Gaming industry has become popular target of credential stuffing attacks: study
Anything online is susceptible to cyber-crime. Even gaming
Researchers at Akamai Technologies went through the credential abuse activity over a 17-month period, uncovered roughly 55 billion credential stuffing attack attempts against various online services. Roughly 12 billion of them targeted the gaming industry.
The data in Akamai's latest State of the Internet/Security report specifically focuses on web attacks and gaming abuse.
Credential stuffing has become an increasingly popular tactic among cybercriminals, in part due to many consumers’ bad habits of using the same passwords across multiple online accounts.
Based on Akamai’s findings, gaming platforms and their users are among the biggest victims of this trend. In particular, malicious actors are looking to hijack gamers’ accounts and sell them off to the highest bidder. Accounts that have earned special weapons or character upgrades that ordinarily must be either purchased or earned through play are often considered especially valuable.
"For example, criminals target popular games like Fortnite and Counter-Strike: Global Offensive (CS:GO), looking for valid accounts and unique skins," the report explains. "Most compromised accounts sold in gaming marketplaces are used to avoid bans, but others are purchased for the novelty of playing with a rare skin or unique item. Sometimes, the items in the compromised account are traded away or later sold."
"If the hijacked profiles are connected to a valid credit card or PayPal account, they’re considered more valuable," the report continues, "since the criminal can purchase additional items… and then trade or sell the account at a markup."
Akamai’s study incorporated data gathered from its global network of more than 230,000 servers from November 2017 through March 2019. Over this time period, the largest share of credential stuffing attacks that specifically targeted the gaming industry originated in Russia (≈ 2.67 billion), followed by Canada (≈ 1.49 billion) and the U.S. (≈ 1.44 billion). In fact, nearly 51 per cent of all credential stuffing attacks coming from Russia over those 17 months targeted the gaming industry.
"When we take a look at the source countries for credential stuffing attacks against the gaming industry only, Russia takes the top spot," the report states. "There could be a number of reasons for this, but the most commonly accepted one is the growth of Russian-based proxy services and bot farms where accounts are compromised at scale, before being packaged up and sold on various forums and markets."
However, the US was far and away from the leading source of credential stuffing attack traffic when accounting for all industry verticals. America spawned roughly 17.9 billion attack attempts, followed by Russia (≈ 5.26 billion) and Brazil (≈ 3.04 billion).
Akamai’s "source country" data refers only to where the traffic originates from, and not where the attacker is physically located, the company notes in its report.
Akamai said that many of credential stuffing attacks it recorded were the work of botnets or All-in-One (AIO) applications configured to act like botnets.
"Criminals using AIOs target the authentication aspects of a victim’s organisation, and seek to automate access, which leads to an account takeover if they’re successful," the report states. Typically, these attackers use large data sets of credentials that were accidentally or intentionally leaked online.
Akamai also looked at web application-layer attacks launched against gaming websites and saw that the US was the top source of such incidents, with roughly 43.4 million such attacks during the 17-month observation period. Russia and China were a distant second and third, respectively.
Researchers examined web application-layer attacks perpetrated across all sectors, and found the top attack vectors by a wide margin were SQL injection (65.1 per cent of attacks) and Local File Inclusion (24.7 per cent).
In late November 2018, Akamai’s customers detected a marked spike in SQL injection alerts, recording more than 35 million attempted attacks. While Akamai attributes the increase in activity to the start of the holiday shopping season, "it’s also important to note that there’s been a continuing elevated trend since that time," the report notes.
