Sunday, April 18, 2010

Sunbelt warns on game console security risks

16 April 2010

Sunbelt Software has warned businesses to be aware of the growing security risks posed by network-connected game consoles in the work environment.
The problem, Sunbelt says, stems from the increased use of network-connected consoles in break and waiting areas, which heightens the chances of distributed denial of service (DDoS) and phishing attacks

Sunbelt has issued its warning after a study of more than 200 senior IT figures in the public and private sector, which reveals that 39% had no idea about any of the documented threats that relate to online console gaming, including DDoS attacks, phishing and social engineering.

The study also found that 80% of those questioned said their organisations keep no record of who uses the game consoles within the workplace, making it almost impossible to track down the source of any data leaks or brand-damaging in-game behaviour that might take place via services such as Xbox Live and Sony PlayStation.

According to Sunbelt, console users participating in online play risk exposing both their IP address, increasing the risk of that address being targeted for DDoS attacks designed to cripple the target's internet connection.

These types of attacks, which can render the organisation's connection unusable, are frequently used by opportunistic criminals and disgruntled players, the company says.

And, the IT security vendor adds, innocent players in the workplace are also potential targets for social engineering and phishing scams intent on extracting usernames, passwords and other sensitive data from users via chat forums, in-game speech and email.

Chris Boyd, a senior threat researcher with the firm, who recently joined Sunbelt from Facetime Communications, said that there are benefits to having game consoles in the workplace, as they can boost morale by providing staff with a fun diversion during lunch and other break periods.

"Consoles, meanwhile, in the lobby and waiting areas help convey a sense of a modern, fun and tech-savvy organisation", he said.

"However, these benefits must be weighed against the business implications of a threat, such as a DDoS attack, which can harm productivity significantly", he added.

"In most cases, the most practical option for an organisation is to disconnect consoles from the internet and use them for offline play only."



This article is featured in:
Application Security • Compliance and Policy • Data Loss • Internet and Network Security • Malware and Hardware Security

No comments:

Post a Comment