fbpx
Connect with us

Cybersecurity

Hackers loom as the gaming industry grows

Yehia El Amine

Published

 on

Gaming Industry

It comes as no surprise that the gaming industry has witnessed an astronomical rise for the past decade, even more so under the circumstances brought forth by the Covid-19 pandemic.

The global video game market is forecast to be worth $159 billion in 2020, around four times box office revenues ($43 billion in 2019) and almost three times music industry revenues ($57 billion in 2019).

The biggest market by revenue is Asia-Pacific with almost 50 percent of the games market by value. North America accounts for a quarter of revenue. In parallel, video game sales in March approached $1.6 billion, representing a 35-percent year over year increase, according to U.S.-based research company, NPD.

Gamers have become even more passionate and committed to their games, especially online games, having dedicated accounts and profiles that contain their personal information, as well as their payment methods for online transactions.

This industry has exploded during the pandemic as a record number have turned to it for escapism, entertainment, and social interaction. Estimated to surpass $200 billion by 2023, gaming is now considered to be one of the fastest-growing industries on the planet.

These are fertile grounds for all hackers alike, making the online gaming industry attractive, lucrative, and susceptible to all kinds of cyberattacks and data breaches.

These games, primarily Massive Multi-Player (MMO) games, experience a plethora of attacks from attempting to block players from accessing the games, to attempting to slow down connections to gain a competitive edge.

“These attacks can take the entire game offline, resulting in hundreds of thousands of dollars lost,” according to Radware’s threat research team.

A recent report published by SuperData, a market research company based in New York, gave the example of the game Fortnite – which currently stands as the top online game in the market – grossing $318 million per month.

“If Fortnite was to suffer a cyberattack and it resulted in an outage, it could lose +$400,000 per hour (if you break it down using the following math: $318,000,000/ 30.5 (days a month)/24 (hours a day),” says Eden Amitai, Cyber Security Evangelist at Radware.

While other games maybe losing less, these attacks are hitting profit margins rather hard.

“For instance, online games that bring in $150 million per month could experience $200,000 direct loss of revenue, or a less popular game that has a revenue of 75 million per month may lose $100,000,” Amitai highlighted.

During the height of the global lockdown enacted by governments, 76 percent of gaming companies accelerated their cloud migration plans to meet the increasing demand set forth by gamers stuck at home, according to Radware’s most recent C-suite report.

This not only leads to major cybersecurity liabilities but magnifies the need for a deep security understanding of the shared responsibility mechanism.

Same game, different industry

Usually, it’s the banking and finance industry that appeal to hackers the most, but they’ve learned from their mistakes and have heavily invested into state-of-the-art cybersecurity systems to keep cybercriminals at bay.

Now, hackers have narrowed their sights on the booming gaming industry.

While online games allow players to interact and engage with people from all over the globe, they also process in-game transactions and purchases; and this is exactly where hackers are aiming to attack.

Gaming companies have massive databases filled to the brim with valuable user data, from credit card information, to email addresses, phone numbers and the likes; all of which can be sold on the dark web for profit and extortion.

Common threats to gamers

Hackers have adjusted their MO from directly going for bank information to using more subtle yet effective ways of getting money from the data they steal.

From taking over your player profile to unauthorized selling of your in-game items, there are many ways that hackers can compromise your online gaming profile and make you pay for it, literally.

Let’s explore potential ways hackers can worm their way into these games:

  • Identity theft

Usually, it’s the players that boast high ranks within gaming communities are the most susceptible for cyberattacks.

When cybercriminals assume their personas or profiles, they can act in a myriad of malicious ways that have real-world consequences on the actual user. This might lead to hackers soliciting funds, sending out scams or bogus links that would divulge sensitive financial information from other players.

  • Data theft

While this strategy is similar to the one listed above, the hacker can merely go through the player’s financial information and other sorts of sensitive data and run off with them, rather than assume their identity.

These criminals can access social media engagement, locations, phone calls, in-game transactions, and monthly subscription data, which could in one way, or another lead them to the victim’s financial resources.

