Cyber Attack Games

The Cyber Attack Games

Engage, Educate, and Empower: Introducing Cyber Attack Prevention © 2024 TST Games!

If you work, or volunteer for a charity, or voluntary organisation and looking to learn how to protect its data in a fun and interactive way you are in the right place. Our Cyber Attack Prevention Games are designed to captivate, educate, and inspire, while supporting your noble cause. Cyber games are designed to boost your knowledge on various types of cyberattacks and best practices for preventing them. Perfect for educational purposes, training sessions, and even volunteer training, these games combines learning with entertainment to make cyber security education accessible and enjoyable.

Why Play the Cyber Attack Prevention Games?

1. Educational and Fun: Dive into a series of stages that each focus on different types of cyberattacks, including Malware, Phishing, DOS, DDoS, MitM, SQL Injection, XSS, Brute Force Attacks and many more. Each stage of the attack presents scenarios and questions that challenge you to choose the best actions to protect your system, helping you learn essential cyber security practices in a playful way.

2. Support Charities and Causes: By integrating this game into charity events or volunteer activities, you can raise awareness and funds for important causes. The game’s interactive format attracts participants and encourages them to engage more deeply with your mission, all while learning valuable skills.

3. Interactive: Each stage of the game addresses a specific type of malware with multiple-choice questions about prevention and response strategies. Interactive games reflect your charity’s focus or the specific educational goals of your training, or event.

4. Engage and Educate: Charity workers and volunteers will navigate through various stages, making decisions that impact their score and learning about effective cyber security measures. This hands-on approach ensures that they remember key concepts and practices better.

5. Track Progress and Impact: With built-in features to track scores and monitor progress, you can easily assess participants’ understanding and engagement. Celebrate achievements and use the results to spark conversations about cyber security.

6. User-Friendly Design: The game is designed to be intuitive and easy to set up. Whether it’s for an in-person training, event or an online campaign, integrating this game into your activities is simple and straightforward.

How It Works:

1. Stage-by-Stage Learning: Players progress through different stages, each focusing on a specific type of cyber attack. They answer questions about prevention, impact, and response, receiving feedback on their choices to enhance their learning experience.

2. Score and Feedback: Correct answers earn points and contribute to the overall score, while incorrect answers highlight risks and provide educational feedback. The game keeps players motivated and engaged as they strive to improve their score.

3. Final Challenge and Restart: After completing all stages, players see their final score and can choose to play again. This replayability encourages continuous learning and practice.

4. Easy Restart and Reset: The game includes options to restart or reset, allowing for multiple rounds of play and ensuring that everyone gets a chance to learn and improve.

Get Involved!

Bring the Cyber Attack Game to your next training, event or integrate it into your training programmes. It’s not just a game—it’s a tool to educate, engage, and inspire action in a fun and interactive way. Perfect for charity organisations, volunteers, and educational institutions, this game makes cyber security learning accessible and enjoyable.

Ready to make a difference? 

Contact us today to incorporate the Cyber Attack Game into your next initiative and watch as your community learns and grows while supporting a great cause!

Together, let’s create a brighter future—one game at a time!

Cyber Attack Prevention Game: 

"Lessons from London’s Harrowing Tale"

This game is a work of fiction created for educational and entertainment purposes only. The organisation depicted in this game does not exist, and any resemblance to actual organisations, people, or events is purely coincidental. The scenarios, names, and facts presented in this game are fictional and intended solely to illustrate various types of cyber threats and security practices.

The creators of this game make no claims regarding the accuracy or effectiveness of the strategies or information presented. It is advised that players use this game as a learning tool and consult professional resources for real-world cyber security advice and solutions.

A Charity’s Cyber Security Crisis: Lessons from London’s Harrowing Tale

In the bustling heart of London, the community-driven charity "Hope 4 Clean Air" dedicated itself to providing educational resources and support to underprivileged children. It was a noble mission, backed by passionate staff and generous donors. However, behind the scenes, the charity faced a series of increasingly sophisticated cyberattacks that threatened to undermine its work.

