Education

Introduction

The other day there was a lot of focus on “ATLASOS” a rather oddly branded project, just to be clear:

ATLASOS is NOT AN Operating System (OS) (despite it’s name!)

ATLASOS (at the time of writing) disables basically the majority of Windows Security features including:

  • Defender
  • Smart Screen
  • Windows Update
  • Spectre/Meltdown Mitigations

Basically, if you can think of “nightmare” in the cyber world, ATLASOS’s security posture is basically that (in my opinion)! That said, it’s cool from a nerd Windows customization/build pov, however based on my initial investigations I would strong recommend NOT using it on a “PRODUCTION” system (or anything that’s connected to the internet!).

It has however led me to explore the cyber threat and risk landscape of the gaming world (it’s not like I don’t game anymore I just end to use a console and whilst I have steam on a PC I’m not into gaming like when I was in my early teens!), but I did want to look at trying to help people be safe whilst still fragging with good performance! I’m also focusing on machine pwnage vs the total cyber threat landscape (grooming and other nasty stuff is a whole specific topic, today I’m just covering generic threats)

What hardware do gamers run?

  • Medium/High End hardware
  • Medium/High end GPUs (good for crypto mining)
  • Probably a mix of NVIDIA, ATI, MSI, LOGITECH, ASUS, and RAZER hardware
  • They largely run Windows (not ignoring the Linux gaming crowd by PC gamers majority wise run Windows!)

https://store.steampowered.com/hwsurvey/Steam-Hardware-Software-Survey-Welcome-to-Steam

What software do they run?

Well the answer to that is LOADS, but I thought I would call out some of the common software that I use and that I see gamers in the wild use (plus we had community input – thanks tweeps!)

  • Steam
  • EPIC Games
  • EA Origin
  • RIOT Client
  • Ubisoft Connect
  • Battlenet
  • Discord
  • TeamSpeak
  • Twitch
  • OBS Studio
  • Notepad++
  • 7zip
  • Mix of Chrome/Firefox and Edge
  • WinDirStat
  • F.lux
  • Bluestacks
  • Torrent Software (Utorrent/qbittorrent)
  • Hardware Overclocking Utilities
  • Vendor Utilities (e.g., Razer Cortex, MSI Afterburner)
  • Bitcoin Wallets
  • FTP Clients
  • ZIP/RAR/7zip Clients

I’m sure the actual list if far greater!

What juicy targets are there?

This is a bit like how long is a piece of string but let’s take a quick look at some likely targets:

  • Steam Credentials
  • Windows Credentials
  • Email Credentials
  • Web Services Credentials/Browser Credentials
  • Hardware for crypto mining
  • Forum/Social Accounts to help spread attacks.
  • Credit Card Details (gamers generally have $$$ to spend)

Initial Access Vectors

This is not exhaustive but there’s a range of vectors which are likely, clearly phishing (email vector) affects everyone, but I think we would find quite a bit of malware and social engineering by chats (such as the awesome discord etc.)

  • Phishing
  • Social Engineering via chat (e.g. Discord)
  • Malware Delivery via chat (e.g. Discord)
  • Software Cracks via drive by download
  • Backdoored Keygens
  • Backdoored Games
  • Backdoored Cheats
  • Malware in Videos
  • Malware in Porn
  • Malware in Music
  • Social Engineer
  • Backdoored Drivers
  • Pwn3d Game Servers
  • Pwn3d Forums
  • MMO Power Levelling (thanks @Carter_WY) or boosting (this is where people literally give out their credentials to a third party!)

Risky behaviours

Risk is in the eye of the beholder however there’s some common things I would say are generic risks which will affect gamers (and some crossover with general PC user risks) such as:

  • Running untrusted programs
  • Using cracked software
  • Disabling security systems
  • Using unknown tuning applications
  • Deploying configurations from forum posts
  • Deploying custom/modified drivers
  • Experimenting with game hacking (this is a good thing, just need to be careful with baddies installing backdoors etc.)
  • Weak credential hygiene (poor passwords/password re-use etc.)
  • Lack of MFA
  • Being scammed (generic scams, dodgy second-hand software sales etc.)
  • In game purchases

Threats

There are a huge range of threats online, In this post I’m looking at malware, cryptomining and account compromise. There are loads more threats which would include:

  • Fraud/Financial Crime
  • Identity Theft
  • Doxing
  • SWATING
  • Stalking
  • Cyber Bullying
  • Physical Attacks

However for today I’m largely looking at human to machine type threats.

Perhaps we can look at the wider threat/crime landscape another day!

Defences

  • The first one might seem cyber bloody obvious, but we need to talk about the kind of mad one, STOP DISABLING SECURITY SOLUTIONS! The performance impacts can vary from solution, but it really doesn’t make sense to weaken your entire security posture for a few extra FPS.
  • Consider using Protective DNS (PDNS)
  • The idea is to play games, have fun and NOT get pwn3d. Gamers are a target rich environment for a range of cyber threat actors, disabling security solutions is far more common than you would think.
  • Keep software up to date!
  • Use MFA where you can (ideally not email based!)
  • If you aren’t sure about software, use a public sandbox but also look at using virtual machines for analysis.
  • Be cautious, be on the lookout for dodgy interactions in forums.
  • Don’t just ran random executables and do some research on forum advice.
  • Look to leverage password managers.
  • Take regular backups and keep an offline backup (disconnected/offline disk etc.)
  • Be mindful of your home router/firewall configurations.
  • Change your router default passwords.
  • Don’t re-use credentials and also look to use passphrase where you can (long is strong!)

There’s probably a ton more we could go into, but this is really a starter for 10! You can performance tune/tweak without breaking all the OS security features.

I’m going to post this, but I’d consider this a stater post, I’ll probably add to this over time! It’s important we keep the gamer community safe whilst also encouraging safe exploration. Some game hackers (the good type) are AMAZING!

References

I could spend forever finding examples but here’s a few key items to consider:

https://www.theregister.com/2023/04/24/microsoft_windows_driver_aukill_ransomware/

https://store.steampowered.com/hwsurvey/Steam-Hardware-Software-Survey-Welcome-to-Steam

Malware increasingly targets Discord for abuse

Related articles

Copyright (c) Xservus Limited