Cybercriminals and ransomware operators often play with their hacking skills, targeting victims for sensitive information. Despite enhanced security measures, threat actors targeted all sectors during the pandemic, and the online gaming industry has been the most affected.
According to research from Akamai Technologies, the gaming industry sustained more than 240 million web application attacks in 2020, which is a 340% surge from 2019. The “State of the Internet/Security report, Gaming in a Pandemic” highlighted the global crises that resulted in the rise of cyberattack traffic in the gaming industry.
Rise of Web Application Attacks
It was observed that SQL injection was the top web application attack in 2020, accounting for 59% of all attacks, followed by local file inclusion (LFI) attacks (24%). While Cross-site scripting (XSS) attacks accounted for 8%, remote file inclusion (RFI) attacks were recorded at 7%. Threat actors leveraged different kinds of web application vectors to target gamers’ login credentials and sensitive information stored within the applications.
The report also stated that the video game industry encountered nearly 11 billion credential stuffing attacks in 2020 — a 224% increase compared to last year. Cyberattacks on gamers and game developers were recorded at a rate of millions per day, with 100 million attacks within two days. Cybercriminals were found trading stolen credentials and other private data on various dark web markets, from other actors, to launch account take over, phishing, and credential stuffing attacks.
“Criminals are relentless, and we have the data to show it. We’re observing a remarkable persistence in video game industry defenses being tested on a daily – and often hourly – basis by criminals probing for vulnerabilities through which to breach servers and expose information. We’re also seeing numerous group chats forming on popular social networks that are dedicated to sharing attack techniques and best practices,” said Steve Ragan, Akamai security researcher and author of the State of the Internet / Security report.
“Recycling and using simple passwords make credential stuffing such a constant problem and effective tool for criminals. A successful attack against one account can compromise any other account where the same username and password combination is being used. Using tools like password managers and opting into multi-factor authentication wherever possible can help eliminate recycling and make it far more difficult for bad actors to execute successful attacks.”
Risks with Mobile Gaming Apps
Threat actors also frequently target mobile game apps and in-app purchases. They look for gamers’ purchase data or transaction details by creating fake mobile applications. Earlier, Google reportedly removed 21 malicious Android apps from its Play Store after discovering intrusive adware and Trojans in them. According to a report from security solutions provider Avast, the fraudulent apps were disguised as gaming apps and contained HiddenAds Trojan.