The Calm Before the Storm

It started with a seemingly benign email. Jenna, the charity’s development officer, received what appeared to be a routine donation request from a well-known supporter. The email was a classic case of spear phishing, crafted with such precision that it bypassed Jenna’s initial scrutiny. She clicked on a link that led to a malvertising page, initiating a series of events that would soon spiral out of control. Help the Hope 4 Clean Air charity navigate through a series of cyberattacks. Make the right decisions to save the charity or risk ruining it! 

The story below is divided into stages where you can carefully analyse how each attack unfolds.

1. Malware Infiltration

The malware embedded in the email was no ordinary virus; it was a sophisticated trojan. Once installed, it began quietly harvesting sensitive data. The trojan soon delivered a ransomware payload that encrypted vital financial records, demanding a hefty sum in cryptocurrency to unlock them. To make matters worse, a rootkit installed by the malware allowed attackers to hide their activities, leaving the charity unaware of the full extent of the compromise.

2. Phishing Scams Escalate

As Jenna’s email was compromised, the attackers launched a whaling attack, targeting senior staff members with emails that looked like they came from trusted partners. Additionally, a clone phishing attack used a copy of the original phishing email, but with a malicious link that led to another set of compromised credentials.

3. Denial of Service Disruptions

Meanwhile, the charity’s website experienced a series of Distributed Denial of Service (DDoS) attacks. The attackers employed volumetric attacks to overwhelm the website with traffic, and application layer attacks to crash the donation forms, preventing any online contributions. 

4. Man-in-the-Middle Manipulations

The attackers didn’t stop there. They utilised Wi-Fi eavesdropping in a nearby café, intercepting unencrypted communications from the charity’s staff working remotely. This enabled them to execute a session hijacking attack, giving them control over critical accounts and further compromising the charity’s operations.

5. SQL Injection Exploits

In their relentless pursuit, the attackers also exploited the charity’s poorly secured database. Using union-based SQL injection, they extracted confidential donor information, including credit card details and personal addresses. The failure to implement basic security measures, like input validation, allowed these attacks to succeed.

6. Cross-Site Scripting (XSS) Vulnerabilities

On the charity’s website, attackers discovered vulnerabilities allowing for reflected XSS attacks. They used this to inject malicious scripts into donation forms, capturing donor credentials and spreading further malware. The absence of proper input sanitisation and output encoding made the site a prime target.

7. Brute Force Attacks

With the compromised credentials, the attackers employed credential stuffing techniques, gaining unauthorised access to several systems. They used these credentials in brute force attacks against other accounts, further penetrating the charity’s network.

8. Social Engineering Schemes

Inside the charity, pretexting and baiting were used to manipulate staff into providing additional access. One employee was tricked into giving away their login credentials under the guise of a routine system upgrade.

9. Advanced Persistent Threats (APTs)

Over time, the attacks revealed themselves to be part of a broader APT operation. It became clear that corporate espionage was behind the attacks, with the goal of stealing sensitive information that could be sold or used for further malicious activities.

10. Insider Threats and Zero-Day Exploits

In the wake of the chaos, suspicion turned to several staff members who had inadvertently played a role. The charity faced negligent insider threats, as some staff members had failed to follow security protocols. Additionally, zero-day exploits targeting vulnerabilities in the charity’s software added another layer of complexity to the attacks.

11. Drive-By Downloads

The attackers also used compromised websites to deliver drive-by downloads to unsuspecting visitors. This further spread the malware and exacerbated the damage.

12. Password Attacks and CSRF

To top it off, the attackers conducted password spraying attacks and exploited CSRF vulnerabilities in the charity’s login systems, further gaining unauthorised access to sensitive areas of the charity’s network.

13. DNS Attacks

Lastly, the attackers used DNS spoofing to redirect visitors from the charity’s website to malicious sites, further degrading trust and disrupting operations.

The Road to Recovery

The charity’s leadership acted swiftly to address the breach. They engaged cyber security experts who helped them understand the full extent of the attacks. Immediate steps included:

• Enhanced Security Measures: Implementing multi-factor authentication, encryption, and regular security audits.

