Recent attacks against the gaming industry in 2020 – Phishing attacks started to affect game players and gaming companies. Companies that are working in the field of video games are experiencing DDoS (distributed denial of service) attacks.
Gaming companies, like other businesses, are often targeted by hackers who try to locate compromised accounts and launch attacks against them. A new article says cyberattacks against gamers and gaming companies are becoming very popular day by day.
1. DDoS (Distributed Denial of Services)
Another popular way to target gaming sites is DDoS (Distributed Denial of Services) attacks. Between 2019 and 2020, there have been more than 3,000 DDoS attacks against the gaming industry. Number of these attacks peak at times like holidays where people are usually home and have free time.
2. SQL injection (SQLi)
Between 2018 and 2020, there have been more than 152 million attacks directed against the gaming industry. SQL injection (SQLi) is used for most of the attacks against gaming sites, in which hackers utilize forms to insert complex SQL code that can then exploit the database using the form.
3. Local File Inclusion (LFI)
Local File Inclusion (LFI) seems to be another popular method. In this method, attackers use apps to obtain access to data on the server. When making SQLi and LFI attacks, cybercriminals usually target games based on the web and smartphones to steal usernames, passwords, and other personal information.
Cyberattacks have also targeted gamers and gaming sites. Cybercriminals buy username and password combinations on the Dark Web with the intention of gaining access to games and gaming sites to execute such attacks. According to the article, gamers are specifically targeted by cyberattacks, often by credential stuffing and phishing attacks. It has been identified that there have been more than 100 billion attacks against credentials from 2018 to 2020, and approximately 10 billion was targeted against the gaming industry.
Attackers set up fake but believable messages and sites about gaming. This is called a phishing message. The objective is to trick gamers into signing in with and revealing their login credentials. The goal here is to convince gamers to log in and sharing their usernames and passwords. Because during the coronavirus pandemic and lockout, more people started gaming, attacks against credentials have increased. In order to exploit users who may use their old usernames and passwords, criminals also might try passwords from previous cyber attacks.
Gamers usually don’t think they are under threat. Because they don’t think the information they use when signing in is that important. But criminals value every information they can get. Criminals target these users also because of the nature of gaming. Gamers usually engage in relationships when gaming. In addition to that, they usually have spare money that they hold to spend on gaming material.
How can people protect themselves against recent attacks against the gaming industry in 2020?
Here’s our advice.
1. Be careful when giving your personal or financial information.
If you are requested to give any information that is personal or related to your bank accounts, this can be a sign of an attack. Make sure you are talking to a legitimate source before giving out data like these.
2. Try using multi-factor authentication if it’s possible.
You can make use of several options to validate your authenticity using multi-factor authentication. You can set a pin, a cell phone authenticator app, authentication via your face, or your fingerprint to unlock your phone and your applications. Many gaming sites encourage you to use MFA.
3. Avoid using the same credentials over and over again.
Attackers make use of the stolen credentials from old cyber attacks. To avoid this, you shouldn’t reuse your old passwords for different sites. It would be best if you never gave your password to anybody or recycle old passwords. Instead, you can use a password manager app to take care of your credentials.
4. Use two-factor authentication.
You can use two-factor authentication when MFA is not supported on the site you are trying to login. This allows you to verify your identity via an SMS message or password. But it has been reported that sometimes attackers exploit SMS messages. So try using an app for authentication whenever you can.
5. Use cybersecurity awareness training tools.
Use our cybersecurity awareness training tools to protect your organization better. Our tools offer training contents like HTML5 Security Training and Animation Training Videos in many languages, and materials such as Posters, Screensavers, Cyber Security Newsletters, Phishing Security Tips, Ninjio Animation Training Videos, gamified security awareness training. Use our security training and increase the cybersecurity awareness levels of your employees.
6. Don’t use third-party sites or apps when signing in.
You should always use the official site or app of the game you wish to log in. If there is a third party involved, it can indicate that you are being tricked. In so many phishing attacks, attackers use third-party apps as a way to get your credentials.
7. Use phishing risk testing tools.
Phishing risk testing tools help you test your employee’s awareness against phishing attacks. You can make your employees learn the style of phishing emails and raise their awareness of when it comes to fake emails and addresses. Our Phishing Simulation tool provides users more than 80+ Turkish, English, German, French, etc. in 8 languages, each with a unique phishing email scenario. You can customize or edit your phishing templates and fake phishing links.
“This post is originally published at www.phishing.org.uk”
Teknoloji Haberleri