  • Third-party trickery

As everyone minimally knowledgeable with the facets of online gaming, these platforms offer a vast array of rare and valuable in-game items and cosmetics which can be exchanged for various types of currencies, be them real-world, in-game or even cryptocurrencies. 

Attackers can trick players by setting up phishing websites or landing pages, disguised in the game’s general theme, to trick players into handing over their personal and financial information.

From there, hackers gain access to gaming logs and activities, which paves the way for them to make transactions in the guise of legitimate player personas or accounts, but divert the funds they collect to their personal accounts or any deep-web accounts that could not be traced by authorities.  

  • Malware

These kinds of attacks can be targeted at either a player’s PC or hit the game’s site servers.

Usually, such attacks surface as vectors and links that offer cheat codes, mods, new maps, and other game advantages. The effects of malware can range from game disruption, PC system malfunction to compromise game or user information.

With all of this in mind, gaming companies should invest more into strong security strategies that align with their activities across all aspects of their business.

A risk-based approach can bring cybersecurity to the forefront of prioritization that offers three main things, the protection of players’ sensitive information, safeguarding the company’s profits and recognizing that the risk landscape will continue to evolve over time.

Advertisement

Yehia is an investigative journalist and editor with extensive experience in the news industry as well as digital content creation across the board. He strives to bring the human element to his writing.

Cybersecurity

Cybersecurity trends in 2021: Learning from a harsh year

Yehia El Amine

Published

 on

cybersecurity trends

This year has been unlike any other in living memory, barely any aspects of our lives have been spared by the impact of the worst public health crisis in decades.

The worldwide COVID-19 pandemic shifted the way we lead our day-to-day, laying bare to our collective fragility, while greatly heightening our sense of uncertainty. The effects of which will have a long-lasting aftertaste of how our reality has changed, as well as in the unforeseeable future.

The seismic shift caused by the pandemic, also fueled our embrace of technology by increasing our reliance on connectivity and pushing digital transformation into overdrive. Yet, with this reliance on the digital realm, comes risks and potential threats looking to take advantage of the situation.

Reports and breaking news stories throughout the year proved that cybercriminals were quick to adapt to this new norm, exploiting the pandemic and remote working circumstances to profit.

While most of the cybersecurity trends that emerged throughout the year will likely spill over into 2021, there is no definitive way to pinpoint how the cybersecurity landscape will look like a year from now.

However, by monitoring the current events that shaped this year, experts can foresee the areas that will be affected by cyberattacks, as well as the practices that will persist.

Let’s jump right in.

1- Remote workers will remain targeted

Remote workers are the golden nugget of cybercriminals far and wide, which is why they’ll continue being the prime targets for hackers. The reason behind this is due to them operating and using their own devices and Wi-Fi connection to conduct their work.

Home networks aren’t as fortified as their corporate counterparts, at the end of the day, no one has an IT team hanging about in their closet. In parallel, a large number of businesses weren’t properly prepared for the shift to remote work, making homebound workers easier to target.

According to a report published by VMware, a U.S.-based cybersecurity software company, global organizations saw a 148 percent spike in ransomware attacks in March of 2020, just when businesses began to make the shift to remote work.

“Attackers have been using COVID-19 to launch phishing attacks, fake apps/maps, trojans, backdoors, crypto miners, botnets and ransomware,” the report explained.

2- Automation for all the wrong reasons

To deal with the slash in profits, companies have been scrambling to find ways to put security solutions and their remote staff on the same table, signaling the use of hyper automation.

Hyper automation consists of integrating artificial intelligence (AI), machine learning (ML), and robot process automation (RPA) to automate their processes or any other task.

According to market estimates, artificial intelligence in the cybersecurity market is projected to grow from USD 8.8 billion in 2019 to USD 38.2 billion by 2026 at a CAGR of 23.3 percent.

Hackers have taken note of this and have started to develop their very own software disguised as an AI-automation software. Tricking remote workers to install this fake software will allow cybercriminals to pinpoint areas of defense, while marking vulnerabilities.

