Research firm Akamai has published a report on security issues in the gaming industry during the pandemic. Hackers have more opportunities to hack gamers and companies, and therefore the number of cyber attacks in this area has increased by 340% compared to 2019. Cases of hacking of mobile games and their users have also become more frequent.Key data from the study
In 2020, Akamai recorded over 246 million cyber attacks in the field of games.
- This is 4% of the total number of attacks committed (6.3 billion).At the same time, in comparison with 2018, the number of cyber attacks in the gaming industry increased by 415%, although the total number in all areas increased by only 2%.
- Akamai attributes this to the increased number of new players.
- However, hackers also did not sit still and during the pandemic constantly improved their mechanisms, finding new ways of hacking.The most frequent victims of hackers were companies from the USA (242 million) and Asia (2.2 million cases).
- SQL code injection* is the most common type of cyberattacks related to games.
- They account for 59.1% of the total number of hacks. Next are finding LFI vulnerabilities* (23.7%), cross-site scripting* (7.54%), remote file injection* (6.89%) and PHP injection* (1.67%).The most common web attacks in 2020
At the same time, Akamai notes that the number of DDoS attacks in the field of games has decreased by almost 20% in annual terms.
- Analysts do not name specific reasons.Credential stuffing attacks have become a big problem.
- In 2020, Akami recorded over 10.8 billion such hacks in the field of games — this is 224% more in annual terms. This is due to the fact that many users continue to use similar combinations of usernames and passwords.Hackers also often choose mobile games as targets due to the presence of in-app purchases in them.
- Attackers attack services for the purchase of in-game currency (for example, Codashop) in order to gain access to mail, logins, passwords and other data of gamers.The number of daily web attacks in 2020
*Notes
The introduction of SQL code is one of the most common and easiest ways of hacking, which consists in the introduction of malicious commands and obtaining the necessary information from the database.
- LFI — finding vulnerabilities to gain access to arbitrary files on the server using special requests.
- Cross—site scripting is a method of introducing malicious code into a page that is executed on the user’s device when it is opened.
- Remote File Inclusion is a method of hacking, which consists in executing remote files on the server side through the search for vulnerabilities.
- PHP injection is a method of hacking PHP sites through the execution of extraneous code on the server side.