Cyber Attacks Targeting the Gaming Industry Soared During COVID

Large numbers of people have been working from home since the pandemic, relying on remote working tools in order to stay connected to their workplace and do their jobs. But not everything has been about work. With limited ability to take vacations, and places like movie theaters, bars, and restaurants closed in many cases, it’s no surprise that online games have boomed during COVID. Particularly popular were online titles which provided a form of socializing for people at a time when socializing wasn’t exactly possible for most.

Unfortunately, whenever there’s a market boom, there’s also an uptick in cyber attacks targeting that particular market. That is unequivocally true for gaming, which experienced a big surge in attacks in 2020, totalling hundreds of millions of attempted cyber attacks leveled against the  industry.

Those without the proper protection, such as a web application firewall, were in trouble.

Games industry is booming. So are attacks

According to one report, the global gaming market generated an astonishing $159.3 billion in revenue during 2020. That’s 9.3% year-over-year growth for an industry that is already bigger than sports and movies combined. This would be good in any year, but was particularly impressive at a time when the economy was depressed, many businesses were struggling, and the leisure industry was going through one of its toughest times in decades.

Cyber attacks against games companies raged throughout the year. In June 2020, beloved video game giant Nintendo announced that 300,000 user accounts had been hacked. In November, Ubisoft said that it was investigating the claim that a ransomware gang had posted a 558 GB collection of source code and other resources relating to its Watch Dogs: Legion title on various file-sharing site networks. Meanwhile, Activision Blizzard games were hit with a Distributed Denial of Service (DDoS) attack that affected the gaming experience of players of Call of Duty titles, World of Warcraft, and Overwatch.

While these examples were all from a several-month stretch in one particular year, picking out any year in gaming history — especially with the rise of online gaming — would yield similar undesirable discoveries.

The attacks certainly add up. One recent report, looking at “Gaming in a Pandemic,” suggested that cyber attacks aimed at the games industry had increased a dramatic 340% in 2020, compared to just one year previous. In total, upwards of 240 million attack attempts were made last year.

Some of the most common attacks

The most common attack aimed at the games industry in 2020 was SQL injection. In an SQL injection attack, bad actors weaponize malicious SQL code to try and gain entry to backend database information not ordinarily available to the public. The reason for doing this is frequently to steal private information about users or else to gain administrative access to databases in a way that can be exploited to cause disruption.

Also popular (although not so with those targeted in an attack) mode of attack was local and remote file inclusion attacks, in which web applications are fooled into exposing and/or running files on a web server, potentially leading to remote code execution or information being disclosed illicitly. Credential stuffing attacks, in which stolen user credentials are used to try and log into other web applications, were also on the rise, with large archives of stolen passwords and usernames available for sale on illegal websites for as little as a few dollars.

DDoS attacks, while not experiencing quite the same surge in numbers in 2020 as other attack methods, additionally continued. In a DDoS attack, online services are bombarded with massive quantities of fake traffic with the goal of taking them offline. In the case of a gaming title played online, that means, disastrously, that no players can game during this time. Depending on the title, a DDoS attack that brings play to a standstill could cost its developer millions of dollars.

Get ready to upgrade

There is no single approach that stops any and all cyber attacks from happening. Sadly, as evidenced by the soaring number of attacks against the games industry over 2020, it would also be foolish to bank on cyber attackers stopping attacks aimed at this sector.

However, games companies aren’t powerless. Just like a video game character upgrading its weapons to better defend against the scourge of AI enemies, cyber security tools can help safeguard against many forms of cyber attack.

One notable example that companies should have in their arsenal is a Web Application Firewall (WAF). WAFs work by examining traffic as it comes in and then blocking attempted attacks before they have the opportunity to cause any damage. One major plus point for WAFs is that they sit on the network edge, and don’t require that changes are made to an application.

The games industry is only going from strength to strength. Organizations should ensure that their cyber security defenses are being ramped up proportionally. Otherwise, it could be “game over.”

Nathaniel Villa
Nathaniel Villa