According to the study, the US experienced around 2.67 billion web application attacks over the 17-month period – way more than any other nation, with a 67 per cent total share (the UK and Germany experienced the next most attacks, with ≈ 210 million and ≈ 130 million, respectively). But the US was also a top source of these attacks, generating approximately 968 million alerts. (Russia was second with ≈ 609 million and the Netherlands was third with ≈ 281 million.)
source scmagazineuk
Industry: Cyber Security
Latest Jobs
-
- Identity Channel Partner Manager | London
- London
- N/A
-
Identity Channel Partner Manager | London Location: South East UK (commutable to London) We are working with a Cyber Security business who are looking for a Channel Partner Manager to drive and grow relationships across their identity ecosystem. Prior experience working within VARs, distributors, vendors or resellers in the identity space is essential. You must have experience working with technologies such as CyberArk, Sailpoint, Okta etc Responsibilities will include, but not be limited to: Build, maintain and develop strong relationships with channel partners. Work closely with partner sales teams to support growth drive sales opportunities. Identify and onboard new partners while strengthening existing partnerships. Act as the key point of contact for all channel-related activity. If you are an experienced channel professional, with experience in the Identity space and are ready for your next challenge, apply today.
-
- Service Architect- DACH regions
- Germany
- Upto €110,000 plus bonus and benefits
-
Lead Service Architect with the authority and experience to take control of complex, multi-million-euro outsourcing bids. This role is about leading the Service/ solutioning effort, bringing structure to chaos, and driving the entire bid team to deliver winning proposals. The company area a global managed services business working with enterprise and public sector clients, across Cloud, End-User Computing, Digital Workplace, Service Desk, and Network Infrastructure. What You’ll Do: Lead Service/ solution design from qualification to contract. Control bid teams — architects, pricing, delivery, and SMEs. Break down RFPs/RFIs into actionable, costed, client-ready solutions. Present internally and to clients at decision-maker level. Run solution workshops, own the architecture, and shape the financial model. You’ll Need: Experience working as a Service architect, Service Manager or Customer Success Manager R Gravitas to lead and drive teams through high-stakes bids. Deep knowledge of managed services delivery and commercial models. Strong technical grasp: Cloud, Security, EUC, Unified Comms, Service Desk, and more. Experience leading deals across onshore, offshore, and hybrid delivery models.
-
- Deal Architect- DACH region
- Germany
- Upto €110,000 plus bonus and benefits
-
Lead Deal Architect with the authority and experience to take control of complex, multi-million-euro outsourcing bids. This role is about leading the solutioning/ Service effort, bringing structure to chaos, and driving the entire bid team to deliver winning proposals. The company is a global managed services business providing solutions to enterprise and public sector clients, across Cloud, End-User Computing, Digital Workplace, Service Desk, and Network Infrastructure. What You’ll Do: Lead the deal from qualification to contract. Control bid teams — architects, pricing, delivery, and SMEs. Break down RFPs/RFIs into actionable, costed, client-ready solutions. Present internally and to clients at decision-maker level. Run solution workshops, own the architecture, and shape the financial model. Be responsible for the service Wrap and ensuring the Service meets clients requirements You’ll Need: A back ground with IT Services Experience in a similar type of role, for example: Deal, Service, or Solution Architect in ICT outsourcing. Gravitas to lead and drive teams through high-stakes bids. Deep knowledge of managed services delivery and commercial models. Strong technical knowledge: Cloud, Security, EUC, Unified Comms, Service Desk, and more. Experience leading deals across onshore, offshore, and hybrid delivery models.
-
- Pre Sales Lead- IT Services
- Germany
- Upto €100,000 plus benefits
-
As the Pre-Sales Lead (Sales Engineer/ Solution Architect) you will drive large-scale ICT managed services and outsourcing deals (from €0.5M to €20M+). You'll work directly with Business Development and clients to design high-impact solutions across Cloud (Azure, IaaS, SaaS, PaaS), EUC, Unified Comms, Security (SIEM, PAM), Networks, and Smart Workplaces. What You’ll Do: Lead the end-to-end pre-sales cycle — from RFI/RFP to contract. Design innovative, client-specific solutions with technical & commercial impact. Present at CxO level and steer proposal strategies & financial models. Collaborate closely with Portfolio, Service Desk, Field, and Digital Workplace teams. Support deal shaping with strong knowledge of ITIL, SIAM, Automation, and cost analysis. What You’ll Bring: Have strong experience in pre-sales or solution architecture. Experience with €M+ managed service deals. Deep technical expertise in modern ICT stack and enterprise IT services. Strong German (C1) and English communication skills. Certifications: ITIL v3/v4 required; SIAM, ISO20000 desirable.