The Covid-19 lockdowns have pushed even non-gamers into indulging in some virtual playtime as everyone looks for alternative ways to socialize in a world of social distancing and closed public venues. So, whether it is defending against virtual enemies on the battlefield or digging for diamonds to get that full diamond armor set, gaming has become how many of us like to wrap up the day after work. However, this has also led to gamers and gaming companies becoming even more tantalizing targets for cybercriminals. According to the latest reports from Akamai, a content delivery and cloud service company, between July 2018 and June 2020 more than 152 million attacks were carried out against gaming platforms and over 10 billion web application attacks were observed across all Akamai customers. Over 3,072 Distributed Denial-of-service (DDoS) attacks were discovered targeting specifically the gaming industry, making it the largest DDoS target across the Akamai customer base.
Due to certain qualities, Gamers are targeted. Gamers are active in social communities and heavily engaged with the online world, leading to gamers participating in multiple online platforms, meaning more usernames, more passwords, and more possible attack vectors. Gamers are also more likely to have a disposable income that they tend to spend on their gaming experiences. Taking these factors into consideration, cybercriminals see gamers and the channels that host them as lucrative targets.
Attacks against Gamers
Now that we have a clear understanding of why these cyber-attacks are targeting the gaming industry, let us specifically talk about the attacks against gamers. Online crooks target players most commonly via two methods: Phishing and Credential Stuffing.
Phishing- Is when the attacker creates a genuine-looking email with a corresponding gaming page, or website, to fool players into divulging their login credentials.
Credential Stuffing- Criminals acquire lists of compromised usernames and passwords which they attempt to access a gaming service, or a particular game, using those lists. Each successful break-in means a compromised account that will then be sold for its contents, such as in-game items or games themselves.
According to NewZoo, a market analytics house, the gaming industry was valued at $159 billion in 2019 and is expected to reach $200 billion by 2023. The firm credits the Covid-19 pandemic and successive lockdowns with a boost in revenue and engagement across the gaming industry.
*Note: Table reprinted from “Gaming – You Can’t Solo Security”, “State of the Internet / Security”, Volume 6, Issue 2, p. 12 (September 2020). Retrieved from https://www.akamai.com/us/en/multimedia/documents/state-of-the-internet/soti-security-gaming-you-cant-solo-security-report-2020.pdf
Referencing the cyber-attack targets in the image above, most are in the US, followed by Hong Kong, the UK, Singapore, and Japan. It is understood that within the Asian markets they have a strong mobile gaming presence. The attackers often target mobile gaming for account trading, resource farming, DDoS attacks, and account takeovers. In the real world, such actions lead to monetary consequences- currency losses to both the developers and the players.
How do gamers and companies deal with cyberattacks?
As a gamer or a gaming platform, what can one do about these vicious attacks? Most gaming firms and platforms have several security features in place to assist their players in keeping their accounts secure, the most prominent being Two-Factor Authentication (2FA). This means players must do their part to keep their accounts security intact. Here is what a user can do:
Two-Factor Authentication (2FA)
2FA (Sometimes referred to as MFA, multifactor authentication) is when two different approaches are used to confirm identity. The most common methods being something only the user will know, such as their password, paired with something the user owns, such as their smartphone. Phones will use SMS messages and authenticator apps to deliver One-Time Passwords (OTP) or other unlock methods to double-verify who the user claims to be when entering their login. If either of the two is missing the verification fails and the user's account will be placed on lockdown.
Password managers are a secure option of keeping track of user logins without needing to keep a notebook or just memorizing everything. This allows users to keep more complex passwords, as well as encouraged them to keep varied passwords since they do not need to memorize them all. Reusing passwords could lead to losing more than just one account in a successful break-in.
In closing, the most important defenses against cyberattacks are unique and complex passwords alongside multifactor authentication methods to make sure the only person logging into your account, is you.
For a detailed report published by Akamai, visit- https://www.akamai.com/us/en/multimedia/documents/state-of-the-internet/soti-security-gaming-you-cant-solo-security-report-2020.pdf
For highlights of the NewZoo – Global Games Market Report 2020, visit: https://newzoo.com/insights/trend-reports/newzoo-global-games-market-report-2020-light-version/
For more news and updates from the virtual world, Follow us on Facebook, & LinkedIn or Contact us. Feel free to call us 406-646-2102 or mail sales@ExcelliMatrix.com.