Cyber ââattack traffic targeting the video game industry has grown more than any other industry over the past year. COVID-19[female[feminine pandemic. According to Akamai’s report, the video game industry suffered more than 240 million web application attacks in 2020, an increase of 340% from 2019.
Mobile games with in-app purchases are also subject to a constant barrage of attacks, according to the report. Criminals look for any opportunity to exploit players who spend real money on virtual in-game items such as skins, character upgrades, and extra levels.
The report highlights a recent example in which malicious actors used a phishing kit to steal email addresses, passwords, login details, and geolocation information from players that they then resold on. criminal markets.
“Criminals are relentless, and we have the data to show it,” said Steve ragan, Akamai security researcher and author of the report. âWe are seeing remarkable persistence in the video game industry’s defenses tested daily – and often hourly – by criminals looking for vulnerabilities to breach servers and expose information. We are also seeing many group chats forming on popular social networks that are dedicated to sharing attack techniques and best practices.
Attacks observed against the video game industry
SQL Injection (SQLi), which targets player login credentials and personal information, was the main web application attack vector in 2020, accounting for 59% of all observed attacks against the gaming industry. .
This was followed by 24% Local File Inclusion (LFI) attacks, which target sensitive details in applications and services that can further compromise servers and game accounts. Cross-Site Scripting Attacks (XSS ) and remote file inclusion (RFI) accounted for 8% and 7% of observed attacks, respectively.
The video game industry suffered nearly 11 billion credential jamming attacks in 2020, an increase of 224% from the previous year. The attacks were regular and extensive, occurring at a rate of millions a day, with two days of peaks of over 100 million. Right after phishing in terms of popularity of takeover attacks, credential stuffing attacks were so common in 2020 that lists of stolen usernames and passwords were available for too. little that $ 5 on illegal websites.
âRecycling and using simple passwords makes credential stuffing a constant problem and an effective tool for criminals,â said Ragan. âA successful attack on one account can compromise any other account where the same combination of username and password is used. Using tools like password managers and the multi-factor authentication option where possible can help eliminate recycling and make it much more difficult for bad actors to execute successful attacks.