According to an Akamai Technologies “State of Internet and Security report”, the gaming industry was victim to quite a many cyberattacks that were seen growing on a fierce rate that shares a large amount of cases compared to other web based industries amidst the Covid-19 pandemic.
The video gaming industry saw more than 240 million web attacks in the year 2020. More precisely, Akamai tracked 246,064,297 web attacks that took place in 2020 directed towards only the gaming industries around the globe, representing around 4% of the 6.3 billion attacks that took place in that particular year. According to the Akamai’s previous reports and stats, since the year 2018 around 415% spike was seen on the web attacks targeting the gaming industry alone.
“In fact, the year-over-year change globally for web application attacks was only 2%, meaning that gaming saw more growth in attack traffic than any other industry in 2020,” According to the report.
“Criminals are relentless, and we have the data to show it, we’re observing a remarkable persistence in video game industry defenses being tested on a daily – and often hourly – basis by criminals probing for vulnerabilities through which to breach servers and expose information. We’re also seeing numerous group chats forming on popular social networks that are dedicated to sharing attack techniques and best practices.” said Steve Regan, Akamai’s security researcher and the author of the report.
Not just the web-attacks but the gaming industry also took a huge hit from the credential-stuffing attacks also, which also saw huge spike up to 224% compared to the 2019 report, though on the other side DDoS (Distributed denial-of-service) attacks saw a 20% drop.
Akamai also mentioned in the report that, these “cold and ruthless” cyber criminals showed a lot more interest in the gaming sector compared to the other web-based industries.
Apparently these cybercrooks are interested in abusing gamers and the gaming industry for a plenty of reasons. One of the recent incidents took place on the Steam gaming platform, where a malware was found by a security analyst that was lurking around the image file’s metadata. Steganography is an old technique to hide encrypted data on an image but using it on a gaming platform and hiding it in the image’s metadata is very new.
Here’s a few reasons why these Cybercrooks are behind the gaming industry.
– Empty Mind is a devils’ workshop, these attackers are just as bored.
– They share their work and plan their next attacks on various groups, that’s how most of them work only to get some attention or fame in their own little world.
– Several such attacking forums saw a bunch of SQLi and LFI tutorial videos circulating along with the keyword “Dorks”. SQLi and LFI is the preferred weapon of choice to program remotely trigger the automated attacks
– Credential Stuffing : With more amount of money involved in the in-game purchases or cosmetics, it’ll always be an attraction. “Second only to phishing, credential stuffing is the most common type of account takeover attack, mostly due to the multiple ways a compromised account can be leveraged by criminals,” as mentioned in the report.
Imperva is an IT security company that provides protection to various data and application software, Principal Security Engineer Alex Bakshtein said that the most effective and used tool to protect most of the web based attacks is WAF (Web Application Firewall).
“Input sanitization and proper file management practices are almost never sufficient on their own, even if they effectively minimize the risk of an RFI.” A WAF that monitors user inputs and filters out malicious requests using a combination of signature, behavioral and reputation-based security heuristics is “ideal. “The WAF is deployed as a secure proxy and blocks RFI attempts at the edge of the server—before they can interact with your web application.” – Alex’s opinion on the web based attacks.