Using the data gathered by the software, it gives hackers the know-how to slip past or attack similar defensive software.

This is dangerous in every sense of the word since it allows attackers to subtly slip through the cracks faster and at a much stealthier rate; they’ll know before they attack what they are looking for, what to avoid, and how to escape unnoticed.

3- The rise of 5G

Our online behavior changes each year, with every new emergence of technologies that heavily impact our lives. And as the fifth generation of mobile networks begins to softly rollout internationally, our reliance on cloud-based systems grows.

Both B2B and B2C sectors will soon have the opportunity, and later be mandated, to shift toward 5G data management technology. According to Leftronic, 5G is expected to cover almost 40 percent of the world by 2024 with data transfer speeds of up to 10GB/s.

While there exists a plethora of reasons as to how 5G will better our lives, the same could be said about the potential risks that may accompany it.

High-speed data transfers will equip hackers with the ability to infect data packets and conduct corporate espionage at a much faster and subtle rate. Companies will need to revamp and beef up their cybersecurity teams to maintain a high level of security and surveillance for their sensitive data.

According to Cybersecurity Ventures, the cybersecurity talent crunch is expected to create 3.5 million unfilled cybersecurity jobs by 2021, up by 350 percent from 1 million positions in 2014.

4- Cloud attacks

While businesses across the globe were slowly migrating their work to the cloud in pre-COVID times, the pandemic acted as a catalyst for the same, as it acted as a notable ally to ensure business continuity across the board.

According to IDC, the global cloud services market spending is projected to reach USD 1 trillion in 2024, at a CAGR of 15.7 percent during the forecast period 2020-24.

Cloud-based security threats, including misconfigured cloud storage, reduced visibility and control, incomplete data deletion, and vulnerable cloud-apps, will continue to disrupt businesses in the future ahead.

5- IoT security concerns

With 5G’s slow ascension to power brings with it a myriad of technological advancements within its entourage, and the hardest hitter among them is the Internet of Things (IoT).

IoT is on the rise not only for commercial use, but also on the B2B end, most notably in the industrial sector which has laid the ground for transformations in critical infrastructures such as healthcare, automotive, maritime, shipping, and much more.

While this will help shape and fuel the digital revolution, in parallel, it opens the door for many risks and breaches on the cybersecurity level.

“Not only is more data being shared through the IoT, among many more participants, but more sensitive data is being shared. As a result, the risks are exponentially greater,” a report by Deloitte highlighted.

According to American research and advisory firm Gartner, there will be 25 billion Internet-connected things by 2020, and close to $2 trillion of economic benefit globally. That’s a lot of IoT devices and the biggest question is, can tech companies secure all these objects from threats?

A single compromised node can be leveraged to break into corporate networks with severe consequences. Insecure designs and architectures will result in non-encrypted personal data, hardcoded passwords, software, and firmware updates from unverified sources.

This means every IoT design should start with security. Giant tech firms as well as startups should incorporate security into the initial design process, while adding layers of security to protect people from the cyberattacks vis-à-vis giving them more control over the devices themselves.

6- Data, the new oil

Every single click, swipe, visit, and view is the creation of data, a digital footprint that gets bigger and bigger year-in and year-out translating into a company’s most prized possession; and as they broaden this footprint, hackers will remain resolute in their attempt to breach that data.

Thus, the easiest way to access this sensitive data is through the remote workers operating on weakly-protected home networks. From there, experts foresee the increase in VPN usage as well as additional security measures to protect company data while they work from home.

According to Cisco, since the beginning of the pandemic one of the top policy changes made in organizations has been to increase VPN capacity (59 percent) for remote workers.

7- FinTech under fire

The financial industry is considered one of the most threatened sectors in terms of cybersecurity for obvious reasons. Just take a moment and think back to how many data breaches has happened this year solely on financial institutions.

The reasons behind these breaches are always different, from the rogue employee, to the vigilante hacker, only one person is enough to cause significant damage to a financial corporation’s business.

