A report from cybersecurity company Akamai revealed the extent of cyber attacks in the games industry, with games companies and players particularly targeted during COVID-19 lockdowns.
For this report, entitled 'Gaming: You Can't Solo Security', Akamai analysed behaviours between July 2018 and June 2020 and noted over ten billion web application attacks, including 152 million targeting the games industry.
The main geographical areas targeted were the US, with over 147 million of these attacks, followed by Hong Kong and the UK. Concerning the source, they mainly came from the US too, followed by Russia and Turkey.
During the same period, out of the 100 billion credential stuffing attacks across all industries, ten billion affected games companies. Credential stuffing is when the offender "takes a list of usernames and passwords, and attempts to access a game or gaming service using each item on the list," Akamai explained. The US was the main source of credential abuse in the games industry, followed by Russia and Canada.
The company also noted that the most targeted element of the games industry are its players, because they have "several qualities that criminals look for," including being active on social media and having disposable income that they tend to spend on gaming products online. Credential abuse and phishing are the main ways players can be targeted.
Credential stuffing activity particularly spiked when COVID-19 lockdowns started during Q1 2020, Akamai added.
Between July 2019 and June 2020, there were 3,072 DDoS attacks in games, which Akamai observed is the "the largest DDoS target across [its] customer base."
The report also reminded readers of the importance of having unique passwords for each service used and to enable two-factor authentication whenever possible.