According to researchers from the cybersecurity firm Akamai, the gaming industry continues to be a major target for cybercriminals — with API attacks across the sector rising 167% since May of last year.
The report also revealed that the industry is currently the worst hit by denial-of-service attack (DDoS) attacks, suggesting that the surge in game-related cyberattacks since the pandemic isn't slowing down just yet.
Unfortunately, this surge in e-crime isn't restricted to the gaming landscape. Research reveals that cyberattacks are up across all major US industries, highlighting the need for business owners to follow safe security practices.
Gamers Continue to Be Prime Targets for Cyberattacks, Report Finds
Throughout Covid-19, video games provided the US public with a way to pass time and connect to others. But as millions of us turned to virtual worlds to seek solace, the industry also became a magnet for global threat actors, with attacks on gaming applications rising 224% throughout the first year of the pandemic.
“As gaming activity has increased and evolved, so has the value of disrupting it through cyber-attacks,” – Jonathan Singer, Akamai's senior strategist
Unfortunately, as the results of a new report by Akamai have shown, this trend hasn't been bucked just yet. As the gaming industry continues to adopt cloud infrastructure, an increasing number of threat surfaces are opening up for bad actors. This, combined with the influx of new gamers, is why cybercrime in the industry is growing still.
Here's what types of attacks have surged the most.
Which Attacks Were the Most Common?
Accounting for half of the world's data breaches, API attacks have always been a cash cow for cybercriminals. By using the method to exploit common attack vectors, bad actors are able to gain access to back-end databases and steal private and personal data.
According to researchers from Akamai, web application and API attacks have risen by a staggering 167% compared to last year. LFI and SQLi were the most common, with LFI attacks being used to steal gaming scripts, and the SQLi vulnerability being exploited to steal personal user information.
DDoS attacks, which entail attackers overwhelming servers with requests, have also picked up over the past year. The study showed that the gaming industry remains the most vulnerable to these attacks, with the sector accounting for 37% of all DDoS traffic worldwide.
Akamai also revealed that the size and sophistication of these incidents have risen since 2021, with certain DDoS attacks taking entire games offline and affecting thousands of players in seconds.
While Akamai's report didn't contain specific data on ransomware attacks, the research firm point to the growing risk of this type of malware. Thanks to increasingly sophisticated techniques like double extortion, they explain that ransomware attacks pose a heightened threat to gamers and gaming companies alike.
But ransomware as a service (RaaS) groups and regular cybergangs aren't the only criminals using the world of gaming to their advantage, as we explore next.
Online Games are Being Used to Hide Dirty Money Too
According to Akamai's recent report, illicit activities within the gaming industry aren't restricted to hacking. Governments around the world are becoming increasingly concerned with the role the games industry is playing in cleaning dirty money.
It turns out that a range of offenders, from international drug gangs to human traffickers, are using video games to launder their criminal proceeds. As the ACAMS explains, the criminals are able to do so by creating gaming profiles, purchasing in-game currency with their black money, and selling their account to another party.
The sector's dependence on microtransactions also makes it a particularly attractive place to conceal wrongdoings, as transactions of under $10,000 are much less likely to get picked up by the Internal Revenue Service and US Treasury.
Cybercrime Is on the Rise in Every Industry
This spike in cybercrime within the gaming sector sadly reflects a growing trend across all industries. From phishing attacks to ransomware breaches, the threat landscape is becoming increasingly hostile to all businesses, no matter their size or specialism.
According to a report by Accenture, security attacks across industries were up 31% from 2020 to 2021. And with the cost of an average data breach costing businesses almost $10 million, now is not the time to be complacent.
If you're worried your business isn't doing enough to stay online, you're probably not. But from installing and regularly updating antivirus software, to using password managers, there are a number of cost-effective methods you can use to mitigate risks.
We also recommend educating your workforce about best security practices so cases of employee negligence can be kept to a minimum.