Info Image

12 billion Credential Stuffing Attacks Against Gaming Websites in 17 Months - Akamai

12 billion Credential Stuffing Attacks Against Gaming Websites in 17 Months - Akamai Image Credit: peshkov/Bigstockphoto.com

Hackers have targeted the gaming industry by carrying out 12 billion credential stuffing attacks against gaming websites from November 2017 – March 2019, according to the a report by Akamai.

This puts the gaming community among the fastest rising targets for credential stuffing attacks and one of the most lucrative targets for criminals looking to make a quick profit. During the same time period, Akamai saw a total of 55 billion credential stuffing attacks across all industries.

The report also reveals that SQL Injection (SQLi) attacks now represent nearly two-thirds (65.1%) of all web application attacks, with Local File Inclusion (LFI) attacks accounting for 24.7%. The report's data shows that SQLi attacks have continued to grow at an alarming rate as an attack vector, with a spike in activity during the 2018 holiday shopping season and a continued elevated trend since that time. In the first quarter of 2017, SQLi attacks accounted for 44% of all application layer attacks.

The bridge between SQLi and credential stuffing attacks is almost a direct line. The majority of the credential stuffing lists circulating on the darknet and on various forums use data that originated from some of the world's largest data breaches, and many of them have SQLi as a root cause. In fact, earlier this year Akamai researchers discovered a video where viewers were instructed on how to conduct SQLi attacks against vulnerable websites, and then use the credentials obtained to generate lists that can be leveraged in credential stuffing attacks against a popular online game.In one example of these attacks, criminals target popular games looking for valid accounts and unique skins, which are used to change the appearance of an item in a video game. Once a player's account is successfully hacked, it can then be traded or sold.

Hackers appear to place more value on compromised accounts that are connected to a valid credit card or other financial resources. Once these accounts are compromised, the criminal can purchase additional items, such as currency used within the game, and then trade or sell the hijacked account at a markup.

Martin Mckeay, Security Researcher at Akamai and Editorial Director of the State of the Internet/Sucurity Report
One reason that we believe the gaming industry is an attractive target for hackers is because criminals can easily exchange in-game items for profit. Furthermore, gamers are a niche demographic known for spending money, so their financial status is also a tempting target.

Author

Ray is a news editor at The Fast Mode, bringing with him more than 10 years of experience in the wireless industry.

For tips and feedback, email Ray at ray.sharma(at)thefastmode.com, or reach him on LinkedIn @raysharma10, Facebook @1RaySharma

PREVIOUS POST

Asset and People Tracking to Drive NB-IoT Market to Reach $6.02B by 2025, says Grand View Research

NEXT POST

Cloud Capex Projected to Decline from the Prior Year, says Dell'Oro Group