SOTI Research: Gaming In A Pandemic
Welcome to the second edition of SOTI Research. In this edition, we look at the attacks and trends in the gaming industry during 2020.
SOTI Research is a condensed, shorter version of our traditional State of the Internet / Security reports, offering focused data points and contextual awareness across a number of threat landscapes.
2020 was a volatile year. Web attacks targeting the gaming industry were up 340% year over year between 2019 and 2020, and credential stuffing attacks were up 224%. Strangely enough, DDoS attacks against the gaming industry fell by nearly 20% during the same period.
Gamers are a focused, highly engaged, and motivated demographic. Criminals, on the other hand, are cold and ruthless -- and gamers, as well as gaming companies, are some of their favorite targets.
Gaming companies are constantly working to secure their infrastructure against all types of attacks. Online gaming companies, just like other enterprises, pay close attention to web-based attacks and trends. In 2020, Akamai tracked 246,064,297 web application attacks in the gaming industry, representing about 4% of the 6.3 billion attacks we tracked globally.
Some of this statistical growth is due to additional visibility on Akamai's part, as new customers were added to the global network. However, the main driver behind the increase in attacks isn't new customers; it's persistent criminals.
SQLi is still the number one attack vector in the gaming industry at 59%, followed by LFI attacks at 24%. XSS attacks and Remote File Inclusion (RFI) attacks are a distant third, at 8% and 7%, respectively. Over the past three years, this really hasn't changed at all.
When criminals targeted the gaming industry in 2020, they focused most of their efforts on games or gaming companies located in the United States (242 million attacks), but also directed attacks toward targets in Asia (2.2 million attacks) -- both massively popular areas when it comes to desktop, console, and mobile gaming.
Credential stuffing was also a major problem for the gaming industry in 2020, representing about 6% of the 193 billion attacks Akamai has tracked globally.
In all, there were 10,851,228,730 credential stuffing attacks in the gaming industry in 2020, amounting to a 224% increase year over year compared to 2019. Over three years, between 2018 and 2020, credential stuffing attacks in the gaming sector grew by 24%.
To read more, including sections around mobile gaming and DDos, check out the latest report.