Cybercriminals are taking advantage of online gamers’ enhanced connectivity, according to specialist consultancy Omnisperience, whose new report, Unleashing new revenue streams and boosting digital confidence with CCAPS, suggests that service providers are well positioned to secure and assure the gaming experience, creating new revenue streams.
Gaming has long been a honey pot for cybercriminals. Gamers provide rich opportunities because of their deep engagement in interactive and social channels, and because they spend cash on in-game purchases, depositing regular and sizeable amounts in their gaming accounts.
Cybercriminals are increasingly designing attacks aimed at player behaviour: sharing a cheat might seem friendly until you realise it contains malicious payloads or links that have devastating consequences for you and all the friends you shared it with. An example of this type of attack is Syrk, which was disguised as a Fortnite cheat hack. It encrypts players’ files and deletes them every two hours until they pay.
But it’s not just applications that are being targeted. With 120 million monthly users, Steam has also become a magnet for malware. The Steam Stealer malware statistics claims that up to 77,000 Steam accounts are hacked each month, with Kaspersky claiming to have found a thousand different active malware types on the site.
“Criminals are launching relentless waves of attacks against games and players alike in order to compromise accounts, steal and profit from personal information and in-game assets, and gain competitive advantages,” notes Akamai security researcher Steve Ragan.
Akamai’s statistics are a wake-up call to gamers. Between July 2018 and June 2020, 1 in 10 of the 100 billion credential stuffing attacks the firm recorded were targeted at the sector, along with 1.4 in 10 of the web application attacks (152 million out of 10.6 billion). Between July 2019 and June 2020, 3,000 of the 5,600 unique DDoS attacks were also aimed at this sector, making it the most targeted of all verticals.
Part of this problem can be addressed by moving to more secure methods of payment. Digital monetisation platform provider Centili advocates this type of approach as a partial fix. It argues that direct carrier billing (DCB) increases payment security for gamers. CEO Zoran Vasiljev explains: “DCB is convenient, enables players that don’t have a credit card or bank account to pay for things securely, provides a good experience that isn’t overly intrusive on the game, and is far more secure because it doesn’t require the entry of personal data.”
While more secure payment options are vital, they’re only part of the answer, according to Omnisperience, with gamers vulnerable because households and individuals have been at the forefront of connectivity, but are trailing behind when it comes to cybersecurity.
“Large enterprises get attacked all the time, but they have the means to protect themselves,” says Omnisperience’s Chief Analyst Teresa Cottam. “But households and individual users have been left behind, and gamers are a particularly vulnerable part of that left-behind community. Often their guard is down when they’re gaming, their concentration is on the digital battle, and many gamers are children and young people who are less astute when it comes to cybersecure behaviour and who may readily share log-in details with friends for a range of altruistic reasons. Unfortunately, this sharing behaviour also leaves them open to attack.”
Cottam explains that part of the problem lies with the current generation of B2C cybersecurity software. She says solutions aimed at consumers rely on customers to install them, remember to update them, and manage licences. This creates a series of functional, domain and behavioural gaps that cybercriminals exploit. Closing these gaps requires protection to be effective, automatic and effortless.
Communication service providers (CSPs) see an opportunity in these problems. They’ve long targeted the sector with high-bandwidth/low latency connectivity services such as 5G and full fibre broadband, but have now recognised they are well positioned to secure and assure the gaming experience, creating new revenue streams for themselves in the process.
Omnisperience calls this type of offering CCAPS – connected customer assurance and protection services – which it defines as ‘cybersecurity services delivered through the network, as a service, providing holistic protection and assurance for connected customers’. Cottam says these services provide better, affordable cybersecurity, privacy and assurance for all the devices, connections, activities, applications, data and identities of individuals, households and small businesses.
CSPs are rolling out these services today, offering to protect gamers from cybercriminals and assure their network and device experience for just a few dollars, euros or pounds. Automatic protection and assurance takes away the headache from gamers, meaning there’s more time for them to spend on things that really matter – such as another game of CS: Go.