• Staff Training: Conducting workshops to educate staff on recognising phishing attempts and practicing good cyber security hygiene.

• System Updates: Patching vulnerabilities and updating software to protect against known exploits.

• Incident Response Plan: Developing a comprehensive incident response plan to handle future threats more effectively.

The crisis served as a harsh reminder of the importance of robust cyber security practices, even for organisations dedicated to charitable causes. With Help "Hope4Clean Air" to emerge more resilient, with a strengthened security posture and a renewed commitment to protecting both their staff and volunteers and their mission. In the end, the story of "Hope4Clean Air" became a case study in London for other organisations, underscoring the critical need for vigilance in the ever-evolving landscape of cyber threats.

Cyber Attack Prevention Game: 

"Highland Bake-off: The Cyber Showdown"

Game Title: "Highland Bake-off: The Cyber Showdown"

In the picturesque Highlands of Scotland, the annual "Highland Bake-off" is more than just a competition - it's a beloved tradition that brings together the community to celebrate the finest in Scottish baking. From buttery shortbread to rich fruitcakes, the event is a showcase of culinary excellence. However, this year, the event faces an unprecedented challenge - not from rival bakers, but from a series of cyberattacks threatening to crumble the very foundation of the competition.

Players take on the role of Fiona MacLeod and, or Stuart Mclaughlan, the tech-savvy granddaughter of the event’s founder, and her friend who are determined to save the Highland Bake-off from digital disaster. As Fiona / Stuart, you must navigate through a series of cyberattacks targeting the event’s online infrastructure, baking recipes, and even the participants themselves. Each stage presents a new challenge, requiring players to make quick decisions to protect the competition’s integrity, the participants' trust, and the beloved tradition.

The story below is divided into stages where you can carefully analyse how each attack unfolds.

Stage 1: Phishing for Recipes

Fiona and Stuart receives the same email claiming to be from Angus, a renowned baker, offering a secret shortbread recipe. The email looks legitimate but has a suspicious link.

Stage 2: Ransomware Rumble

The competition's official website is suddenly encrypted by ransomware, demanding a payment in cryptocurrency to restore access.

Stage 3: DDoS Disruption

On the day of the event, the Bake-off's live streaming platform is hit by a DDoS attack, threatening to cut off remote viewers.

Stage 4: SQL Injection in the Shortbread Showdown

A malicious actor exploits a vulnerability in the Bake-off’s voting system, attempting to skew the results in favor of a particular contestant.

Stage 5: XSS in the Cake Category

A contestant’s entry form is compromised by an XSS attack, leading to the spread of malware among participants.

Stage 6: The Insider Threat

A trusted staff member (driver) is found leaking sensitive information about the Bake-off to a rival event.

Stage 7: The Zero-Day Crisis

Just as the winners are about to be announced, a zero-day exploit is discovered in the event's app.

Final Stage: The DNS Disaster

The Bake-off’s domain is under attack through DNS spoofing, redirecting visitors to a malicious site.

Endgame: 

After successfully navigating all the cyber threats, Fiona and Stuart manages to save the Highland Bake-off, ensuring it remains a cherished tradition for years to come. The community celebrates not only the culinary achievements but also the resilience and vigilance that kept the event safe from modern threats.

Game Features:

• Interactive Decision-Making: Players face real-world inspired cyber security challenges and must make quick, informed decisions to protect the event.

• Scottish Cultural Elements: The game is infused with Scottish heritage, from the characters and dialogue to the landscapes and culinary references.

• Educational Content: Each stage provides insights into cyber security practices, making the game both entertaining and informative.

Gameplay Mechanics:

• Points System: Players earn points for making the right choices and can lose points for poor decisions.

• Multiple Endings: The game features different endings based on the player's decisions, offering replay value.

This game not only entertains but also educates players about the importance of cyber Security in a fun and culturally rich context.

