Akamai's latest "State of the Internet/Security" report holds worrisome news for the gaming industry: Between June 2018 and June 2020, gamers and gaming companies were the victims of 10 billion cyberattacks.
Akamai, which recorded over 100 billion credential stuffing attacks for the period, said nearly 10 billion of those targeted games. Further, attackers also went after web applications, with 152 million attacks directed at the gaming industry (out of 10.6 billion such attacks recorded overall).
According to the annual report, published today, web app attacks mostly took the form of SQL injections, as well as Local File Inclusion (LFI) attacks. The reason mobile games and web-based games are "big SQLi and LFI targets," the report says, is because successful criminals can gain access to "usernames and passwords, account information, and anything game related that is stored on the server."
Games are also ripe for distributed denial-of-service (DDoS) attacks: More than 3,000 of the 5,600 unique DDoS attacks Akamai observed between July 2019 and June 2020 were aimed at gaming, making it "by far the most-targeted sector."
Unsurprisingly, the pandemic did not help matters.
"A notable spike in credential stuffing activity occurred as isolation protocols were instituted around the world," Akamai says in the report. "Much of the traffic was the result of criminals testing credentials from old data breaches in attempts to compromise new accounts created using existing username and password combinations."
Another point of concern is that gamers aren't concerned enough: Akamai's data, compiled in coordination with DreamHack, shows that while 55% of "frequent players" admitted to having had an account compromised, only 20% of them expressed being "worried" or "very worried" about it. A little over half (54%) of hacked players said they see security as a shared responsibility between players and game companies/creators.
Akamai stressed in last year's "State of the Internet" report that gaming was fast becoming a lucrative criminal target.
"Now, with 24 months of data, we can positively state that gamers are a prime target, and so are their online existences," it says in its 2020 report.