The video game industry and gamers have faced more than 10 billion cyber attacks in the last couple of years, with attacks accelerating in a pandemic. report provides an online delivery and cloud services company Akamai.
The report found hackers tested nearly 10 billion evidence-filling attacks, where hackers use stolen login credentials to take over an account, Steve Ragan, a security researcher and report writer for Akamai, told GamesBeat in an interview.
There have also been 152 million web application attacks in the industry, e.g. SQL injection (SQLi) attacks, 2018-2020, according to Cambridge, Akamai, Massachusetts.
“When games move online and use cloud infrastructure and games between platforms and different generations, that’s the surface of the attack,” Ragan said. “Now these gaming companies are doing their best to protect their players and games. I’m still worried because it’s a huge target for criminals. And if the last two years have shown anything that we show in the report, the criminals are persistent, they are not wasting time, they will go after everything and everything, if it will be in front of them. And the larger the attack surface, the more space they have to play. “
An increase in attack flow was observed in the report, which correlates with COVID-19-related locks. In addition, the report examines the motivations for the attacks and the actions players can take to protect their personal information, accounts, and game assets. Akamai also showed some data from a survey conducted with DreamHack, the gaming lifestyle festival.
“The elephant in the room is a pandemic,” Witch said. “Players are social beings. When things started to get stuck, the players delved into their games. This is good for criminals. They did not spend time in the gaming sector. And they were lucky. “
The witch said players should be aware that they are constantly experiencing a barrage of criminal activity, largely due to power-filling.
From 2018 July. Until 2020 June Akamai has detected more than 100 billion recognition attacks in all industries. Nearly 10 billion attacks have been targeted at the gaming sector. To carry out this type of attack, criminals try to log in to games and gaming services using lists of username and password combinations that are usually available through dirty websites and services. Each successful login indicates that the player’s account has been compromised.
Deception is another major form of attack used against players. Using this method, bad characters create legitimate-looking sites associated with a game or gaming platform in order to trick players into disclosing their login details.
“This report provides a context for what is happening in the criminal market,” Ragan said. “Criminals take over bills so they can sell them.”
From 2018 July. Until 2020 June Akamai has hit 10.6 billion web application attacks on its customers, of which more than 152 million have targeted the gaming industry. The vast majority were SQL injection (SQLi) attacks designed to use user credentials, personal data, and other information stored in a target server database.
Local File Inclusion (LFI) was another notable attack vector that could reveal player and game details that could eventually be exploited for exploitation or deception. Criminals for mobile and online games often use SQLi and LFI attacks for access to usernames, passwords, and account information that is provided successfully.
From 2019 July. Until 2020 Of the more than 3,000 unique Distributed Denial of Service (DDoS) attacks observed by Akamai in June, targeted the gaming industry, making it the most targeted sector.
Recalling the Mirai botnet, originally created by college students to disable Minecraft servers and later using some of the largest DDoS attacks of all time, the report notes that game-related DDoS attacks have increased during the holidays, as well as during typical school holiday seasons. . This is a plausible indicator that the responsible parties were at home from school.
While many players have been hacked, there seems to be much less worry. In a future survey of players’ attitudes to security by Akamai and DreamHack, 55% of respondents who are identified as “frequent players” admitted that the bill was breached at some point; of these, only 20% said they were “worried” or “very worried”.
“There’s a huge disconnection out there, even though many players weren’t able to recover the damaged account,” Ragan said.
The witch said the players should be worried. Hackers can lock users from compromised accounts and buy many items, such as game skins, and move them to other accounts. The user gets stuck in the account and the hacker makes a loot.
“If I don’t pay attention, the next thing I know, I get a $ 10,000 credit bill because someone went out and bought like 100 skins, or worse, my child’s account is broken and now that criminals who bought that skin are charging the bill. and then turn it over, ”Ragan said.
The report says that while passionate gamers may not recognize the value of the data associated with their accounts, criminals certainly recognize it.
The Akamai / DreamHack survey also showed that players see safety as a team effort, and 54% of respondents who admitted to being hacked in the past feel that this is a responsibility that should be shared between the player and the game developer / company.
The report outlines the steps players can take to protect themselves and their accounts, such as using password managers and two-factor authentication along with unique, complex passwords. It also points to resource pages that most gaming companies publish where players can choose additional security options. The witch said it was worth paying for online bills with gift cards rather than credit cards.
The fact remains: players are highly targeted because they have several traits that criminals are looking for. They are engaged and active in social communities. They mostly have disposable income and tend to spend it on their gaming accounts and gaming experience. By combining these factors, criminals see the gaming industry as a rich target environment.
The witch said esports tournaments are also a cause for concern as many fans are betting on them. When money is threatened, hackers will find a way to try to manipulate the results of the tournament, possibly attacking some players to lose them, Ragan said.