Gaming industry has become popular target of credential stuffing attacks: study
Anything online is susceptible to cyber-crime. Even gaming
Researchers at Akamai Technologies went through the credential abuse activity over a 17-month period, uncovered roughly 55 billion credential stuffing attack attempts against various online services. Roughly 12 billion of them targeted the gaming industry.
The data in Akamai's latest State of the Internet/Security report specifically focuses on web attacks and gaming abuse.
Credential stuffing has become an increasingly popular tactic among cybercriminals, in part due to many consumers’ bad habits of using the same passwords across multiple online accounts.
Based on Akamai’s findings, gaming platforms and their users are among the biggest victims of this trend. In particular, malicious actors are looking to hijack gamers’ accounts and sell them off to the highest bidder. Accounts that have earned special weapons or character upgrades that ordinarily must be either purchased or earned through play are often considered especially valuable.
"For example, criminals target popular games like Fortnite and Counter-Strike: Global Offensive (CS:GO), looking for valid accounts and unique skins," the report explains. "Most compromised accounts sold in gaming marketplaces are used to avoid bans, but others are purchased for the novelty of playing with a rare skin or unique item. Sometimes, the items in the compromised account are traded away or later sold."
"If the hijacked profiles are connected to a valid credit card or PayPal account, they’re considered more valuable," the report continues, "since the criminal can purchase additional items… and then trade or sell the account at a markup."
Akamai’s study incorporated data gathered from its global network of more than 230,000 servers from November 2017 through March 2019. Over this time period, the largest share of credential stuffing attacks that specifically targeted the gaming industry originated in Russia (≈ 2.67 billion), followed by Canada (≈ 1.49 billion) and the U.S. (≈ 1.44 billion). In fact, nearly 51 per cent of all credential stuffing attacks coming from Russia over those 17 months targeted the gaming industry.
"When we take a look at the source countries for credential stuffing attacks against the gaming industry only, Russia takes the top spot," the report states. "There could be a number of reasons for this, but the most commonly accepted one is the growth of Russian-based proxy services and bot farms where accounts are compromised at scale, before being packaged up and sold on various forums and markets."
However, the US was far and away from the leading source of credential stuffing attack traffic when accounting for all industry verticals. America spawned roughly 17.9 billion attack attempts, followed by Russia (≈ 5.26 billion) and Brazil (≈ 3.04 billion).
Akamai’s "source country" data refers only to where the traffic originates from, and not where the attacker is physically located, the company notes in its report.
Akamai said that many of credential stuffing attacks it recorded were the work of botnets or All-in-One (AIO) applications configured to act like botnets.
"Criminals using AIOs target the authentication aspects of a victim’s organisation, and seek to automate access, which leads to an account takeover if they’re successful," the report states. Typically, these attackers use large data sets of credentials that were accidentally or intentionally leaked online.
Akamai also looked at web application-layer attacks launched against gaming websites and saw that the US was the top source of such incidents, with roughly 43.4 million such attacks during the 17-month observation period. Russia and China were a distant second and third, respectively.
Researchers examined web application-layer attacks perpetrated across all sectors, and found the top attack vectors by a wide margin were SQL injection (65.1 per cent of attacks) and Local File Inclusion (24.7 per cent).
In late November 2018, Akamai’s customers detected a marked spike in SQL injection alerts, recording more than 35 million attempted attacks. While Akamai attributes the increase in activity to the start of the holiday shopping season, "it’s also important to note that there’s been a continuing elevated trend since that time," the report notes.
According to the study, the US experienced around 2.67 billion web application attacks over the 17-month period – way more than any other nation, with a 67 per cent total share (the UK and Germany experienced the next most attacks, with ≈ 210 million and ≈ 130 million, respectively). But the US was also a top source of these attacks, generating approximately 968 million alerts. (Russia was second with ≈ 609 million and the Netherlands was third with ≈ 281 million.)
- IAM Consultant- One Identity Manager- UK Wide
- Upto £75,000 plus excellent benefits
One Identity IAM consultant is needed for this expanding UK based business, you will be responsible for: Developing and Supporting the Identity and Access management system based-on One Identity products Active Roles Server and Identity Manager. Further develop One Identity Manager’s integration with Service Now to provide automated JML processes and application access requests and fulfilment. Work across the business ensuring that the IAM solutions integrates into both the technology and business systems and processes, ideally automating as mush as possible. Work with the Governance Risk & Compliance (GRC) team to provide application access attestations and toxic combination alerting and reporting. Work on a mixture of IAM related projects to help to integrate new ideas and technology into the business to ensure the business stays fully compliant Assist in ensuring that all IAM capabilities are mapped to internal processes, policies, and standards. Develop metrics to measure and improve and also compile reports around the solution If you are interested in this opportunity we are looking for someone who is skilled within Identity Acess management, you will need to have worked with the One Identity product, ideally both Active Roles Server and Identity Manager Experience in managing and integrating with Microsoft systems (on-premise and cloud), such as Active Directory, Exchange, Office, SharePoint, etc.
- SailPoint Integration Consultant
- Upto £75000 plus benefits
SailPoint Integration Consultant. SailPoint Integration Consultant is needed for this expanding service business to help them with complex deployment with their FTSE focused customer base. They are looking for experienced SailPoint Integration Consultants who have: • Strong solution designing experience with in depth understanding of IAM concepts and thorough understanding of Sailpoint domain. • Thorough understanding of Identity and Access Governance concepts • Leading and creating Identity & Access Management (IAM) technical architecture • Secure by Design principles in Identify Access management, Privilege Access management • Familiar with cloud architectures, data management and source control from a security perspective. This is a great opportunity to join a business that is growing and looking for individuals who want to grow and develop and work on some of the most complex Sailpoint deployments.
- CyberArk Integration Consultant
- Greater London
- upto 75,000 plus benefits
CyberArk Integration Consultant. CyberArk Integration Consultant is needed for this expanding service business to help them with complex deployment with their FTSE focused customer base. They are looking for experienced CyberArk Integration Consultants who have: • Strong solution designing experience with in depth understanding of IAM concepts and thorough understanding of CyberArk domain. • Thorough understanding of Identity and Access Governance concepts • Leading and creating Identity & Access Management (IAM) technical architecture • Secure by Design principles in Identify Access management, Privilege Access management • Familiar with cloud architectures, data management and source control from a security perspective. This is a great opportunity to join a business that is growing and looking for individuals who want to grow and develop and work on some of the most complex CyberArk deployments.
- Penetration Tester, UK based. Ability to achieve SC clearance
- United Kingdom
Experienced Penetration tester- UK based with the ability to achieve SC clearance. On-going training and development and paid certifications / renewals. Interested to hear from all areas of penetration testing, web app, infrastructure, mobile, etc. MUST have current hands on experience delivering penetration testing. Ideally from a consultancy background with experience working with multiple clients. OSCP / CREST / CHECK / Tigerscheme penetration testing experience / certifications desirable. Apply today for more details. All information kept in the strictest of confidence.