By: M. Sai, Z. Zhou, P. Do
Online gaming attacks are referred to as malevolent efforts to do damage to other players, get money, or gather information. While it may be gained directly from other players (particularly by gathering information and earning money via the use of the stolen account, password, or even bank cards), this approach is one of the most straightforward ways to do so [1]. There are a number of different approaches that may be used in order to accomplish this aim of targeting a game on the internet and the players. To access an account that belongs to another player, you have several options. Social engineering is perhaps the most common method of getting information from some other accounts [2]. Some of the threats to online gaming are given in figure 1.
A cunning attacker may persuade a victim to divulge their credentials, which include their username, email address, password, and bank account information, all through the use of inventive language and bogus messages [3]. If the attacker obtains these credentials, he or she may use them to lock out the legitimate user before selling, transferring, or embezzling them.
When a game or its service lacks adequate protection around login information, the same results may occur. The communications between the game client and server are not secured, which means that anyone with access to both can intercept and use the information for their own reasons. The resulting compromised account instils a false sense of security in the user, who is unaware of the attack.
An attacker can set up a bogus gaming server. When the login credentials of naïve gamers are obtained, this fraudulent gaming server and client configuration may result in an attack. Due to the fact that it is totally reliant on the integrity and secrecy of the login process, this may be especially dangerous for games that do not require authentication beyond a username and password. Brute force and dictionary attacks are not intended to steal login credentials, but rather to crack them through trial and error. In this situation, it suggests that software can almost certainly generate a set of factors, such as password requirements, that will enable it to crack a password. Each permutation of letters and digits results in a successful guess, allowing the attacker to obtain credentials without detection. Additionally, the attacker may utilise harmful applications [4] such as Trojan horses and keyloggers to hijack another user’s account. The malicious software is installed covertly on the victim’s computer, and it then stealthily takes and transmits the victim’s information to the attacker, resulting in account takeover.
Open research Issues and challenges
- In the future, an important topic of cyber security research will be how to validate an entity’s identity. Traditional techniques of network access control are plagued with security risks. A centralised authentication mechanism is difficult to deploy and vulnerable to increasingly sophisticated network attacks, rendering network security for players using online gaming networks unachievable.
- Developing detection tactics for dangerous software using machine learning techniques or signatures.
- Educating people about the dangers of social engineering and phishing assaults helps avoid identity theft.
- Effective data encryption methods used during information exchange and the development of new encryption schemes that are difficult to crack assure the security of data transit between the client and server.
References
[1] Saudi, M. H. (2021). Gaming Mobile Applications: Proof of Concept for Security Exploitation. Turkish Journal of Computer and Mathematics Education (TURCOMAT), 12(8), 1761-1766.
[2] Grandhi, S. R., &Galimotu, N. C. (2020). Understanding social engineering threats in massively multiplayer online role-playing games: an issue review. GAP Indian Journal of Forensics and Behavioural Sciences, 1(1), 66-71.
[3] Zhao, C. (2018, April). Cyber security issues in online games. In AIP Conference Proceedings (Vol. 1955, No. 1, p. 040015). AIP Publishing LLC.
[4] Parizi, R. M., Dehghantanha, A., Choo, K. K. R., Hammoudeh, M., &Epiphaniou, G. (2019). Security in online games: Current implementations and challenges. In Handbook of Big Data and IoT Security (pp. 367-384). Springer, Cham.