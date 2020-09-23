10% of all attempts to steal accounts from stolen credentials happened in the gaming world. The data is from Akamai, a company in the segment of games for streaming and cloud computing, which places the segment as one of the most affected in the world when it comes to digital attacks, with the profiles of users at risk as well as servers, which are usually targets of denial of service scams and invasion attempts, mainly.

According to research conducted by the company, there were 10 billion attacks of this type recorded between 2018 and 2020, a significant portion of the total of 100 billion recorded in the same period in the entire technology industry. According to Akamai, the scams intensified during the pandemic, when interest in games also grew exponentially, but this characteristic represents an acceleration of an increase movement that was already being felt, especially with the increasing application of multiplayer between different platforms. and cloud architectures to allow all that gaming.

Akamai paints a negative outlook for the segment, stating that the market is facing hackers without limits and capable of carrying out highly sophisticated scams, while companies and players do not always have the adequate mechanisms to protect themselves. While credential stuffing was considered the most common type of crime, experts also cited phishing attempts as a great bait for attacks, always focused on stealing emails and passwords to profiles that are later resold on the black market.

It is a movement that accompanies the explosion of free titles with the so-called loot boxes, boxes of items that are obtained by users playing or by purchasing with real money. Exclusive items, periodic campaigns and other events created a market for characters, weapons and personalized items, with an account full of elements of this type that can be worth a lot of money, which, also, ends up making the action of these hackers highly profitable.

Basically, a credential stuffing scam happens when criminals, using bots and automated systems, try to access different services and social networks from leaked or stolen data from other platforms. They bet on the idea that users will use the same e-mails and passwords on more than one platform and will not pay attention to such compromises, in addition to having no additional protection mechanisms activated.

Call of Duty players were hit this week by an alleged leak of credentials; Activision was criticized for not using two-step authentication to protect profiles (Image: Disclosure / Activision)

This is what happened this week, for example, with Activision, which is facing an alleged leak of more than 500,000 player credentials from Call of Duty. The company denied any attack on its servers, while reports of users who had their profiles stolen while game systems do not have basic security measures, such as two-factor authentication, accumulate.

Other methods

Akamai’s research also reports a total of 152 million attacks against gaming servers and web applications, a total that represents less than 2% of the 10.6 billion attempts of this type recorded in the technology industry. The objectives here are the theft of user information and company secrets, as well as other data stored in the infrastructures, as well as attempts to hinder their functioning. Also between 2018 and 2020, more than half of denial of service attacks targeted gaming companies, a total of 3,000 out of 5,600 occurrences.

The service also points out criminal works aimed at exploiting flaws and breaches in online systems, aimed at creating cheating systems and handling accounts, also elements that generate considerable profits. And while companies in the industry struggle to stay protected and, above all, operating, Akamai cites a distortion between the existing danger and concern for protection.

In a survey that remains to be revealed and whose data has been put forward by Akamai, 55% of players said that at least one of their gaming-related accounts was compromised at some point. However, only 20% of respondents said they were concerned about this to the point of adopting best practices or additional protection mechanisms; on the contrary, 54% of them believe that doing so is a shared responsibility between them and companies in the industry. A result that, as the study points out, represents a full and very lucrative dish for digital criminals.

Source: VentureBeat