Akamai report points to surge in cyberattacks against gamers during pandemic

Between 2018 and 2020, the video game industry suffered nearly 10 billion credential stuffing attacks and 152 million web application attacks, according to a report from Akamai, the intelligent edge platform responsible for delivering secure digital experiences. Attacks have surged during the coronavirus quarantine.

Akamai also observed 10.6 billion web application attacks against its customers between July 2018 and June 2020, of which more than 152 million were against the gaming industry, the vast majority of which were SQL injection (SQLi) attacks .

Steve Ragan, Akamai security researcher and author of the State of Internet Security Report, said: “The line between virtual battles and real-world attacks has disappeared. Criminals are continually launching attacks on games and players to compromise accounts, steal personal information and game assets. And profit from it, as well as gain a competitive advantage. It is important that gamers, game publishers and game services work together to combat these malicious activities using a combination of technology, vigilance and good security practices.”

The report pointed to an uptick in attack traffic related to COVID-19 quarantines. In addition, the report examines attacker motivations and explores what gamers can do to keep their personal information, accounts, and game assets safe. Finally, the report draws the main points from a forthcoming survey – a survey of players’ attitudes towards security, conducted by Akamai in partnership with the well-known esports carnival DreamHack.

From July 2018 to June 2020, Akamai observed over 100 billion credential stuffing attacks. Nearly 10 billion of these attacks targeted the gaming industry. To launch this type of attack, criminals try to access games and gaming services using a list of username and password combinations, which are often available through some illicit websites and services. Each successful login indicates that a gamer’s account has been compromised.

Phishing is another major form of attack against gamers. In this approach, malicious attackers create legitimate-looking websites related to games or gaming platforms with the aim of tricking players into revealing their login credentials.

Akamai also observed 10.6 billion web application attacks on its customers between July 2018 and June 2020, with more than 152 million targeting the gaming industry. The vast majority of attacks are SQL injection (SQLi) attacks, which aim to exploit user login credentials, personal data, and other information stored in the target server’s database. Local File Inclusion (LFI) is another notable attack vector that can leak player and game details that can ultimately be used for exploits or cheating. Criminals often use SQLi and LFI attacks to target mobile and web games because successful exploitation of the vulnerability gives criminals access to usernames, passwords, and account information.

Between July 2019 and June 2020, Akamai observed 5,600 different DDoS attacks, with more than 3,000 targeting the gaming industry, making the industry by far the most attacked industry. The report reviews the Mirai botnet. The botnet was originally created by college students to force Minecraft servers to stop, and later used to launch some of the largest DDoS attacks in history. The report noted that gaming-related DDoS attacks spiked during holidays and school holidays. This likely indicates that the attackers returned home from school.

While many gamers have been hacked, few seem to worry about it. In a forthcoming survey by Akamai and DreamHack, which examines gamer attitudes toward security, 55% of respondents who are considered “senior gamers” admit to having experienced account theft; Only 20% of them said they were “concerned” or “very concerned” about the issue.

The report argues that even avid gamers may not realize the value contained in the data associated with their accounts, while criminals can.

The Akamai and DreamHack survey also found that gamers view security as a multi-party effort. Of the respondents who admitted to having been hacked in the past, 54% believed it was a shared responsibility between gamers and game developers/companies. The report outlines steps gamers can take to protect themselves and their accounts, such as using password managers, two-factor authentication, and unique and complex passwords. The report also notes that most gaming companies publish resource pages from which gamers can choose to use additional security features.

The fact remains that gamers are prime targets because several of their characteristics are exactly what criminals want. They are actively involved in community activities. In most cases, players have disposable income and tend to spend it on gaming accounts and gaming experiences. These factors combine to lead criminals to view the gaming industry as an environment rich in targets.

Akamai’s 2020 State of Internet Security Report – Gaming: Staying Safe Can Go Alone is available for download here: .