According to Fortunly, cybersecurity investments in Fintech have grown to $646.2 million in 2020, more than double of what businesses spent on IT in 2019.

Thus, companies need to be wearier regarding their assessment of risks, while putting in place air-tight security reforms that protect not only their business models, but their customers’ sensitive data as well.

Hence, a balanced innovation is needed that promotes the growth of the fintech industry and mitigates the hidden risks of its services.

As the COVID-19 battle seems to be at its end with the creation of several vaccines, the experience of the pandemic should serve as a harsh lesson for decision-makers to make the necessary changes going forward.

Continue Reading

Cybersecurity

Addressing the fear of AI in cybersecurity roles

Yehia El Amine

Published

 on

AI in cybersecurity

Fear of automation has been present since the first industrial revolution, and as we slowly edge closer toward entering its fourth iteration, that very same fear has lingered and begun to creep up once more.

Only now it has cozied up to another worthy ally that could unearth age old fears of job loss: artificial intelligence (AI).

With technological advancements making headway every day, it seems there’s an accompanying alarm that keeps ringing; a warning of a future in which robots will be able to do everything humans can, only better, cheaper, and for longer.

A study conducted by Trend Micro, a Japan-based cybersecurity firm, that interviewed 500 UK IT decision-makers found that many IT leaders are concerned that their jobs will be replaced by AI in the next ten years.

The study suggests that there is a strongly held belief that jobs within the cybersecurity space will become obsolete due to automation, with no need for human automation.

“More than two-fifths (41 percent) believe that AI will replace their role by 2030, while merely 9 percent of the survey respondents said they were confident that AI would ‘definitely’ not replace their jobs within the next ten years,” the study noted.

While the study highlighted people’s lingering fear of being replaced by a simple algorithm, this doesn’t seem to be the case on the ground.

Let’s jump right in and bust this myth from the get-go.

While IT leaders seem to be worry about the possibility of losing their profession in the next decade, many have jumped in to turn out the panic alarm.

Even, Trend Micro’s Technical Director, Bharat Mistry, wrote within the study that “we need to be realistic about the future. While AI is a useful tool in helping us to defend against threats, its value can only be harnessed in combination with human expertise.”

He added the people should not be worried about their jobs becoming obsolete, since “AI and automation can help us to alleviate the problems caused by critical skills shortages.”

While proponents of AI and automation view them as the harbingers of a golden age free of paper-pushing, mundane and repetitive tasks, AI will not come after your job.

One of the main reasons why cybersecurity experts need not fret about their job security is simply due to cyber criminals beginning to adopt AI within their arsenal of attacks, transforming the battle ground into an online arms race where businesses and individuals attempt to stay one step ahead of each other.

With that, there needs to be cooperation between humans and their algorithms to fend off bad actors, regardless of how sophisticated their approaches might be.

According to the “2020 SANS Automation and Integration Survey,” cybersecurity teams aren’t going away anytime soon.

“Automation doesn’t appear to negatively affect staffing,” the authors concluded, after surveying more than 200 cybersecurity professionals from companies of all sizes over a wide cross-section of industries.

What they found, in fact, suggested the opposite: Companies with medium or greater levels of automation actually have higher staffing levels than companies with little automation.

While automation could theoretically eliminate almost three million cybersecurity jobs before a single one of them contemplates a career change, one needs to question of AI and automation living up to all its potential.

“As we’ve seen with a number of ‘revolutionary’ cybersecurity technologies, many fall short of the hype, at least in the early days,” says a report by U.S. cybersecurity software company, McAfee.

The task of automation and AI currently enjoy their very own shortcomings; the first being that they cannot deploy themselves, thus, a human touch is required to tailor the solution to the business’ needs and ensure that’s functioning correctly.

Even when they’re put in place correctly, AI and automation cannot be solely reliable on covering an organization’s online security just like that, since without lack of human judgment that filters and investigates every claim, these systems can unearth many false positives.

In terms of false negatives, AI is great at spotting what it’s programmed to spot, thus, making it increasingly unreliable at detecting threats and illicit activities it hasn’t been specifically instructed to look for.

