Do you know the hidden security risks of online games?
Created#More Posted time:Apr 12, 2017 9:29 AM
There's a popular internet saying: "Every application has been attacked. If you think one hasn't, it's because you do not know it yet." Games, as the most profitable segment of the internet industry, suffers the highest intensity and complexity of attacks. During my years of services for users of the game industry, I have seen many times passionate entrepreneurial teams and products with unique features were strangled in the cradle by these kinds of internet attacks. I have also seen a very stable product suffer from irreversible damages to its reputation because of an elementary system vulnerability that resulted in user data leakage and tampering. Alibaba Cloud Security team has summarized the game industry's security issues roughly as follows:
It remains the top threat against the online game industry. In 2016, the global recorded DDoS peak approached 600 GB, and DDoS attacks of more than 300 GB are not rare at all in the game industry. The low attack cost, namely 1/N of the defending cost, results in an extreme imbalance between the offensive and defensive parties. The attacks are getting more and more complex, with more and more attack points, and the basic static protection policies cannot achieve a satisfactory result.
Cracking and plug-ins
The purposes of cracking and plug-ins are mostly achieved exploiting the security vulnerabilities of the game client or server, or through spreading Trojans via game communities or built-in communication channels. The attack means include common plug-ins that require no gaming clients, plug-ins, and offline plug-in programs, as well as changing the normal game data, which affects the game balance and ultimately has significant impact on the game's operation.
Spam registration, game account theft and so on
A large number of alt accounts are registered to earn premiums for new accounts or to increase in-game currency and items. Automated library scans or hits are used to steal accounts. Some channel vendors cheat traffic-counters using simulators…
Mobile growth trend
The rapid growth of mobile terminals increasingly highlights the importance of mobile security.
Games are placing more and more emphasis on quality, and it is becoming increasingly rare to profit through superficial changes. The phase in which higher bandwidth is much sought after and game security relies on individual protection products or protective policies is long gone. Current security policies involve a full-network collection of security information, a large amount of targeted defense-protection real-combat exercises and all-round protection. Of course, all of these require a simple user interface and sound cost effectiveness.
Let’s discuss about:
1. In addition to traffic flooding attacks, what other problems do you know that will seriously affect the security of game operations?
2. What security problems have you experienced in person? How did you solve them, and what are the results?
3. Do you understand the overall security and hidden risks of the game businesses you manage? Is there a pre-plan in place?
4. What are your opinions and suggestions for the industry's security services and security solutions?