Cyber Attack Prevention Game: 

"Welsh Tech Charity: The Cyber Security Crisis"

Game Title: "Welsh Tech Charity: The Cyber Security Crisis"

Overview:

In the heart of Wales, a beloved local tech charity, "Cymru Tech Volunteers," is renowned for creating websites and digital solutions for various community organisations. From promoting local events to supporting small businesses, the charity's impact on the region is profound. However, this year, the charity faces a series of devastating cyberattacks threatening to dismantle their valuable work.

Players take on the roles of Elinor Davies and Rhys Jones, dedicated volunteers of Cymru Tech Volunteers. As Elinor and Rhys, players must navigate through a series of cyberattacks targeting the charity's digital infrastructure, client websites, and internal systems. Each stage presents a new challenge, requiring quick and strategic decisions to protect the charity's operations, reputation, and community trust.

The story below is divided into stages where you can carefully analyse how each attack unfolds.

Stage 1: Phishing for Donations

Elinor and Rhys receive an email claiming to be from a major donor, asking them to click on a link to confirm a substantial donation. The email looks convincing but has suspicious elements.

Stage 2: Ransomware Rampage

The charity's website is suddenly locked by ransomware, demanding a cryptocurrency payment to regain access to their data and services.

Stage 3: SQL Injection in the Fundraising Database

A malicious actor exploits a vulnerability in the charity’s fundraising database, attempting to manipulate donation records and impact the results.

Stage 4: XSS in the Volunteer Sign-Up Form

   An attacker uses an XSS vulnerability in the volunteer sign-up form to spread malware to potential new volunteers and staff.

Stage 5: Insider Threat

A trusted staff member is discovered leaking confidential donor information to a competitor charity, risking reputational damage and trust.

Stage 6: The Zero-Day Exploit

Just before a critical grant application is submitted, a zero-day exploit is found in the charity’s application software, potentially compromising sensitive information.

Stage 7: DDoS Disruption

On the day of a major online fundraising event, the charity's live streaming platform is targeted by a DDoS attack, threatening to interrupt the event and alienate viewers.

8. Final Stage: DNS Spoofing Disaster

After the DDoS attack, the charity’s domain was also targeted by DNS spoofing, redirecting visitors to a fraudulent site that appears to be the charity’s official page.

Endgame:

After successfully navigating all the cyber threats, Elinor and Rhys manage to secure Cymru Tech Volunteers' operations, ensuring the charity continues to thrive and support the local community. The charity not only celebrates their successful fundraising efforts but also the resilience and cyber security measures that safeguarded their mission.

Game Features:

• Interactive Decision-Making: Players face realistic cyber security scenarios and must make informed decisions to protect the charity.

• Welsh Cultural Elements: The game is enriched with Welsh heritage, incorporating local language, customs, and landmarks into the narrative.

• Educational Content: Each stage provides insights into cyber security practices, making the game both entertaining and educational.

Gameplay Mechanics:

• Points System: Players earn points for making correct decisions and lose points for incorrect choices.

• Multiple Endings: The game offers different outcomes based on player decisions, encouraging replayability and deeper understanding of cyber security.

This game blends entertainment with education, highlighting the importance of cyber security in a culturally rich and engaging Welsh context.

Cyber Attack Prevention Arcade Game: 

"Cyber Defender"

Game Title: Cyber Defender!

Cyber Defender is an engaging and educational arcade-style game where players protect their digital system from an onslaught of viruses. The objective is to use a "paddle" to block viruses and variety of cyber attacks before they can reach the bottom of the screen, simulating a defense mechanism in a cyber security context. Get ready for an extremely challenging experience! Move the paddle to block the viruses and prevent all types of cyber attacks from overwhelming your system 

Gameplay Mechanics:

1. Controls:

   • Arrow Keys: Move the paddle left or right.

   • Mouse: Move the paddle horizontally by moving the mouse across the game screen. The paddle follows the horizontal position of the cursor.

Viruses and Cyber Attacks:

• Types: Viruses and cyber attacks come in various colors and names, each representing a different type of threat. 

Different types of viruses and attacks:

Level-Based Introduction of Cyber Attacks:

Level 0: Easy

• Viruses Introduced:

  • Trojan: Red  — Represents common malicious software.