“Machine learning is beginning to overcome this hurdle, but the operative word here is still ‘machine’—when significant threats are surfaced, the AI has no way of knowing what this means for the business it’s working for, as it lacks both the context to fully realize what a threat means to its parent company, and the ability to take into consideration everything a person would,” the McAfee report explained.

Humans will still be needed at the helm to analyze risks and potential breaches, and make intuitive, business-critical decisions.

Also, these automated and AI-driven systems instantly become obsolete once new types of attacks are created and deployed against them, since they cannot evolve without the guiding hands of humans.

In parallel, these automated systems cannot hire and train personnel, select vendors, conduct compliance or perform any creative task set before them.

“No automated system, no matter how sophisticated, is going to know when new laws, company regulations, and rules are passed, and no system will be able to adjust to such changes without human intervention,” the report explained.

It is important to note that hackers and cyber criminals have already demonstrated their ability to hack into automated systems; thus, leaving the algorithm to fend for itself, without a human quickly responding to the threat, sensitive data could be at risk of being breached or stolen.

McAfee’s report highlighted that AI and automation will not obliterate cybersecurity roles but would rather redefine and reshape the uses of those roles in other means.

According to SANS, implementation of effective automation often requires an initial surge in staff to get the kinks worked out—but it is almost invariably accompanied by a redirection, not reduction, of the existing workforce.

With that in mind, we need to stop ringing the panic bell of joblessness whenever emerging technologies start hitting the mainstream. We need to remember that without the guidance and instruction of humans, these technologies will not be able to perform as optimally as they were designed to be.

Continue Reading

Cybersecurity

How con artists scam the elderly in the digital age

Yehia El Amine

Published

 on

digital

Scammers, hackers, and fraudsters have attempted to exploit our lack of knowledge both on and offline. Unfortunately, senior citizens have been on the short end of the stick for a while, making them the most targeted groups among all others.

A report published by Deloitte estimates that scammers steal almost $2.9 billion per year from seniors along. The main reason elders have a huge target painted on their backs is mainly due to being less familiar with technology.

Why seniors?

These senior citizens are usually approached in a myriad of ways such via telephone, in person conversations, or online through emails, or various social media platforms.

According to a report by the Federal Bureau of Investigation (FBI), senior citizens are particularly vulnerable to certain types of fraud. Scammers prey on the elderly for a variety of reasons.

Let’s jump right in.

1. Money

Fraudsters target elders for the same reason banks get robbed: that’s where the money is.

Everything from life savings, bank accounts, mortgages, or social security, as most elders tend to own their own homes. According to a 2017 Federal Reserve study, the average net worth for American households headed by someone age 65 and older is $1.067 million — 1.5 times as high as the average for all households.

However, it’s not always well-off elders aren’t always the main prey for scammers. A 2018 Kaiser Family Foundation report calculates that 14 percent of all seniors are living in poverty. Scams that target the elderly take in many people living on fixed incomes who can’t afford the financial loss.

2. Exploiting their trust

Be them rich, poor, or belong to the middle class, its not a secret that senior citizens are lonely and yearn for companionship. The older these senior citizens become, the more likely they’ll be isolated due to their friends and families either dying or move into nursing homes.

This yearn for companionship makes them easy prey for con artists, which gives them an easier way to worm their way into someone’s trust for illicit reasons.

One needs to keep in mind, that the baby boomer generation (or people born in or before the 1960s) are usually more inclined to trust strangers, as their upbringing taught them to be polite, while assuming that others are being honest.

This makes them less willing to interrupt a sales pitch or hang up on a scammer.

3. Forgetfulness

According to a 2018 report from the Federal Trade Commission (FTC), senior citizens are more likely to report scams than younger people. However, con artists know that even if their elderly victims report the crime, there’s a good chance they won’t remember the details.

This causes problems with local law enforcement, as elders find it difficult to provide detailed descriptions to help track down the perpetrators, especially if a certain time period has passed since the victims were conned.  

