats in 2022
Gaming doesn’t come cheap, but you already know this by now.
Whether you’re a pro, a casual gamer, or a parent fueling your kid’s hobby, chances are you’ve invested some serious money in gaming devices, games, and in-game purchases. That’s not to mention the countless playing hours and tons of passion.
The potential for disasters is ever-present: you could see your profile wiped out, your game data lost or access to your gaming device blocked. It’s no surprise that plenty of villains out there are looking to capitalize on your fears. And they grow bolder each day.
The question is: are you ready for them? Here’s a few thoughts to steer you safely around the trouble.
Hackers love gamers and everybody’s a gamer now
Hackers want to make money, and right now there’s a lot of money to be made from gaming. As the pandemic unfolded and lockdowns became a stark reality in most parts of the world, people needed to entertain themselves at home. They quietly turned to gaming. Online gaming traffic climbed 30%, U.S. video game sales jumped to a record $56.9 billion in 2020, mobile gaming usage rose by 75% and game streaming platform Twitch recorded 9.89 million active users during a single month.
But what does that mean? Well, in a nutshell, it opened a huge window of opportunity to cybercriminals. As gamers rushed in, so did the hackers. Phishing campaigns, account takeovers, scams, and malware are at an all-time high. Bearing in mind that underground marketplaces fueled by stolen gamer information do roughly $1 billion in business each year, it should come as no surprise.
Here’s what to watch out for:
1. Account hijacking
It’s estimated thousands of Steam, EA Sports, and Epic accounts are stolen each month, with bulk account databases traded on private Telegram channels for sums between $10,000 and $40,000.Apart from brute-force attacks, which consist of an attacker trying commonly used passwords or passphrases in the hopes of eventually guessing correctly, one of the preferred ways to steal game accounts is called account stuffing. A hacker collects stolen account credentials from a website or service, then uses an automated login script to try the credentials on other popular websites/services. Because most people use the same password and email address on multiple websites, this results in a high success rate for hackers.
Other methods to hijack accounts include phishing, by tricking gamers into logging into a fake page that resembles a genuine login page, or malware. For example, a trojan that grabs everything from cookies to passwords, forms, and bank cards can be bought for as little as $10 on the Dark Web.
How to protect yourself against account stealing:
· Use unique complex passwords on each of your accounts and don’t recycle old passwords
· When possible, enable multi-factor authentication
· Change your password immediately if you think your data has been compromised
· Don’t click on suspicious links in chats and watch out for strange e-mails that urge you to take immediate action or promise you unrealistic prizes
· Install a security solution and periodically scan for malware. Bitdefender offers customizable profiles that include a Gaming Profile specially designed to temporarily halt pop-ups, adjust visual settings, and pause unimportant background activities, so you can enjoy your device to the max. Enjoying an uninterrupted gaming experience is all about reducing system load and diminishing slowdowns.
2. Software vulnerabilities
In December 2021, a serious code-execution vulnerability affecting most servers in the world was discovered. One of the first sightings in the wild was in the popular game Minecraft, where hackers used it to deploy ransomware on vulnerable servers. This was a special case because it was a general vulnerability. However, in 2013, researchers found a series of vulnerabilities in popular first-person shooter engines that could have let attackers compromise online servers and player computers. Similarly, a dangerous remote code execution (RCE) exploit found in Dark Souls 3, prompted its developers to shut down servers until the problem was fixed.
All vulnerabilities were patched shortly after they were discovered, which means that even though there’s nothing gamers can do to prevent such problems, they can still mitigate them by making sure they’re regularly updating and running the latest game version.
How to protect yourself against game vulnerabilities:
· Regularly update your operating system and the software on your devices. New vulnerabilities are discovered every day, and developers periodically release security updates to fix them.
· Keep an eye out for suspicious activity on your accounts. If you notice peculiar behavior, like unusual logins, modified data or transactions you don’t remember, contact customer support immediately.
· Install an antivirus and periodically scan for malware.
3. Malware hidden in pirated games
It’s no surprise that game consoles have become more popular than PCs in recent years. However, there’s still plenty of PC gamers who like to gamble by running pirated games. In addition to legal issues, this exposes them to hidden dangers, as game cracks, key generators, and unlicensed game copies often conceal trojans, adware, crypto miners, or spyware.
To make matters worse, most cracks ask users to disable their antivirus before installing. For example, in 2021 Bitdefender researchers discovered a malware dubbed MosaicLoader that spreads through popular pirated games and can steal cookies, hijack login sessions to take over some of your online accounts, install cryptocurrency miners that run in the background of your computer, or install backdoors to let malicious actors into the PC itself.
