Video game companies and players have been subjected to a high volume of attacks in the period from July 2018 to June 2020, a new report published by Akamai has found. This included 152 million web application attacks and 10 billion credential attacks targeting the gaming industry recorded during this period.
To execute credential stuffing attacks, malicious actors attempt to gain access to gamers online accounts by using lists of username and password combinations that are often available on nefarious websites and services.
In regard to the web application attacks carried out, a substantial majority were SQL injection attacks. These are designed to exploit data stored in the targeted server’s database, such as user login credentials and personal data. Another significant attack vector in this space was local file inclusion, which can expose player and game details that can ultimately be used for exploiting or cheating.
Akamai said that gamers were also heavily targeted by phishing attempts, in which criminals attempt to trick players into revealing their login credentials by creating legitimate-looking websites related to a game or gaming platform.
The security firm added that in the period from July 2019 to July 2020, gaming was the sector most targeted by DDoS attacks, on the receiving end of 3000 out of 5600 attacks of this kind.
A spike in attacks against the industry was additionally recorded during COVID-19 lockdowns earlier this year, when video games offered an important source of entertainment and social interaction.
The gaming industry has become an increasingly lucrative target for cyber-criminals due to its rise in popularity over recent years, according to the report; the sector was worth $159 billion in 2019 and is predicted to reach $200 billion by 2023.
Steve Ragan, Akamai security researcher and author of the report, commented: “The fine line between virtual fighting and real world attacks is gone. Criminals are launching relentless waves of attacks against games and players alike in order to compromise accounts, steal and profit from personal information and in-game assets, and gain competitive advantages. It’s vital that gamers, game publishers, and game services work in concert to combat these malicious activities through a combination of technology, vigilance, and good security hygiene.”