4. Targeting their needs

The most common scamming tactic is by approaching the victim with something that they need, such as Social Security or healthcare, and fake investments in the hopes of cashing on some retirement money.

Common schemes

With the elderly population growing and seniors racking up more than $3 billion in losses annually, elder fraud is likely to be a growing problem, this has attracted the attention of many law enforcements agencies around the world.

There are several common ways scammers can attempt to fool senior citizens; to combat this ongoing trend, the FBI has named June 15 to be the World Elder Abuse Awareness Day, which is dedicated to raising awareness about the millions of older adults who experience elder abuse, neglect, and financial exploitation.

In parallel, the FBI compiled a list of schemes that the elderly need to keep an eye for to evade being conned.

Let’s jump right in.

  • Romance scam: Criminals pose as interested romantic partners on social media or dating websites to capitalize on their elderly victims’ desire to find companions.
  • Tech support scam: Criminals pose as technology support representatives and offer to fix non-existent computer issues. The scammers gain remote access to victims’ devices and sensitive information.
  • Grandparent scam: Criminals pose as a relative—usually a child or grandchild—claiming to be in immediate financial need.
  • Government impersonation scam: Criminals pose as government employees and threaten to arrest or prosecute victims unless they agree to provide funds or other payments.
  • Sweepstakes/charity/lottery scam: Criminals claim to work for legitimate charitable organizations to gain victims’ trust. Or they claim their targets have won a foreign lottery or sweepstake, which they can collect for a “fee.”
  • Home repair scam: Criminals appear in person and charge homeowners in advance for home improvement services that they never provide.
  • TV/radio scam: Criminals target potential victims using illegitimate advertisements about legitimate services, such as reverse mortgages or credit repair.
  • Family/caregiver scam: Relatives or acquaintances of the elderly victims take advantage of them or otherwise get their money.
  • Bogus Covid-19-related products and services: During the pandemic, con artists have taken advantage of people’s fears of Covid-19 by attempting to sell senior citizens “coronavirus test kits” in an attempt to collect credit card or banking information. While others falsely advertising products, such as fake drugs, vaccines, and devices, that claim to prevent or cure Covid-19.

How to protect yourself

Protecting one’s self from a scam can be easy to debunk, it just needs a little patience and research; thus, according to the FBI here are the most optimal ways of seeing through the lies and deceitfulness of scammers:

  • Search online for the contact information (name, email, phone number, addresses) and the proposed offer. Other people have likely posted information online about individuals and businesses trying to run scams.
  • Resist the pressure to act quickly. Scammers create a sense of urgency to produce fear and lure victims into immediate action. Call the police immediately if you feel there is a danger to yourself or a loved one.
    Be cautious of unsolicited phone calls, mailings, and door-to-door services offers.
  • Never give or send any personally identifiable information, money, jewelry, gift cards, checks, or wire information to unverified people or businesses.
  • Make sure all computer anti-virus and security software and malware protections are up to date. Use reputable anti-virus software and firewalls.
  • Disconnect from the internet and shut down your device if you see a pop-up message or locked screen. Pop-ups are regularly used by perpetrators to spread malicious software. Enable pop-up blockers to avoid accidentally clicking on a pop-up.
  • Be careful what you download. Never open an email attachment from someone you don’t know and be wary of email attachments forwarded to you. Take precautions to protect your identity if a criminal gains access to your device or account. Immediately contact your financial institutions to place protections on your accounts and monitor your accounts and personal information for suspicious activity.

The key to unravelling a scam if your loved one has been approached by a con artist is to make them feel comfortable enough to talk about, since most senior citizens feel embarrassed to talk about or report the crime.

Talking about the matter not only helps them understand the matter even more, but also aids local law enforcement to contain any potential damage that may have occurred, or if they’re lucky enough prevent it all together. 

As technological advancements keep emerging, hackers, scammers and the like will always find more sophisticated ways of tricking us, which is why we must remain vigilant regarding our online activities, while constantly educating ourselves and our elderly loved ones to evade these malicious online behaviors.

Continue Reading

Trending