Every day we face several cyber risks without realizing it, some of them just go unnoticed because there was no one who had the intention of taking advantage of the moment, or as we usually say, there was no one who had a reason. If there is no such reason, there is no attack and if there is no attack people usually do not change their behavior. All this is enhanced if we do not have the correct computer education from the beginning, which, like "learning to use Excel", should be in the top ten of knowledge necessary to develop in life, precisely because life as we know it is increasingly more present in cyber areas than before.
One of the main areas is the Gaming, scene, which without taking into account social networks and other cybernetic ecosystems groups, adds up to 3.1 billion people in the world,, that is, approximately, 40% of the world population.
A large part of the public is used to minimizing the intentions of attackers. Then questions occur that lead us to not have the need to increase our level of awareness regarding these issues, questions like; Who is going to attack me? Why does an attacker want my data? How are they going to think of getting into a gaming platform? Etc etc. The lack of the stated need means that most people in the scene are not motivated to learn about information security on a personal level. But as the great Aristotle said when he used his PC“Nothing happens until it happens” I don't know if Aristotle said it or not...), since when an incident occurs, everyone runs after a professional to recover the lost information, when in most cases it's usually too late.
Therefore, to avoid inconveniences with our integrity, confidentiality or availability in the most frequent computer fields, it is necessary to follow a series of tips that can help us to prevent any situation that compromises us, with the clarification that no technique is completely infallible, but if we begin to understand the risks, to have less appetite for it and thus minimize the attack surface.
An attack surface is, in a nutshell, what the attacker can see and know the result of a previous exploration. Where the points of interest are revealed. We can find a clear example, associating this with the uncovered area of the map;
Defining what is something risky can be contradictory, since among all people there are different perceptions of it. It can be risky for a person who knows how to swim, swimming in the sea, for example, but for an expert open water swimmer, the task may be easier than it seems. What does this have to do with? Specifically, it is about the risk appetite of each person, calculated based on awareness of all the factors involved in carrying out that action, eg, the expert swimmer knows the behavior of the sea, when it is safe to jump into the water and in which areas it is more likely to offer less resistance to the strokes. Not having this kind of knowledge, we usually find ourselves running towards a point without any sense and with a double-edged sword in hand.
Therefore, as we take more information from the environment, we can choose to "risk" more or less to perform a certain situation. The equivalent to the behavior of the sea in our Gaming environment, refers to the possible attacks that the attackers can cause, on the lack of knowledge of people under certain circumstances.
It is a simple idea, if it is not a safe and professional environment, why are we going to provide our information to a stranger who just played an online game with us if it is not necessary? Less is more.
Within the foci where some information can escape us, we must pay special attention to the following points:
Just as in real life, in the Gaming environment there are toxic games. Games in which we find ourselves immersed in a waterfall of insults that becomes unbearable when it comes to continuing to concentrate. Therefore, at this point we must not only stop the situation, but, although it is difficult, we must give more importance to our emotional state than to the achievements of the game, which is why it is recommended that;
All the most terrible atrocities of the human being are transferred to the internet, online sexual abuse too and luckily in several countries it is already punishable. Particularly characterized by a crime by an adult against a child or adolescent. Within the game you have to be especially careful if we are facing an attempt of grooming. We generally find 5 stages that are associated with this process.
In response to these issues, if you are being a victim of these situations, ask the nearest adult for help, do not be afraid of what can happen. One has to take care and not worry about it. If you are on the adult side and have adolescents or children in charge, some type of monitoring of their behavior is almost mandatory in order to detect these situations in time. If your child today has a cell phone and access to this virtual world, it is equivalent to the child being in a disco surrounded by adults and talking about any topic.
On gaming platforms today, there may be real treasures valued at thousands of dollars that can arouse great envy in our opponents. Therefore, these platforms are not exempt from the phishing attacks.
A common phishing attack is based on the faithful imitation of a web page. But when we talk about gaming it goes a little further than a simple imitation. One of the most frequent attack vectors is the type of attack called Browser-in-the-browser (BiTB), mainly affecting users of the Steam platform in competitive and professional fields. As we can read in a post made by Bleeping Computer, the method to obtain our data is based on a page mounted in a popup browser (in the best ClickJacking style) exactly emulating the login form of Steam, Such pop-up browser has a “certificate” that makes it look legitimate.
This browser in the browser, are not pop ups, although they seem so. Rather, they are elements that are part of the attacker's own website. In short, the methods to protect ourselves are always the same;
In the environment, the computer is also shared (it is not my case because I do not lend my computer), but if at any time this need occurs. We have to pay special attention to the data that we place in the forms and/or browsers. Therefore, the following recommendations could be followed;
If we were to make an analogy, think of a shared PC, like a room for rent. A room where we bring our things and when we have to leave, we check 20 times if we forgot something, since it must be left clean and in the same condition in which we acquired it.
Those of us who play daily know that the level of immersion felt while playing or immersed in a game's story mode makes us lose our sense of time and space. So I know separating reality from virtuality, balancing time between the digital and physical world, becomes a more than important task.
Finding this correct balance leads us to have to designate game times to prevent it from becoming something harmful to the human being.
If playing is your profession, a good way to maintain this balance is to complement the task with good exercise, take care of your eyes and hands, since they are your work tools. We must not move to the virtual world. In the event that it is your job, the principle is the same, a correct balance between work (gaming) and real life.
It is important that we always connect to trusted networks. No one pays attention to points like this, since in most cases the need to play over security urges us, and as we well know, security is the enemy of availability. Just as we have to take the necessary time to review an email, we must also be absolutely sure of the networks we are using to access the jungle of the Internet. Therefore, we recommend that the following points be taken into account:
Although the short recommendation is a bit funny, the idea is always that we trust our internet access. If something happens, it is that any modification in this type of network is usually out of our reach, that is where we return to the risk appetite that we talked about above. If I am not aware of its security, why risk it, right?
Although sometimes there is usually no other alternative, in that case Security always starts with you. Within the councils, applying the appropriate sanitation to our computer, to our account and to our data, will give us greater chances of success against the risk we face (our data getting captured).
The story is always often repeated, the human being makes a copy-paste of their behavior in real life vs virtual life. Sometimes it is always better to think about how to solve the usual problems of carelessness, and then move it to a more complex or simple field, depending on which perspective we look at it from. As we have seen, most of the issues refer to people's carelessness, lack of knowledge or the ability to put ourselves on a kind of eternal autopilot.
That's why we must internalize and, if we work with technology, emphasize understanding it, not panic without reason, understand the situation and take care of our information and ourselves..