Cybersecurity

Widespread credential stuffing attacks target gaming industry

A recent report from Akamai Technologies, a global content delivery network, cybersecurity, and cloud service company, saw a 30% increase in global internet traffic, where traffic peaked at 120 terabytes per second with 50 million deliveries per second, resulting in trillions of deliveries per day, amid the pandemic.

A significant part of the surge could be attributed to online gaming.

“Gaming software downloads account for large amounts of internet traffic when an update is released — a software update for a modern game can generate an amount of traffic roughly equal to 30,000 web pages,” said Jonathan Singer, senior manager, Global Games Industry, Akamai Technologies. ”

The sheer number of gamers worldwide using cloud-based gamings can result in bottlenecks and traffic. Lags are a no-no especially in online gaming and downtime is almost a crime. A dependable content delivery network won’t allow for these two scenarios to happen.


Onslaught of botnets hounds hospitality industry — Akamai

Akamai expects big shift in security posture in the Philippines


“Gaming companies are dealing with record numbers of concurrent users on their platforms, where potential network bottlenecks can be obvious from a capacity standpoint,” Singer said. “Akamai understands the importance of smooth content delivery and has taken steps to reduce load during peak traffic times in an effort to avert online gridlock. We are also working with major online gaming platforms to reduce network congestion caused by downloads, shifting them to non-peak business hours instead. This change will not affect live gameplay but may delay access to updates providing new features, which are typically packaged into larger file downloads.”

Credential abuse

With this setup, wherein gamers use their own system and home setup, security breaches are not far behind. Earlier reports noted how cybercriminals are targetting gamers by stealing their credentials.

“Credential abuse is widespread within the gaming industry, where almost every gamer can share an anecdote about how an account has been taken over due to credential stuffing attacks,” Singer said.

Akamai said the company witnessed over 12 billion credential stuffing attack in the gaming industry alone over the 17-month period from November 2017 to March 2019. Another attack used against gamers is the DDoS (Distributed Denial-of-Service) attacks at the publisher, platform, and an individual level. The company predicts a further increase in attacks during the “coronavirus era.”

Virtual currencies

Gaming is a multibillion industry and professional gamers get hefty fees. Their identity and personal details such as username and password can be used in credential stuffing.

“Based on the assumption that many users reuse their usernames and passwords across multiple services, a list of 1,000 usernames and passwords verified against a video on demand (VoD) site and some gaming sites can result in separate lists of verified usernames and passwords that can be sold, traded or packaged with other information to be sold on the black market,” Singer said. “This is also known as doxing, where private and identifying information from an individual can be profiled for future fraud.”

So why are gamers a target?

Some gamers use virtual currencies or possess resaleable items or skins attached to their accounts. Singer said even if criminals are unable to obtain credit card information, they may still have access to the account and use them to buy in-game items for their own use.

“They can also stage an account takeover to verify that it has valuable or collectible items within and resell the account data on the black market for profit,” he said.

On their own, gamers can ensure the security of their account. Usual strategies of multi-factor authentication (MFA) may help mitigate attacks or prevent criminals from hacking on an account.

“It is on publishers to provide MFA to their players, and on players to take up the offering and use it to secure their accounts,” Singer said. “While this is the easiest way to slow down a cybercriminal, MFA is most certainly not a perfect solution. In many cases, it can be broken but it does require extra effort and time for cybercriminals.”

Singer explained that should cybercriminals find a hurdle, the MFA, they could easily move to another account rather than waste time trying to extract information from a secure account.

Security solutions

Singer advises companies to invest in bot management solutions that can help to specifically block the toolkits used to attack their players. He said a massive portion of internet traffic stems from bots, and bots and cybercriminals use bots to conduct credential stuffing attacks.

Bot Manager

There are traditional bot management solutions with limited capabilities.

Akamai’s Bot Manager promises to deliver advanced bot detection to spot and avert the most evasive threats.

“Simply blocking all bot traffic impacts beneficial and harmful bots alike,” Singer explained. “Akamai’s Bot Manager gives you the flexibility to apply different management actions to different categories of bots in order to achieve superior business and IT outcomes. Bot Manager can also be extended and customized, depending on the business’ budget and needs.”

Akamai has a range of security solutions to protect the gaming industry:

DDoS mitigation solutions. A DDoS attack mitigation solution works by deflecting DDoS traffic in one of the outer layers – the network layer7. As modern cyberattacks become more and more advanced, DDoS mitigation helps to provide multiple layers of security and extends beyond the game servers, detecting and reducing DDoS attacks.

Bot Management Solutions. Bot Manager runs on the Akamai Intelligent Edge Platform, a globally distributed content delivery network (CDN) comprising more than 240,000 servers worldwide8. This means that Bot Manager is deployed at the edge, so bot traffic can be detected and mitigated at Akamai’s edge servers rather than allowing that traffic to hit the game server’s origin. As a result, the publisher gets faster detection and mitigation capabilities, along with reduced stress on the gaming infrastructure.

Customer Identity & Access Management (CIAM). CIAM is a digital identity management tool that enables organizations to capture, manage, and secure customer identities, as well as protect against identity fraud and optimize user experience9. These capabilities enable seamless and safe experiences for gamers while providing publishers with actionable insights on their user’s data.