Cyber-attacks on online gaming sites continue. In the latest attack, cybercriminals targeted websites associated with Square Enix, a Japanese video game maker. Attackers were successful in breaching the security of Eidosmontreal.com and other promotional websites related to upcoming games. Square Enix is the creator of popular online games such as Final Fantasy, Tomb Raider and Deus Ex. Information security professionals of the organization have temporarily shut down the websites and are investigating the security breach incident. Preliminary investigations suggest that attackers were successful in extracting 25,000 e-mail addresses and 350 resumes related to job applicants. The leaked e-mail addresses were associated with subscribers of product information updates. Attacker also defaced the websites with the words "owned by Chippy1337", Venuism, Xero and XiX. Information security professionals also traced logs of Instant Relay Chats (IRC), purportedly used by attackers while breaching the security of the sites. The latest attack follows security breach of Sony's PSN network and Sony Online Entertainment, and phishing threat to Xbox Live. Gaming sites seem to be on the radar of cybercriminals. Earlier, attackers used to target users with phishing e-mails, giving an impression that e-mails are arriving from a legitimate online gaming sites. The attacks on websites of Sony and Square Enix indicate that attackers are now launching direct attacks on online gaming sites to extract personal and financial information. The attack comes before the launch of Deus Ex: Human revolution.
Cybercriminals may use the stolen e-mail addresses to disseminate spam e-mails, launch phishing and spear-phishing attacks to extract personally identifiable information related to the target individuals.
Resumes contain sensitive information such as name, mailing address, e-mail address, contact number, date of birth, current and previous employment details, educational qualifications, and hobbies. Attackers may misuse such sensitive information to launch spear-phishing attacks. Attackers may also target the affected applicants by sending cleverly crafted e-mails from a legitimate company as a response to the resumes submitted by them and seek additional personal information. They may also use the information to misrepresent individuals, conduct identity theft, open fraudulent bank accounts, apply for credit cards and personal loans.
Organizations must place emphasis on ensuring security, confidentiality, and integrity of customer information. Professionals qualified in IT degree programs and penetration testing may help organizations in regular security assessment of websites. Hiring employees qualified in online IT degree
programs may ensure adherence to security guidelines and safe online computing practices.
Proactive identification and remediation of security flaws is crucial to strengthen the defenses of the IT infrastructure against sophisticated cyber-attacks. Information security specialists may keep themselves abreast of latest developments by participating in security conferences and undertaking online IT courses