Cyberattacks on the video game industry increased during the pandemic year, shooting 340%, showing Akamai’s gaming report from 2020.
Who is Akamai Technologies?
- Akamai Technologies Inc. is a global content delivery network (CDN), cloud service, and cybersecurity company that provides web and Internet security services.
- Their Intelligent Edge Platform is one of the world’s largest distributed computing platforms.
According to Gaming in a Pandemic, the latest report of Akamai Technologies, cyberattack traffic targeting the video game industry happened during 2020, growing at a fast rate that outpaced all other industries during the COVID-19 pandemic.
During the year of the pandemic, the gaming industry suffered more than 240 million web app attacks. Specifically, Akamai tracked 246,064,297 web app attacks on the gaming industry globally, representing roughly 4% of the 6.3 billion attacks the organization tracked over 2020. If we look back, we can see that since 2018, Akamai has witnessed a 415 % increase in web app attacks on the gaming market!
The latest State of the Internet and Security report of Akamai Technologies says that: “In fact, the year-over-year change globally for web application attacks was only 2%, meaning that gaming saw more growth in attack traffic than any other industry in 2020.”
However, web attacks rocked the gaming world; credential-stuffing attacks also increased by 224% over 2019. Strangely, DDoS (distributed denial of service) attacks dropped off nearly 20% over the same period.
It is clear by now that threat actors are interested in abusing gamers and the gaming field for various reasons. One specific most recent incident was the use of the Steam gaming platform to distribute malware. Security analysts found, last month, malware lurking in an image file’s metadata. It’s a steganography method, indeed not new, but using it on a gaming platform surely is.
Another reason, we can say, is money. According to some estimates made by analytics firm Newzoo, the global gaming market will hit $715 billion in 2021. Mobile game revenue is expected to account for 52% of this because gamers can easily exchange real cash for virtual currency for in-game skins and custom character enhancements.
Researchers from Akamai came across one scam where the attackers targeted an organization named Codashop, one of the biggest portals for gamers, spoofing its site and using it as bait for gaining access to gamers’ personal information and credentials. The Codashop phishing kit collected victims’ email addresses. Game login details, passwords, game usernames, player level, and tier, geolocation data, all that to be sold on criminal markets.
It seems like the scammers were just as bored as the rest of the world
Regarding to the 2020 gaming industry attack increase, researches from Akamai suggested that, rather than the attackers being motivated by profit, pandemic-era changed influenced them and seems like the fever spread in the “underground” as well as above-ground.
Alex Bakshtein, an architect, edge security at cybersecurity firm Imperva, says that:
“In the gaming space, these attacks are rarely motivated by money. More often than not, the attackers are doing it to get under the skin of other gamers or publishers, or even worse, just for their own amusement because they can.”Alex Bakshtein
According to the Akamai’s report: “While we were all at home, adjusting to the ‘new normal,’ trying to balance work, school, and day-to-day existence during a pandemic, many people turned to gaming as an outlet and means of personal connection. Criminals did this too. Make no mistake: While their intentions are malicious, they are still people. They talked to each other, they played games, and in some cases, this social bond meant they coordinated their efforts, to varying degrees.”
Akamai also found group chats about going after gamers on the popular Discord social platform, a platform that threat actors use to evade security to deliver info-stealers, RATs (remote-access trojans), and other malware. Their researchers also found Discord group chats on the technique, tools, and “best practices” of these top web attack vectors:
- SQL Injection (SQLi)
- Cross-Site Scripting (XSS)
- Local File Inclusion (LFI)
SQLi and LFI as the weapons of choice for Automated Attacks
While the web app attacks have increased, the attackers’ favorite attack vector had stayed the same. Akamai discovered that SQLi is still the number one attack vector in the gaming industry at 59%, followed by an LFI attack at 24%.
These two attack vectors are often coming from attackers who’ve automated their efforts and are haunting for “opportunistic situations,” explained the report, “where a new app, API, or account function wasn’t properly hardened and exposed.”
The main targets of LFI and LFI attacks are mobile and network-based games. Given that attackers may think such platforms are sitting ducks, the report states: “They’re likely “not as robustly defended as their desktop and console counterparts,” the attackers’ thinking goes.”
LFI attacks try to expose sensitive details within apps or services running ASP, JSP, or PHP languages. “Typically, LFI attacks lead to information disclosure, such as configuration files (that can be used to compromise the server or accounts further),” researchers observed. “In the case of the gaming industry, these attacks can expose player or account details that could be used for cheating or exploitation.”
The report stated that when SQLi attacks specifically target the gaming industry, they may generate login credentials, personal information, or anything else stored in public databases. The attacker then sells these credentials on the dark web market, and buyers continue to use them in credentialing attacks. On the other hand, XSS attacks and Remote File Inclusion (RFI) attacks come in at a distant third, at 8% and 7%, respectively.
According to Alex Bakshtein, the most commonly used tool to protect from a range of web app attacks is a web application firewall (WAF).
When talking about stopping SQLi attacks, a WAF relies on a large, constantly updated list of rigorously crafted signatures that allow it “to weed out malicious SQL queries surgically.” However, when it comes to RFI attacks, “input sanitization and proper file management practices are rarely sufficient on their own, even if they effectively minimize the risk of an RFI.” Alex Bakshtein considers that a WAF that monitors user inputs and filters out malicious requests using a combination of signature, behavioral and reputation-based security is ideal! When dealing with an XSS attack, Alex said that WAF “should use signature-based filtering to identify and block malicious requests.”
Bakshtein also added that modern WAFs should be integrated with other security solutions such as advanced bot protection. Therefore, a WAF can receive additional information that further augments its security capabilities!