Gaming industry has become popular target of credential stuffing attacks: study
Anything online is susceptible to cyber-crime. Even gaming
Researchers at Akamai Technologies went through the credential abuse activity over a 17-month period, uncovered roughly 55 billion credential stuffing attack attempts against various online services. Roughly 12 billion of them targeted the gaming industry.
The data in Akamai's latest State of the Internet/Security report specifically focuses on web attacks and gaming abuse.
Credential stuffing has become an increasingly popular tactic among cybercriminals, in part due to many consumers’ bad habits of using the same passwords across multiple online accounts.
Based on Akamai’s findings, gaming platforms and their users are among the biggest victims of this trend. In particular, malicious actors are looking to hijack gamers’ accounts and sell them off to the highest bidder. Accounts that have earned special weapons or character upgrades that ordinarily must be either purchased or earned through play are often considered especially valuable.
"For example, criminals target popular games like Fortnite and Counter-Strike: Global Offensive (CS:GO), looking for valid accounts and unique skins," the report explains. "Most compromised accounts sold in gaming marketplaces are used to avoid bans, but others are purchased for the novelty of playing with a rare skin or unique item. Sometimes, the items in the compromised account are traded away or later sold."
"If the hijacked profiles are connected to a valid credit card or PayPal account, they’re considered more valuable," the report continues, "since the criminal can purchase additional items… and then trade or sell the account at a markup."
Akamai’s study incorporated data gathered from its global network of more than 230,000 servers from November 2017 through March 2019. Over this time period, the largest share of credential stuffing attacks that specifically targeted the gaming industry originated in Russia (≈ 2.67 billion), followed by Canada (≈ 1.49 billion) and the U.S. (≈ 1.44 billion). In fact, nearly 51 per cent of all credential stuffing attacks coming from Russia over those 17 months targeted the gaming industry.
"When we take a look at the source countries for credential stuffing attacks against the gaming industry only, Russia takes the top spot," the report states. "There could be a number of reasons for this, but the most commonly accepted one is the growth of Russian-based proxy services and bot farms where accounts are compromised at scale, before being packaged up and sold on various forums and markets."
However, the US was far and away from the leading source of credential stuffing attack traffic when accounting for all industry verticals. America spawned roughly 17.9 billion attack attempts, followed by Russia (≈ 5.26 billion) and Brazil (≈ 3.04 billion).
Akamai’s "source country" data refers only to where the traffic originates from, and not where the attacker is physically located, the company notes in its report.
Akamai said that many of credential stuffing attacks it recorded were the work of botnets or All-in-One (AIO) applications configured to act like botnets.
"Criminals using AIOs target the authentication aspects of a victim’s organisation, and seek to automate access, which leads to an account takeover if they’re successful," the report states. Typically, these attackers use large data sets of credentials that were accidentally or intentionally leaked online.
Akamai also looked at web application-layer attacks launched against gaming websites and saw that the US was the top source of such incidents, with roughly 43.4 million such attacks during the 17-month observation period. Russia and China were a distant second and third, respectively.
Researchers examined web application-layer attacks perpetrated across all sectors, and found the top attack vectors by a wide margin were SQL injection (65.1 per cent of attacks) and Local File Inclusion (24.7 per cent).
In late November 2018, Akamai’s customers detected a marked spike in SQL injection alerts, recording more than 35 million attempted attacks. While Akamai attributes the increase in activity to the start of the holiday shopping season, "it’s also important to note that there’s been a continuing elevated trend since that time," the report notes.
