The global video game industry suffered over 240 million web application attacks in 2020, a 340% increase from 2019, as more people turn to digital entertainment to overcome the pandemic.
The top attack vector was SQL injection, which targets player login credentials and personal information, was the number one web application attack vector in 2020, accounting for 59% of all attacks against the gaming industry, according to Akamai Internet Status / Security report.
This was followed by 24% local file inclusion attacks, which target sensitive details in applications and services that can further compromise game servers and accounts. Cross-site script and remote file inclusion attacks represented 8% and 7% of observed attacks, respectively.
Mobile games have not been spared either, with those with in-app purchases facing a barrage of attacks, with cybercriminals looking for any opportunity to exploit gamers who spend real money on virtual items. in-game such as skins, character upgrades, and additional levels.
The report also highlighted a recent example of bad actors using a phishing kit to steal email addresses, passwords, login details and geolocation information from players that they then sold on to the criminal markets.
“The criminals are relentless and we have the data to show it,” said Steve Ragan, security researcher at Akamai and author of the report. “We are seeing remarkable persistence in the video game industry’s defenses tested daily – and often hourly – by criminals looking for vulnerabilities to breach servers and expose information. We are also seeing many group chats forming on popular social networks that are dedicated to sharing attack techniques and best practices.
The video game industry also suffered nearly 11 billion ID jam attacks in 2020, an increase of 224% from the previous year. The attacks were regular and significant, occurring at a rate of millions a day, with two days of peaks of over 100 million.
In fact, credential stuffing attacks were so common last year that lists of stolen usernames and passwords were available for as little as $ 5 on rogue websites.
“Recycling and using simple passwords makes credential stuffing a constant problem and an effective tool for criminals,” said Ragan. “A successful attack on one account can compromise any other account where the same combination of username and password is used. Using tools like password managers and enabling multi-factor authentication where possible can help eliminate recycling and make it much more difficult for attackers to execute successful attacks. .
Led by the Asia-Pacific region, the global gaming industry is expected to be worth more than $ 178 billion by 2021. Akamai has identified major gaming markets such as China, Japan and South Korea as primary targets cyberattacks in the region, which has seen record numbers of people turning to gambling for escape, entertainment and social interaction.