Cyber-criminals are playing games with the gaming industry according to two new reports published by Akamai and Kaspersky.
The Akamai 2019 State of the Internet/Security Web Attacks and Gaming Abuse Report found that cyber-criminals have targeted the gaming industry by carrying out 12 billion credential-stuffing attacks against gaming websites, with a total of 55 billion credential-stuffing attacks across all industries within the 17-month period analyzed in the report (November 2017–March 2019).
SQL injection (SQLi) attacks account for 65% of all web application attacks, while local file inclusion (LFI) attacks only represent 24.7%, according to the report. As SQLi attacks have grown as an attack vector, the report found that the bridge between SQLi and credential-stuffing attacks is almost a direct line.
“One reason that we believe the gaming industry is an attractive target for hackers is because criminals can easily exchange in-game items for profit,” said Martin McKeay, security researcher at Akamai and editorial director of the State of the Internet/Security Report. “Furthermore, gamers are a niche demographic known for spending money, so their financial status is also a tempting target.”
In related news, research from Kaspersky confirmed that, unfortunately, more and more video games are being used to distribute malware to unsuspecting users. According to the research, more than 930,000 users were hit by malware attacks in the last 12 months, which cyber-criminals have achieved through crafting and distributing fake copies of popular video games, including "Minecraft," "Grand Theft Auto V" and "Sims 4."
Malware-disguised "Minecraft" accounted for around 30% of attacks, with over 310,000 users hit. Coming in at a distant second place was "Grand Theft Auto V," which targeted more than 112,000 users.
According to the researchers, criminals were also found trying to lure users into downloading malicious files pretending to be unreleased games. Spoofs of at least 10 pre-release games were seen, with 80% of detections focused on "FIFA 20," "Borderlands 3," and the "Elder Scrolls 6."
“For months now we see that criminals are exploiting entertainment to catch users by surprise – be it series of popular TV shows, premieres of top movies or popular video games,” said Maria Fedorova, security researcher at Kaspersky, in a press release.
“This is easy to explain: people can be less vigilant when they just want to relax and have fun. If they’re not expecting to find malware in something fun they’ve used for years, it won’t take an advanced-threat like infection vector to succeed. We urge everyone to stay alert, avoid untrusted digital platforms and suspicious-looking offers, install security software and perform a regular security scan of all devices used for gaming.”