Online Gaming Adds More Risk to WFH
During the holiday season, with virtual learning on a break, it’s a good bet your kids spent much of their downtime playing video games. Maybe they received a new gaming console as a Christmas gift or they use a gaming platform as a way to hang out with their friends. Or, perhaps you like to unwind with a multi-player battle. However, if you’re working remotely, online gaming could be yet another vector for a cyberattack on your home network and eventually on your company’s network and data.
In December, Check Point researchers identified four vulnerabilities in the gaming networking sockets of Steam, a popular gaming platform from Valve.
“If exploited, these vulnerabilities would enable a variety of possible attacks. For example, an attacker could remotely crash an opponent’s game client to force a win or even perform a ‘nuclear rage quit’ and crash the Valve game server to end the game completely. Potentially even more damaging, attackers could remotely take over 3rd-party developer game servers to execute arbitrary code,” Eyal Itkin, security researcher at Check Point, wrote in a report about the discovery.
Valve isn’t the only game developer with security risks. Earlier last year, Akamai looked into the security of the gaming industry and found 152 million web application attacks and billions of incidents of credential stuffing over a two-year period.
“Criminals are launching relentless waves of attacks against games and players alike in order to compromise accounts, steal and profit from personal information and in-game assets and gain competitive advantages,” Steve Ragan, Akamai security researcher, told ComputerWeekly.
How Gaming Cyber Incidents Impact WFH
Whatever is connected to your home’s internet is going to create another possible opening for cybercriminals to enter. But it is easy to forget about the risks of online gaming platforms or connected gaming consoles because they are separate from work and school. However, those devices you aren’t thinking about could be your company’s worst nightmare.
“When employees take their machines home or use their home machines for work, those machines now sit in a physical and digital space unlike any within the office,” noted an article in Entrepreneur. “Between routers, printers, foreign machines, devices, gaming consoles and home automation, the average home has a more complex and diverse communication and processing system than some small companies.”
Any security flaw in a game or gaming platform can create serious issues for the gamer’s privacy. If the game is played on a computer used for work or school, your computer could be compromised.
“Through the vulnerabilities we found, an attacker could have taken over hundreds of thousands of gamer computers every day, with the victims being completely blind to it,” Itkin said in a formal statement.
Passwords and Malware
One of the vulnerabilities found by Check Point came via third-party games that embed Steam Sockets and could be used to fully take over game servers. While this vulnerability could be used to hijack all the computers of gamers connected to a target game server, server takeovers also can be used to find something else—user passwords.
Vulnerabilities can be exploited to gain access to game databases that hold password information. While most game hackers want access to game personas and the assets connected to a user, a more sophisticated cybercriminal can use these passwords for other attacks or to sell on the dark web.
Cybercriminals also use games as a method to push out malware. They’ll use phishing emails or in-game spam or will publish a notice on a message board with links for game “patches.”
“The past few months have shown that users are highly susceptible to falling for phishing attacks or clicking on malicious links when it comes to games—whether they’re looking to find pirated versions or eager for a cheat that will help them win,” Maria Namestnikova, a security expert at Kaspersky, told Info-Security Magazine. “Now that many players started using the same machines that they use to enter corporate networks for games, their cautiousness should be doubled: risky actions make not only personal data or money vulnerable but also corporate resources.”
