A new report from Akamai Technologies reveals that video game companies were a target for black hat hackers between 2018 – 2020. The report titled “State of the Internet / Security report, Gaming: You Can’t Solo Security” also notes an uptick in attack traffic that correlates with COVID-19-related lockdowns. In addition, the report examines motivations driving the attacks and steps gamers can take to help protect their personal information, accounts, and in-game assets. Finally, the report includes highlights from a forthcoming survey on gamer attitudes toward security, which Akamai conducted with DreamHack, the premier gaming lifestyle festival.
“The fine line between virtual fighting and real-world attacks is gone,” said Steve Ragan, Akamai security researcher and author of the State of the Internet / Security report. “Criminals are launching relentless waves of attacks against games and players alike in order to compromise accounts, steal and profit from personal information and in-game assets, and gain competitive advantages. It’s vital that gamers, game publishers, and game services work in concert to combat these malicious activities through a combination of technology, vigilance, and good security hygiene.”
The Akamai 2020 State of the Internet / Security report, Gaming: You Can’t Solo Security is available here.
The new report stresses those game players themselves are subjected to a steady barrage of criminal activity, largely through credential stuffing and phishing attacks. Akamai observed more than 100 billion credential stuffing attacks from July 2018 to June 2020. Nearly 10 billion of those attacks targeted the gaming sector. To execute this type of attack, criminals attempt to access games and gaming services using lists of username and password combinations that are typically available for purchase via nefarious websites and services. Each successful login indicates a gamer’s account has been compromised.
Phishing is the other primary form of attack used against gamers. In this method, bad actors create legitimate-looking websites related to a game or gaming platform with the goal of tricking players into revealing their login credentials.
Akamai also saw 10.6 billion web application attacks across its customers between July 2018 and June 2020, more than 152 million of which were directed toward the gaming industry. The significant majority were SQL injection (SQLi) attacks intended to exploit user login credentials, personal data and other information stored in the targeted server’s database. Local File Inclusion (LFI) was the other notable attack vector, which can expose player and game details that can ultimately be used for exploiting or cheating. Criminals often target mobile and web-based games with SQLi and LFI attacks due to the access to usernames, passwords and account information that comes with successful exploits.
Between July 2019 and June 2020, more than 3,000 of the 5,600 unique DDoS attacks Akamai observed were aimed at the gaming industry, making it by far the most-targeted sector.
Recalling the Mirai botnet, which was originally created by college students to disable Minecraft servers, and later used to launch some of the largest-ever DDoS attacks, the report notes that the gaming-related DDoS attacks spiked during holiday periods, as well as typical school vacation seasons. This serves as a likely indicator that the responsible parties were home from school.
While video games served as a major outlet for entertainment and social interaction during the COVID-19-driven lockdowns earlier in the year, criminals also took advantage of the pandemic. A notable spike in credential stuffing activity occurred as isolation protocols were instituted around the world. Much of the traffic was the result of criminals testing credentials from old data breaches in attempts to compromise new accounts created using an existing username and password combinations.
Though many gamers have been hacked, far fewer appear to be concerned. In an upcoming survey of gamer attitudes toward security conducted by Akamai and DreamHack, 55 percent of the respondents who identify as “frequent players” admitted to having had an account compromised at some point; of those, only 20 percent expressed being “worried” or “very worried” about it.
The report posits that even though avid gamers might not recognize the value in the data associated with their accounts, criminals most certainly do.
The Akamai/DreamHack survey also found that gamers consider security to be a team effort, with 54 percent of the respondents who acknowledged being hacked in the past feeling it is a responsibility that should be shared between the gamer and game developer/company. The report outlines steps that gamers can take to protect themselves and their accounts such as using password managers and two-factor authentication along with unique, complicated passwords. It also points to resource pages that most game companies publish where gamers can opt into additional security capabilities.
“Gaming has always brought communities together, so all of us at DreamHack want to ensure our valued communities of fans and players are protected from cyberattacks of this nature,” said DreamHack Chief Strategy Officer Tomas Lykedal. “These findings are important so everyone involved can also help ensure that, together, we are doing all we can to protect privacy and personal information when engaging on these world stages and global platforms.”
The fact remains: Gamers are highly targeted because they have several qualities that criminals look for. They’re engaged and active in social communities. For the most part, they have disposable income, and they tend to spend it on their gaming accounts and gaming experiences. When these factors are combined, criminals see the gaming industry as a target-rich environment.
For additional information, the security community can access, engage with, and learn from Akamai’s threat researchers and the insight that the Akamai Intelligent Edge Platform affords into the evolving threat landscape, visit Akamai’s Threat Research Hub.
