Player ‘Cyber Criminal’ has entered the game
Written by Joseph Poppy on 06/09/2019
Big player base = lots of potential targets
The more popular an online game is, the more targets a hacker has and the more likely it is that someone somewhere will fall for their trickery. Returning to Fortnite, overly competitive players looking for a way to gain the edge over their opponents naturally started looking for cheats. Cheats hackers will happily provide - or so it would seem. A supposed hack dubbed ‘aimbot’ promised to provide players with better aim assist, because games are more fun when you don’t have to play them yourself. Unfortunately, this hack did not do what it said on the tin and was instead our old friend ransomware. This is just one of many scams and general cyber shenanigans relating to this popular game. Some estimate Fortnite scams have hit the 53,000 mark.
Dangers further afield
Taking a broader view of the industry, playing online games with people may give you the false impression that you know them. If you’ve just finished a great game with AstroMax92 and they send you a private message later saying ‘that was great. Want to join my clan? Here’s a link for more info,’ you might not think twice about clicking said link. Not thinking twice about clicking a link, it’s fair to say, is a very common cause of getting hacked. Links can be left behind on any forum by supposedly helpful strangers. For the most part they’re fine, but as always, it just takes one rapscallion to ruin it for the rest of us.
It's a similar story with modding: which is a popular way of adding extra content or elements to an already existing game, such as replacing dragons with Thomas the Tank Engine. It’s also a clever way to get malware onto people’s machines. In the early days, these exciting additions or changes were found scouring the internet and finding an executable before downloading and installing it. This was one sure fire-way to get your PC riddled with malware.
These days, modding communities tend to be well regulated and user feedback means that mods concealing malware don’t last long, but that’s of little solace when you’re one of the unlucky few whose processor is melted by cryptomining malware.
Even if apps don’t contain malicious code, they’re not necessarily being built securely. Oversight, rushed jobs or lack of knowledge may mean some of those harmless mobile games are putting your devices or personal information at risk. Ideally, any app should be thoroughly tested by experts before they’re publicly released, but we do not live in an ideal world.
Don’t turn off your consoles
Obviously, this is not to say that the gaming industry is terrible from a cyber security perspective – a lot of companies are doing a lot of hard work in an attempt to stay secure. As with any area online, tread carefully, be careful what you sign up for and what you click on. As we’ve just demonstrated with gaming (which is an industry seen as innocuous by most), every single industry is a target for hackers. Wherever there’s money to be made, cyber criminals will appear, and gaming is a big business that’s only going to get bigger.
We are Bulletproof
As we at Bulletproof know from our blue team operations, hackers’ strategies are constantly evolving, and their attitude to exploiting the gaming industry is no exception. Trends are slowly moving away from personal data and more emphasis is being put on monetising the theft of digital assets. There might be many reasons for this, but a big contributing factor will be the sheer level of competition when it comes to selling personal data. Whatever it is hackers go after, the fact is this billion-dollar industry will always attract them.
We know that developers, publishers and market platforms need to be booking regular penetration tests on their products to resolve any issues before they affect customers. As the industry grows, it becomes increasingly clear that we need more people using their hacking knowledge for good.
At Bulletproof, security is in our DNA. We’re dedicated security specialists, combining years of industry experience with cutting-edge technology and in-depth knowledge across all fields of information security.
If you are interested in finding out more about Bulletproof and what we do, have a browse around or contact us today. If you think you are Bulletproof material, check out our vacancies to see if we have anything for you.
ISO 27001 and 9001 certified
Tigerscheme qualified testers
PCI DSS v3.2 Level 1
24/7 on-site Security
Get a quote today
If you’re interested in our services, get a free, no obligation quote today by filling out the form below.