With the rising number of cyberattacks, such as ransomware attacks and cyber espionage, educating non-cybersecurity professionals to recognize threats has become more important than ever before. However, traditional training methods, such as phishing awareness campaigns, training videos and assessments have proven to be less effective over time. Therefore, it is time to rethink the approach on how to train cyber awareness. In this paper we suggest an alternative approach -- a serious game -- to educate awareness for common cyberattacks. While many serious games for cybersecurity education exist, all follow a very similar approach: showing people the effects of a cyber attack on their own system or company network. For example, one of the main tasks in these games is to sort out phishing mails. We developed and evaluated a new type of cybersecurity game: an attack simulator, which shows the entire setting from a different perspective. Instead of sorting out phishing mails the players should write phishing mails to trick potential victims and use other forms of cyberattacks. Our game explains the intention of each attack and shows the consequences of a successful attack. This way, we hope, players will get a better understanding on how to detect cyberattacks.

翻译：随着勒索软件攻击和网络间谍等网络攻击数量的增加，对非网络安全专业人士进行威胁识别教育变得比以往任何时候都更为重要。然而，传统的培训方法，如网络钓鱼意识宣传活动、培训视频和评估，已被证明随着时间的推移效果逐渐降低。因此，现在是时候重新思考如何培训网络安全意识了。在本文中，我们提出了一种替代方法——一款严肃游戏——用于教育人们对常见网络攻击的认识。尽管目前存在许多用于网络安全教育的严肃游戏，但它们都遵循一种非常相似的思路：向人们展示网络攻击对其系统或公司网络的影响。例如，这些游戏中的主要任务之一是识别网络钓鱼邮件。我们开发并评估了一种新型的网络安全游戏：一款攻击模拟器，它从不同的视角展示整个场景。玩家无需识别钓鱼邮件，而是应编写钓鱼邮件来诱骗潜在受害者，并使用其他形式的网络攻击。我们的游戏解释了每次攻击的意图，并展示了成功攻击的后果。通过这种方式，我们希望玩家能够更好地理解如何检测网络攻击。