The volume of cyber-attacks targeting video game companies and players – already high – has increased further during lockdown.

Between July 2019 and June 2020, more than 3,000 of the 5,600 (or more than half) unique DDoS attacks observed by cybersecurity firm Akamai were aimed at the gaming industry.

Akamai also logged 10.6 billion web application attacks across its customers between July 2018 and June 2020, more than 152 million of which were directed towards the gaming industry.

“The significant majority were SQL injection (SQLi) attacks intended to exploit user login credentials, personal data and other information stored in the targeted server’s database,” Akamai reports. “Local File Inclusion (LFI) was the other notable attack vector, which can expose player and game details that can ultimately be used for exploiting or cheating.”

Cybercriminals also targeted mobile game publishers with SQLi and LFI attacks similarly geared towards stealing usernames, passwords, and account information.

Credential stuffing is an account takeover technique that uses specialized software to automatically feed various username-password combinations, drawn from third-party breaches, into the login pages of targeted sites.

Nearly 10 billion of the more than 100 billion credential stuffing attacks recorded by Akamai between July 2018 to June 2020 targeted the gaming sector.

Akamai’s findings were published on Thursday in a report (PDF) entitled “Gaming: You Can’t Solo Security”.

“The fine line between virtual fighting and real-world attacks is gone,” said Steve Ragan, Akamai security researcher and author of the company’s State of the Internet / Security report. “Criminals are launching relentless waves of attacks against games and players alike in order to compromise accounts, steal and profit from personal information and in-game assets, and gain competitive advantages.”

Chris Boyd, lead malware intelligence analyst at Malwarebytes, and a keen gamer, agreed with Akamai’s findings that account takeover and other attacks are on the rise in the gaming sector.

“Gaming accounts remain massively popular for data theft, especially when so many children have been stuck at home with a probable increase in device use and gaming purchases during the pandemic,” Boyd told The Daily Swig.

“Attacks have almost certainly risen as a result. Credential stuffing would be the go-to method for quick and easy compromise, because it’s not trivial to lock down a child’s account.”

Boyd continued: “Time-limited microtransactions in the most popular titles make it a hassle for parents to regularly authorise payments via email addresses and security protocols reserved for the child.

“As a result, some may drop security safeguards to allow for more convenient payments. This gives phishers and credential stuffers an easy way in to hijack and then sell on.”

In an upcoming survey of gamer attitudes toward security conducted by Akamai and DreamHack (the gaming lifestyle festival), 55% of the “frequent players” group polled admitted to having had an account compromised at some point, according to a press statement by Akamai.

Among this cohort of hacking victims only 20% professed to being “worried” or “very worried” about it.

John Leyden

@jleyden

Source: https://portswigger.net/daily-swig/gamers-fragged-by-surge-in-credential-stuffing-attacks-during-lockdown

Credential stuffing, Computer security, Denial-of-service attack, Video game industry

World news – THAT – Gamers fragged by surge in credential stuffing attacks during lockdown

Building on its expertise in the areas of digital, technologies and processes , CSS Engineering you in your most ambitious transformation projects and helps you bring out new ideas, new offers, new modes of collaboration, new ways of producing and selling.

CSS Engineering is involved in projects each customer as if it were his own. We believe a consulting company should be more than an advisor. We put ourselves in the place of our customers, to align we incentives to their goals, and collaborate to unlock the full potential their business. This establishes deep relationships and enjoyable.

Our services:

  1. Create professional websites
  2. Hosting high performance and unlimited
  3. Sale and video surveillance cameras installation
  4. Sale and Installation of security system and alarm
  5. E-Marketing

All our achievements here https://www.css-engineering.com/en/works/

LEAVE A REPLY

Please enter your comment!
Please enter your name here