According to the study, the US experienced around 2.67 billion web application attacks over the 17-month period – way more than any other nation, with a 67 per cent total share (the UK and Germany experienced the next most attacks, with ≈ 210 million and ≈ 130 million, respectively). But the US was also a top source of these attacks, generating approximately 968 million alerts. (Russia was second with ≈ 609 million and the Netherlands was third with ≈ 281 million.)
source scmagazineuk
Industry: Cyber Security
Latest Jobs
-
- CyberArk Architect
- London
- Upto £110,000 plus bonus and benefits
-
Are you ready to lead from the front and drive innovation in the Identity & Access Management (IAM) space? We’re looking for a seasoned CyberArk Architect who has CDE-CPC ideally or experience with privilege Cloud, someone who can lead with vision, execute with precision, and inspire teams to deliver excellence. As a key leader in our organisation, you’ll bring your strong business acumen and a technology-focused, innovative mindset to the table. You’ll be driving strategic initiatives, shaping transformation programs, and empowering teams to think big and deliver even bigger. Acting as a subject matter expert in CyberArk Leading strategic transformations in: Identity Governance Privileged Access Management (PAM) Access Management Customer Identity and Access Management (CIAM) Building and maintaining strong, collaborative relationships within the team Communicating clearly and confidently — both written and verbal — to deliver updates, raise potential issues, and share insights If you are interested in the above position we are looking for people with: deep expertise and a successful track record in IAM strategy, delivery, or assurance with CyberArk Hold relevant certifications such as CDE in Privileged Cloud or Guardian Have experience in a client-facing role (preferred, but not essential) Thrive in a hybrid working environment and are available to work from our or client London office three days a week Lead with clarity, communicate with impact, and adapt quickly to changing priorities
-
- OUTSIDE IR35 Splunk Engineer- SC Cleared.
- United Kingdom
- N/A
-
OUTSIDE IR35 Splunk Engineer- SC Cleared. You will be responsible for consolidating Splunk ES data from multiple feeds into a single pane of glass to enhance visibility and streamline security operations.
-
- Identity & Access Management Architect
- Edinburgh
- Upto £95000 plus bonus and benefits
-
Location: Edinburgh | Hybrid Working | Permanent Are you an experienced Identity & Access Management professional with a passion for designing and implementing cutting-edge security solutions? We are looking for a Lead Architect, where you’ll play a key role in helping clients enhance their IAM capabilities, protect critical data, and navigate complex security challenges. About the Role As a Lead Architect, you will be responsible for shaping and delivering IAM strategies, designing robust security solutions, and driving long-term digital transformation. You’ll leverage your expertise to provide strategic guidance on areas such as: Identity Governance & Administration (IGA) Privileged Access Management (PAM) Access Management (AM) Entitlement Management Directories & Authentication Solutions You will have the opportunity to work with innovative technologies and frameworks, ensuring that businesses can securely manage access to critical assets while enabling growth. What You’ll Be Doing Providing subject matter expertise in IAM and leading transformation projects for clients Developing IAM roadmaps, operating models, and governance frameworks Driving innovation by integrating IAM capabilities into wider digital transformation strategies Building and maintaining strong relationships with clients and stakeholders Designing and implementing scalable IAM solutions to meet business needs What We’re Looking For Proven experience in IAM strategy, solution architecture, or assurance Strong leadership skills with experience guiding technical teams Ability to work in a client-facing role, delivering clear communication and insights A technology-focused, innovative mindset with strong business acumen Willingness to work from our Edinburgh office 2-3 days per week
-
- Security Architect - Cloud - Consultancy London
- London
- N/A
-
Security Architect with a focus into Cloud (AWS, Azure or Google Cloud Platform) needed. You must have client facing consultancy experience. This mean you must have experience working with clients helping them to meet their security design needs. That could include working with existing internal teams to understand, review and mitigate / uplift existing Cloud Security designs, or perhaps helping clients set out / understand their current needs and deliver their cloud security strategy. (Or anything in between) Technical knowledge is of course essential but working with clients to understand and solve their Cloud Security design challenges is vital. You must obviously have a current history working as a cloud security architect. You will need to be commutable to London. Whilst a hybrid role the expectation is 3 days a week in the office / meeting clients. International relocation or Visa sponsorship isn’t available for this role. Apply on this page and arrange a call here https://calendly.com/d/crpz-m7j-wyx