As next-generation gaming consoles go online, some of the same problems that have faced consumer and enterprise IT networks are surfacing.At a session during the SecTor security conference, Chris Boyd, director of research at Facetime security labs, detailed the myriad methods by which gamers — and in particular, Microsoft (NASDAQ: MSFT) Xbox 360 users — are under attack by cyber criminals. "Though the Xbox doesn't have the number one market share, it is the top target for hackers," Boyd said. "Xbox Live has 17 million plus subscribers and that service requires payment." Xbox Live provides a number of online products and services to gamers. According to Boyd, Xbox Live gamer accounts are now an established commodity on the black market. One way that attackers enumerate their targets is by way of information that is easily publicly accessible. Xbox users gain points during gameplay, which leads to a gamerscore metric. The higher the gamerscore, the more valuable the gamer account. Boyd noted there is no easy way to keep a gamerscore private. "If you go into the Xbox privacy settings, you can't block the gamerscore," Boyd said. "All you can do is hide your list of most recently played games." Boyd added that sites like Mygamercard.net promote users' gamerscores, in effect painting a big target for attackers.Once the attackers have identified their target, there are multiple methods they use to try and gain control of a user's account. One method that Boyd described is by way of social engineering, a tactic that has plagued regular consumer and enterprise users for years. In one scenario, Boyd noted that the attackers actually call Microsoft support claiming to be the Xbox Live account holder and then use the publicly available information to support the claim. Another attack scenario comes by way of phishing messages sent by way of the Xbox messaging service. The messages claim to be from Microsoft and offer users a reward of some kind if they enter their username and password. There are also numerous attacks that act as Denial of Service (DoS) attacks on Xbox users. One such attack is a repeated friend request over Xbox Live. Boyd noted that users can set their status to 'away' in order to block the requests, but it does't always work
News source: internetnews
No comments:
Post a Comment