How to protect yourself from hidden malware:
· Don’t download, install or run pirated games on your devices. It exposes you to unnecessary risks and can lead to stolen information, data loss, and damaged devices
· Watch out for websites advertising free game downloads, patches or cracks; criminals often use them to deliver malware
· Install an antivirus on your computer and periodically scan for malware
4. Malware hidden in mobile games
Criminals have been targeting popular mobile apps for years, lacing them with malware or using them as droppers for malware. Mobile games are no exception, as almost everyone has a favorite game installed on their phone for a quick break. Android users are preferred because there’s more than one app store and the security requirements for apps are less strict, but there have also been cases of Apple Store apps going rogue.
In most cases, infected mobile games install adware that floods your phone with annoying notifications. In other situations, though, it’s much worse, with apps stealing login credentials, installing crypto miners and spyware that allows hackers to track your phone and steal your data remotely.
How to protect yourself from infected apps:
· Before installing a game on your phone, always check reviews
· Watch out for clones impersonating popular games
· Think twice before installing games from third-party sources
· When installing any app on your phone, check what permissions it asks for
· Periodically restart your phone, as some simple malware can be removed with just a reboot
· Protect your device by installing a mobile security solution. Bitdefender Mobile Security protects you against viruses and malware and even warns you about link-based scam attempts.
Sketchy websites that advertise free download links for popular games, or game cracks, but instead deliver malware, have been around for years. However, the recent global chip shortage opened a new window of opportunity: hardware scams.
Criminals are targeting people who are looking to buy under-stocked items like PS5 game consoles or graphics cards. The mechanism is simple: scammers build fake online stores claiming to sell consoles at an unbelievable price. They contact their victims through phishing or hijacked social media accounts, the victims pay, then the hacker disappears with the money and the credit card information.
How to protect yourself from gaming scams:
· If an offer seems too good to be true, it probably is, so don’t fall for spam or aggressive ads promoting unrealistic offers or discounts
· If you find an online store that has a great offer on the product you’re interested in, always double-check whether the website is real. Does it have a contact section? Does it have real reviews? Does it have customer support? Search for it on Google and see what other people think about it.
· If you think the website is legit, but you still have some doubts, don’t pay using your main card. Use a disposable virtual card or Paypal.
6. DDoS attacks
DDoS, or distributed denial-of-service, attacks work by flooding your network or its surrounding infrastructure with useless internet traffic that suffocates your connection and prevents the information from getting in or out.
While DDoS attacks are usually used against companies or government organizations to take down infrastructure, they’re also used casually used in the gaming community, often by rival gamers trying to build an advantage or by malicious individuals interested in scams or extortion.
For example, a DDoS attack targeting a Squid Game-themed Minecraft tournament managed to cripple Internet access in Andorra for more than three days.
How to protect yourself against DDoS attacks:
· Hide your IP address using a VPN. If baddies can’t get your IP, they can’t block you. Bitdefender Premium VPN is an ultra-fast VPN that keeps your online identity and activities safe from hackers, ISPs, and snoops. It offers complete online protection and anonymity and lets you connect to 1,300+ servers around the world.
7. Data breaches
In October 2021, Twitch admitted it suffered a major data breach. Leaked data included the streaming platform’s source code and a 128GB pack of data containing creator payouts dating back to 2019. In December, Ubisoft announced “Just Dance” was breached and important player information was leaked. Going further back, to 2020, hackers stole 46 million records from the popular online kids’ game Animal Jam and sold over 1.3 million user records of popular Stalker Online MMO Game on the Dark Web Marketplace. These are just a few examples from recent years of how hackers target gaming companies and gamer communities with the clear purpose of stealing personal information and selling it on the Dark Web.
Unfortunately, data breaches are a constant threat for every company, not just the gaming industry and gamers can do little about it. Still, it’s wise to take some precautions to protect your data.
How to protect yourself in case of a data breach:
· Use burner e-mail addresses when registering for games. If your data gets leaked, at least your main e-mail address is safe.
· Always use unique, complex passwords for your accounts. If one is compromised, your other accounts are still safe.
· Consider using a password manager; it generates random complex passwords and stores them securely
· Enable multi-factor authentication whenever possible
· Pay with disposable virtual cards. If one is compromised, your physical cards are safe and all you have to do is dispose of the leaked virtual card.
· Consider using a VPN. VPNs hide your IP address and protect your privacy so you can focus more on gaming, and less on people snooping around
· Know exactly when your data is leaked. Bitdefender Digital Identity Protection is a solution that helps you manage your online footprint and notifies you if any of your data has been compromised so you can take measures and protect your identity.
Enhance your cyber resilience and privacy on Computer Security Day in four easy steps
November 29, 2022
How to monitor your online privacy during your Thanksgiving trip
November 22, 2022
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info
November 16, 2022
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be
November 14, 2022
Cyber Tips for a Spook-Free Halloween
October 26, 2022
August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War
August 31, 2022