Gaming industry has become popular target of credential stuffing attacks: study
Anything online is susceptible to cyber-crime. Even gaming
Researchers at Akamai Technologies went through the credential abuse activity over a 17-month period, uncovered roughly 55 billion credential stuffing attack attempts against various online services. Roughly 12 billion of them targeted the gaming industry.
The data in Akamai's latest State of the Internet/Security report specifically focuses on web attacks and gaming abuse.
Credential stuffing has become an increasingly popular tactic among cybercriminals, in part due to many consumers’ bad habits of using the same passwords across multiple online accounts.
Based on Akamai’s findings, gaming platforms and their users are among the biggest victims of this trend. In particular, malicious actors are looking to hijack gamers’ accounts and sell them off to the highest bidder. Accounts that have earned special weapons or character upgrades that ordinarily must be either purchased or earned through play are often considered especially valuable.
"For example, criminals target popular games like Fortnite and Counter-Strike: Global Offensive (CS:GO), looking for valid accounts and unique skins," the report explains. "Most compromised accounts sold in gaming marketplaces are used to avoid bans, but others are purchased for the novelty of playing with a rare skin or unique item. Sometimes, the items in the compromised account are traded away or later sold."
"If the hijacked profiles are connected to a valid credit card or PayPal account, they’re considered more valuable," the report continues, "since the criminal can purchase additional items… and then trade or sell the account at a markup."
Akamai’s study incorporated data gathered from its global network of more than 230,000 servers from November 2017 through March 2019. Over this time period, the largest share of credential stuffing attacks that specifically targeted the gaming industry originated in Russia (≈ 2.67 billion), followed by Canada (≈ 1.49 billion) and the U.S. (≈ 1.44 billion). In fact, nearly 51 per cent of all credential stuffing attacks coming from Russia over those 17 months targeted the gaming industry.
"When we take a look at the source countries for credential stuffing attacks against the gaming industry only, Russia takes the top spot," the report states. "There could be a number of reasons for this, but the most commonly accepted one is the growth of Russian-based proxy services and bot farms where accounts are compromised at scale, before being packaged up and sold on various forums and markets."
However, the US was far and away from the leading source of credential stuffing attack traffic when accounting for all industry verticals. America spawned roughly 17.9 billion attack attempts, followed by Russia (≈ 5.26 billion) and Brazil (≈ 3.04 billion).
Akamai’s "source country" data refers only to where the traffic originates from, and not where the attacker is physically located, the company notes in its report.
Akamai said that many of credential stuffing attacks it recorded were the work of botnets or All-in-One (AIO) applications configured to act like botnets.
"Criminals using AIOs target the authentication aspects of a victim’s organisation, and seek to automate access, which leads to an account takeover if they’re successful," the report states. Typically, these attackers use large data sets of credentials that were accidentally or intentionally leaked online.
Akamai also looked at web application-layer attacks launched against gaming websites and saw that the US was the top source of such incidents, with roughly 43.4 million such attacks during the 17-month observation period. Russia and China were a distant second and third, respectively.
Researchers examined web application-layer attacks perpetrated across all sectors, and found the top attack vectors by a wide margin were SQL injection (65.1 per cent of attacks) and Local File Inclusion (24.7 per cent).
In late November 2018, Akamai’s customers detected a marked spike in SQL injection alerts, recording more than 35 million attempted attacks. While Akamai attributes the increase in activity to the start of the holiday shopping season, "it’s also important to note that there’s been a continuing elevated trend since that time," the report notes.
According to the study, the US experienced around 2.67 billion web application attacks over the 17-month period – way more than any other nation, with a 67 per cent total share (the UK and Germany experienced the next most attacks, with ≈ 210 million and ≈ 130 million, respectively). But the US was also a top source of these attacks, generating approximately 968 million alerts. (Russia was second with ≈ 609 million and the Netherlands was third with ≈ 281 million.)
- Identity & Access Management (IdAM) Consultant
- Upto €100,000 plus bonus and benefits
An Identity & Access Management Consultant is needed to lead and drive technical and or business transformation projects in a client-facing position for a prestigious consultancy in Germany. The Identity & Access Management Consultant will be responsible for technical design and implementation of Identity & Access Management/IAM products within a wide variety of clients. The Identity & Access Management Consultant will have a blend of technical hands-on and client-facing consultancy with the ability to develop new business. Broad technical knowledge across Identity and access management is benefical. The Identity & Access Management Consultant will need to have technical hands-on experience with one or more of the following core areas; Privileged Access Management (PAM, CyberArk, Beyondtrust, Thycotic) Identity Governance Administration (IGA, Sailpoint, Omada, RSA) Customer Identity & Access Management (CIAM, Forgerock PSD2) The Identity & Access Management Consultant must have the willingness to travel to customer sites across Germany (once we are allowed to)
- Create a Cyber Threat Intelligence capability. Analyst. UK
- United Kingdom
To join a cyber consultancy, to aid in building out a bespoke threat intelligence capability for a key client. A rare opportunity that provides support and the ability learning as you go. You must have a passion for all things Cyber and have a excellent command of the English language. (written and verbal). An ideal candidate would be a recent cyber graduate (degree, MSc, PHD) who can provide examples of executive summaries, dissertations / thought pieces. The role will include, but not be limited to; delivering executive summaries of current and potential threats to key stakeholders as well as identifying and building out a bespoke threat intelligence platform using the likes of Recorded Futures, WildFire etc which will feed into the SOC. The ability to achieve Security Clearance will be required. Crest Threat Intelligence Analyst, SANS FOR578 OSINT. UK based but remote. London, Reading for extra brownie points. Chris.firstname.lastname@example.org and +447884666351
- Network Security Presales Consultant
- Upto £75,000 plus coms
A new opportunity has arisen within the presales team of one of our clients an expanding managed security provider. You will be working with an array of customer from small to large global enterprises and will be the technical lead through the sales process. Provide both a consultancy service to customers and support to the sales teams. Use knowledge of the company’s products and services to translate customer requirements into functional, effective and appropriate solutions for the prospective customer base. To understand customer requirements, assist in the qualification processes and by utilising the company’s standard product and services portfolio to create a suitable solution in concept. Present technical solutions to customers both formally and informally as required We are looking for someone with a strong network security background with knowledge of one of the fellowing vendors, Checkpoint, Fortinet, Palo Alto, Ciso would be benefical
- Penetration tester- Inside IR35. London. High profile client.
- £400 Umbrella rate
Penetration tester- Inside IR35 £310 Umbrella rate Long term project London Application and mobile (android / iOs) penetration testing experience Manage and deliver penetration testing project Ability to program or script Strong analytical skills Opportunity to build upon existing hands on experience. Amazing project- high profile client. MUST be commutable to London. Immediate opportunity Chris.email@example.com 07884666351