An Akamai study focussing on gaming during the pandemic has concluded that cyberattacks within the industry have risen exponentially. With people staying at home there has been an increased demand for digital entertainment. The study concludes that this has been matched by "massive" and "relentless" attacks on gaming companies. Akamai suggest that gaming saw more growth in attack traffic than any other industry in 2020.
Web attacks were up 340% from 2019, with mobile platforms and web-based games a key target (being less robustly defended than desktop or console counterparts). Player and account details or credentials are firmly in the criminal cross-hairs, with automated and opportunistic SQL injection attacks accounting for some 59% of hostile activity.
Credential stuffing is also flagged as a persistent issue. Akamai reports that bulk lists of usernames and passwords are on sale on the dark web for as little as $5 per million records. With the same credentials being used on multiple platforms, a successful attack on one account can be chained to exploit another using the same information.
DDOS attacks are said to be down 20% in 2020. However, DDOS attacks against the games industry still account for 46% of overall DDOS traffic.
The games industry has been maturing for a long time now. The growing exposure to attacks indicates the extent to which web-based content is central to the industry. Gamer data can be stolen and monetised by criminals. Beyond data, the shift to a mobile gaming model is interesting because it accounts for 52% of the industry's $175 billion global revenue, according to Akamai. With vast sums being spent on in-app purchases there is clearly criminal opportunity to exploit that trend and scam gamers of real world cash.
Cyberattacks on gaming grew 340% in pandemic