System availability is central to the smooth operation of the billion-euro gambling and gaming market. This industry is particularly attractive to cybercriminals, who consider it an easy source for credit card information, and who are also aware of the characteristics of this niche demographic of consumers who spend money relatively easily.
Some of the threats faced by the gaming and gambling industry, and their consequences, as summarized by Trend Micro, include:
- Social engineering scams, in which accounts are stolen from legitimate players, and can lead to a loss of resources
- The sale of elite accounts in the underground market, which can potentially disadvantage legitimate players
- Illegal gambling, where underground betting can compromise the integrity of the game and the players
Pro players are also susceptible to various threats:
- Ransomware attacks, where the attackers lock the game profiles using malware, save the data and demand ransom for its release – potentially causing data loss as well as financial loss
- Illegal cheats, where players buy aimbots and wallhacks from underground forums, which can compromise gameplay, in addition to financial loss
- Theft of multiple account credentials, which will potentially compromise PII and the credit account, as well as cause the loss of account of in-game valuables
In tournaments, DDos attacks can cause problems in performance, and connectivity can be ransomed, causing lost game time and possibly loss of resources. Also, vulnerable servers can be targeted, thus disrupting games, and matches can be fixed.
In addition to the above consequences, any successful attack also harms the attacked company’s reputation and tarnishes its image.
In its Gaming in the Pandemic report, Akamai, the content delivery network provider, revealed a massive increase of 340% in cyber attacks targeting the gaming industry between 2019 and 2020. The report further stated: “We know from our own research that there were group chats on Discord (a popular social platform) dedicated to SQL Injection (SQLi), Local File Inclusion (LFI), and Cross-Site Scripting (XSS) techniques, tools, and “best” practices. The popular discussions and tutorials centered on all-in-one tools and using services like Shodan and Censys to locate databases, unprotected assets, and more. The key to many of these discussions was leveraging known tools and services as a means of obfuscation during their searching and scanning efforts.”
Additionally, Akamai found that SQLi was by far the most common method, accounting for 59% of the attacks, with LFI attacks coming second at almost a quarter, and XSS attacks responsible for only 8%. However, it also noted that the gaming industry was hit with more than 10 billion credential-stuffing attacks in 2020, a 224% increase compared to 2019. Akamai registered millions of these attacks targeting the industry each day, with a spike of 76 million attacks recorded in April, 101 million in October, and 157 million in December 2020.
ACID’s state-of-the-art solution alerts to planned cyber attacks on gambling and gaming companies, provides them with detailed information to effectively counter these attacks, and maintain business continuity and profitability.