Gaming industry has become popular target of credential stuffing attacks: study
Anything online is susceptible to cyber-crime. Even gaming
Researchers at Akamai Technologies went through the credential abuse activity over a 17-month period, uncovered roughly 55 billion credential stuffing attack attempts against various online services. Roughly 12 billion of them targeted the gaming industry.
The data in Akamai's latest State of the Internet/Security report specifically focuses on web attacks and gaming abuse.
Credential stuffing has become an increasingly popular tactic among cybercriminals, in part due to many consumers’ bad habits of using the same passwords across multiple online accounts.
Based on Akamai’s findings, gaming platforms and their users are among the biggest victims of this trend. In particular, malicious actors are looking to hijack gamers’ accounts and sell them off to the highest bidder. Accounts that have earned special weapons or character upgrades that ordinarily must be either purchased or earned through play are often considered especially valuable.
"For example, criminals target popular games like Fortnite and Counter-Strike: Global Offensive (CS:GO), looking for valid accounts and unique skins," the report explains. "Most compromised accounts sold in gaming marketplaces are used to avoid bans, but others are purchased for the novelty of playing with a rare skin or unique item. Sometimes, the items in the compromised account are traded away or later sold."
"If the hijacked profiles are connected to a valid credit card or PayPal account, they’re considered more valuable," the report continues, "since the criminal can purchase additional items… and then trade or sell the account at a markup."
Akamai’s study incorporated data gathered from its global network of more than 230,000 servers from November 2017 through March 2019. Over this time period, the largest share of credential stuffing attacks that specifically targeted the gaming industry originated in Russia (≈ 2.67 billion), followed by Canada (≈ 1.49 billion) and the U.S. (≈ 1.44 billion). In fact, nearly 51 per cent of all credential stuffing attacks coming from Russia over those 17 months targeted the gaming industry.
"When we take a look at the source countries for credential stuffing attacks against the gaming industry only, Russia takes the top spot," the report states. "There could be a number of reasons for this, but the most commonly accepted one is the growth of Russian-based proxy services and bot farms where accounts are compromised at scale, before being packaged up and sold on various forums and markets."
However, the US was far and away from the leading source of credential stuffing attack traffic when accounting for all industry verticals. America spawned roughly 17.9 billion attack attempts, followed by Russia (≈ 5.26 billion) and Brazil (≈ 3.04 billion).
Akamai’s "source country" data refers only to where the traffic originates from, and not where the attacker is physically located, the company notes in its report.
Akamai said that many of credential stuffing attacks it recorded were the work of botnets or All-in-One (AIO) applications configured to act like botnets.
"Criminals using AIOs target the authentication aspects of a victim’s organisation, and seek to automate access, which leads to an account takeover if they’re successful," the report states. Typically, these attackers use large data sets of credentials that were accidentally or intentionally leaked online.
Akamai also looked at web application-layer attacks launched against gaming websites and saw that the US was the top source of such incidents, with roughly 43.4 million such attacks during the 17-month observation period. Russia and China were a distant second and third, respectively.
Researchers examined web application-layer attacks perpetrated across all sectors, and found the top attack vectors by a wide margin were SQL injection (65.1 per cent of attacks) and Local File Inclusion (24.7 per cent).
In late November 2018, Akamai’s customers detected a marked spike in SQL injection alerts, recording more than 35 million attempted attacks. While Akamai attributes the increase in activity to the start of the holiday shopping season, "it’s also important to note that there’s been a continuing elevated trend since that time," the report notes.
According to the study, the US experienced around 2.67 billion web application attacks over the 17-month period – way more than any other nation, with a 67 per cent total share (the UK and Germany experienced the next most attacks, with ≈ 210 million and ≈ 130 million, respectively). But the US was also a top source of these attacks, generating approximately 968 million alerts. (Russia was second with ≈ 609 million and the Netherlands was third with ≈ 281 million.)
source scmagazineuk
Industry: Cyber Security
Latest Jobs
-
- Public Sector Cyber Security Sales | UK
- England
- N/A
-
Public Sector Cyber Security Sales | UK UK | Remote / Hybrid A cyber security provider is seeking a Public Sector Sales professional to drive growth across UK government and public sector organisations. Must have current Cyber Security sales experience. Responsibilities Generate new business selling cyber security solutions into UK public sector Build relationships with CIO, CISO and senior technology stakeholders Manage the full sales cycle from opportunity to contract close Develop pipeline across central government, local government and public sector bodies Support bids, tenders and framework opportunities Experience Proven cyber security sales experience in the UK Track record selling into public sector organisations Familiarity with CCS, G Cloud or other government frameworks Strong stakeholder engagement and deal management skills Location UK based Security Requirements Eligible to obtain UK Security Clearance
-
- Security Architect | MoD - Security Cleared. OUTSIDE IR35 | Hampshire
- N/A
- Outside IR35
-
Security Architect | MOD | Security Cleared | Outside IR35 | Hampshire Commutable The successful candidate must be willing to undergo DV Clearance, ideally already holding active clearance. You will produce high and low level security architecture documentation, guiding and validating designs for systems deployed within sensitive environments. The role requires providing specialist security input into solution design, service transition and change initiatives, working closely with engineering, operations, client and third party stakeholders. You must have current hands on architectural experience, including VMware secure platform design and virtualisation architecture, alongside AWS expertise. This is an outside IR35 contract- 6 month rolling. Part of a longer term MoD project
-
- Active Directory | RBA engineer | UK Remote | SC Clearable
- United Kingdom
- N/A
-
Technical Active Directory (AD) and RBA specialist needed to play a key part in complex, enterprise scale Active Directory and access transformation programmes. You will work alongside senior team, helping reshape access models, modernise legacy directory structures and strengthen security posture across secure environments. This is hands on delivery within high impact projects where your work directly improves access control, compliance and operational resilience. Active UK Security Clearance required. This is a remote role with client travel. Implementation of Role Based Access Control across large AD estates Restructuring complex permission models, security groups and delegated access Supporting domain controller upgrades and core directory improvements Applying security hardening standards and remediating audit findings Enhancing authentication, policy and access governance frameworks Troubleshooting and resolving technical AD challenges within live environments Producing robust technical documentation and identifying project risks You must have the following technical experience Enterprise Active Directory administration Role Based Access and permission remediation OU design and governance Group Policy management Security group delegation models DNS and DHCP services Kerberos authentication / NTLM PowerShell scripting and automation Azure AD | Entra ID Hybrid identity environments Identity Governance PAM
-
- Identity and Access Management Consultant (Saviynt & Microsoft Entra) | UK
- United Kingdom
- N/A
-
Role summary Technical IAM consultant delivering identity governance and cloud identity solutions to enterprise clients. What you will do Implement / Configure / Deploy Saviynt IGA / Microsoft Entra solutions: Lead technical workshops, gather requirements and translate into solution designs. Troubleshoot complex issues, support testing and deployments. Produce technical artefacts and configuration guides. Key skills Hands-on Saviynt IGA experience (workflow, connectors, access governance). Strong practical knowledge of Microsoft Entra ID / Azure AD identity and access controls. Understanding of identity protocols (SAML, OAuth, OpenID Connect) and hybrid identity. Experience with APIs / REST for integrations and automation. What we are looking for Proven delivery experience in IAM / IGA projects, preferably in consulting. Confident communicator with client-facing delivery exposure.