The 2019 State of the Internet / Security Web Attacks and Gaming Abuse Report shows that hackers have targeted the gaming industry as the main target of attack. According to the analysis shown in the report, hackers had launched 12 billion credential stuffing attacks on game websites within 17 months, which was from November 2017 to March 2019, while there were 55 billion credential stuffing attacks launched on all industries. This number makes the gaming industry not only one of the fastest-growing targets for hackers, but also one of the most profitable targets for criminals who want to make a quick profit.
The report also shows that SQL injection (SQLi) attacks currently account for nearly two-thirds (65.1%) of all web application attacks, of which local file inclusion (LFI) attacks account for 24.7%. The data in the report showed that SQLi attacks continue to grow at an alarming rate-peaking in activity during the holiday shopping season of 2018 as an attack vector, and have continued to rise since then. In the first quarter of 2017, SQLi attacks accounted for 44% of all application-layer attacks. The most surprising info disclosed by the report is that 82% of teens and young adults recruited by experienced hackers had developed their cybercrime skills through video gaming.
Since the COVID-19 pandemic, the world is going through a difficult period. Today, people spend a lot of time on online platforms engaging in various activities in their free time. On the other hand, cybercriminals continue to exploit people and organizations through their vulnerabilities. Cybersecurity researchers disclosed that attacks on gaming, food, and beverages, and financial services had increased by 7%, 6%, and 3%, respectively in the past few months. In addition, the personal identifiable information (PII), or card details or other banking credentials are the main goals of cyber attackers. The attacks faced by the Gaming Industry within a month:
- Anonymous hacker leaked the usernames and passwords (around 1 GB of data) of close to 23 million players of Webkinz World, a children game by the Canadian firm, Ganz.
- Attackers deployed malicious software to lure people into providing access to the beta version of “Valorant,” a new title from Riot Games.
- Large scale DDoS attacks on EA Sports that forced the company to pull its servers offline globally. The outage had also impacted customers in Canada, Egypt, South Africa, etc.
- An attacker infiltrated the SCUF Gaming’s unsecured database which is containing more than 1.1 million customer records and asked for a ransom of 0.3 BTC in a note.
- Attackers took down more than 50 sportsbooks sites powered by SBTech. This had maximum victims covered in the US and Europe.
LIFARS’ CISO as a Service is designed to address organizations’ information security leadership needs. Our CISOs are highly skilled at establishing, improving, and transforming Cybersecurity Programs focused on maximizing business values by minimizing risks and optimizing opportunities. LIFARS’ astute Information Risk Management leaders can discern security needs, design effective solutions & programs, and deliver results while steering through challenging organizational culture. Our over 20 years of security, risk, and compliance leadership experience encompassed various industries and globally dispersed organizations.
Contact LIFARS Immediately For
Mitigating Cyber Risks in Your Organization
Credits:
https://cyware.com/news/research-confirms-rising-attacks-on-gaming-industry-during-lockdown-1152bddb