  • Worm: Green — Symbolises self-replicating malware.

At this initial level, players only deal with the basic types of attacks to familiarise themselves with the gameplay mechanics. No additional cyber attacks are introduced, keeping the game relatively straightforward.

Level 1: Medium

• Viruses Introduced:

  • Trojan: Red 

  • Worm: Green 

  • Spyware: Blue  — Indicates software that spies on user activities.

As players progress to this level, they encounter an additional type of virus, increasing the complexity of the game. This requires players to adjust their strategy to handle a wider variety of threats.

Level 2: Hard

• Viruses Introduced:

  • Trojan: Red 

  • Worm: Green 

  • Spyware: Blue 

  • Ransomware: Purple — Represents malicious software that locks or encrypts files.

The introduction of Ransomware adds a new challenge, making it necessary for players to respond to even more diverse threats. This level aims to further test the player's reflexes and strategy.

Level 3: Very Hard

• Viruses Introduced:

  • Trojan: Red

  • Worm: Green 

  • Spyware: Blue 

  • Ransomware: Purple 

  • Adware: Yellow — Software that displays unwanted ads.

  • Malware: Red — Represents generic malicious software.

  • Phishing: Green — Tricks users into providing sensitive information.

  • DoS: Blue — Denial of Service attack that overwhelms systems.

  • DDoS: Brown — Distributed Denial of Service attack.

  • SQL Injection: Black — Exploits vulnerabilities in databases.

  • XSS: White — Cross-Site Scripting attack.

At this level, players face a combination of all previously introduced virus types and new, more sophisticated attacks. This level increases the game’s difficulty significantly, requiring players to handle multiple threats simultaneously.

Level 4: Extremely Hard

• Viruses Introduced:

  • All attacks from Level 3:

    • Trojan: Red 

    • Worm: Green 

    • Spyware: Blue 

    • Ransomware: Purple 

    • Adware: Yellow 

    • Malware: Red 

    • Phishing: Green 

    • DoS: Blue

    • DDoS: Brown

    • SQL Injection: Black

    • XSS: White

    • Brute Force: Yellow — Attack that tries multiple passwords.

    • Social Engineering: Orange — Manipulates users into divulging information.

    • APTs: Purple — Advanced Persistent Threats that stay hidden for long periods.

    • Insider Threat: Dark Red — Threats originating from within the organisation.

    • Zero-Day Exploit: Green — Exploits vulnerabilities unknown to the software creator.

    • Drive-By Download: Pink — Malware downloaded without the user’s consent.

    • Password Attack: Red — Attempts to crack passwords.

    • CSRF: Lime — Cross-Site Request Forgery.

    • DNS Attack: Magenta — Attacks targeting DNS servers.

    • IoT Attack: Cyan — Attacks targeting Internet of Things devices.

    • MitM: Silver — Man-in-the-Middle attack.

The final level includes all previously introduced attacks plus a range of additional sophisticated threats. The speed and frequency of attacks are at their highest, making this level extremely challenging. In this level, some attacks will drift away, and the player will have to move the paddle to stop them. Players must use all their skills to protect their system from a relentless onslaught of cyber threats.

• Behaviour: Viruses and attacks "fall" from the top of the screen at varying speeds depending on the difficulty level. Each type of attack has unique characteristics, such as different colors and names displayed on the screen.

Scoring:

• Each virus, or attack successfully intercepted by the paddle increases the player's score.

• The game ends when a virus, or attack reaches the bottom of the screen without being intercepted.

Start/Restart:

• Players can select different difficulty levels using buttons labeled Easy, Medium, Hard, Very Hard, and Extremely Hard.

• The game can be restarted by selecting a difficulty level again, which resets the game state.

Endgame:

• When a virus, or attack reaches the bottom of the screen, the game ends. A "Game Over" message is displayed along with the final score, indicating how well the player performed.

Educational Aspect:

• The game introduces players to basic concepts of cyber security by using familiar virus and attack names and demonstrating the importance of protective measures.

• It also develops quick reflexes and strategic thinking as players must decide where to position the paddle to intercept incoming threats.