Video game industry faced wave of cyberattacks during COVID pandemic: report
Traffic from cyber attacks targeting the video game industry has exploded during the COVID-19 pandemic.
Video games were hit by more than 240 million web application attacks in 2020, a 340% increase from 2019, according to Akamai’s new State of the Internet / Security report.
“The criminals are relentless,” Steve Ragan, Akamai security researcher and author of the report, said in a statement to FOX Business.
GET FOX BUSINESS ON THE GO BY CLICKING HERE
The global gaming market is expected to reach $ 175 billion in 2021, according to analytics firm Newzoo.
So-called “phishing kits” – where fraudulent messages masquerade as trusted entities such as banks – were a popular way to steal email addresses, passwords, login credentials and emails. geolocation information of players who were then sold on criminal markets.
“We are seeing a remarkable persistence of video game industry defenses tested daily – and often hourly – by criminals looking for vulnerabilities to breach servers and expose information,” said Ragan.
“Credential stuffing” attacks, which automate login requests using passwords stolen from past breaches, have taken place at a rate of millions a day, with two days of peaking. more than 100 million, according to the report.
Login jamming attacks were so common in 2020 that large lists of stolen usernames and passwords were available for as little as $ 5 on rogue websites, according to Akamai.
ELECTRONIC ARTS REVEALS THE “FIFA 21” SOURCE CODE HACK
Players who reuse passwords or use simple passwords are making credential stuffing an effective tool for criminals, according to Ragan.
“A successful attack on one account can compromise any other account where the same combination of username and password is used,” he said, adding that password managers and l Multifactor authentication can eliminate these types of attacks.
Group chats that share attack techniques have also surfaced on social media, Ragan said.
Report cites panel discussions on Discord, a popular social platform dedicated to SQL Injection (SQLi), Local File Inclusion (LFI) and other techniques, tools and âbestâ practices web application attack.
SQLi – the most widely used for attacks – can provide login credentials, personal information, or anything else stored in an exposed database.
Criminals pushing SQLi and LFI attacks tend to automate their efforts, according to the report.
“They look for opportunistic situations, where a new application, API [application programming interface], or the account function has not been properly enhanced and [therefore was] exposed, âaccording to the report.
CLICK HERE TO LEARN MORE ABOUT FOX BUSINESS
Mobile games and web-based games are big targets for LFI and SQLi attacks because criminals believe these platforms aren’t as well defended as their desktop and console counterparts, Akamai said.
The US gaming industry was the biggest target with 242 million attacks, Asia was far behind with 2.2 million attacks.