Micko1986 - Fotolia
The global video game industry suffered more than 240 million web application attacks in 2020, a 340% increase over 2019, as more people turn to digital entertainment to tide over the pandemic.
The top attack vector was SQL injection, which targets player login credentials and personal information. It was the top web application attack vector in 2020, representing 59% of all attacks against the gaming industry, according to Akamai’s State of the internet/security report.
That was followed by local file inclusion attacks at 24%, which target sensitive details within applications and services that can further compromise game servers and accounts. Cross-site scripting and remote file inclusion attacks accounted for 8% and 7% of observed attacks, respectively.
Mobile games were not spared either, with those incorporating in-app purchases subject to a barrage of attacks as cyber criminals seek any opportunity to exploit players who spend real money on virtual, in-game items such as skins, character enhancements and additional levels.
The report also highlighted a recent example of bad actors using a phishing kit to steal player email addresses, passwords, login details and geolocation information that they subsequently sold on criminal markets.
“Criminals are relentless, and we have the data to show it,” said Steve Ragan, Akamai security researcher and author of the report. “We’re observing a remarkable persistence in video game industry defences being tested on a daily – and often hourly – basis by criminals probing for vulnerabilities through which to breach servers and expose information. We’re also seeing numerous group chats forming on popular social networks that are dedicated to sharing attack techniques and best practices.”
The video game industry also suffered nearly 11 billion credential stuffing attacks in 2020, marking a 224% increase over the previous year. The attacks were steady and large, taking place at a rate of millions per day, with two days seeing spikes of more than 100 million.
In fact, credential stuffing attacks were so common last year that bulk lists of stolen usernames and passwords were available for as little as $5 on illicit websites.
“Recycling and using simple passwords make credential stuffing such a constant problem and effective tool for criminals,” Ragan said. “A successful attack against one account can compromise any other account where the same username and password combination is being used. Using tools like password managers and opting into multi-factor authentication wherever possible can help eliminate recycling and make it far more difficult for bad actors to execute successful attacks.”
Led by the Asia-Pacific region, the global gaming industry is predicted to be worth over $178bn by 2021. Akamai singled out major gaming markets such as China, Japan and South Korea as prime targets for cyber attacks in the region which has seen a record number of people turning to gaming for escapism, entertainment and social interaction.
Read more about cyber security in APAC
- Southeast Asian e-commerce giant Lazada is looking to uncover more vulnerabilities that could compromise data security in a public bug bounty programme that offers up to $10,000 per bounty.
- Security experts at Black Hat Asia 2021 discuss the state of ransomware and supply chain attacks, two of the most common attack vectors that offer high returns for threat actors.
- Australia’s Channel Nine was taken off the air by a cyber attack on its IT systems that disrupted live broadcasts out of its Sydney broadcasting facility.
- Security operations teams in India and Japan see the increased volume of cyber threats as their biggest challenge amid the Covid-19 pandemic.