Akamai Diversity

Akamai Security Intelligence & Threat Research

State of The Internet / Security: Web Attacks and Gaming Abuse

Akamai's annual customer conference, Edge World, kicked off on June 10 in Las Vegas, so what better time for us to release our latest State of the Internet report? State of the Internet / Security Volume 5, Issue 3 is focused on web attacks and takes a deeper dive into credential abuse in the gaming industry.

Why gaming? Not only is it a very active industry, but it also has a fast moving underground economy that is primarily fueled by credential abuse. Since many games now have many customizable options, which are typically an added cost, a successful credential stuffing attack for an attacker can mean an added pay day.

Over the past 17 months, Akamai observed 55 billion credential stuffing attacks. 12 billion of that 55 billion total targeted the gaming industry. They aren't anything new to this industry, however. Ask any gamer - they most likely have at least one anecdote about how a credential stuffing attack resulted in an account takeover.

The United States is still the top overall source for credential stuffing attacks, followed by Russia. However, when we look specifically at source countries for credential stuffing attacks against the gaming industry, Russia leap frogs the United States for the top spot.

Our guest author in this issue is Akamai's Executive Vice President and Chief Marketing Officer, Monique Bonner. In this feature, Bonner shares her top three lessons that she's learned from being a security CMO.  While Marketing and Security may seem like strange bedfellows to some, the partnership between teams is an important part of communicating with security professionals.

SQL Injections (SQLi) now currently represent nearly two-thirds of all web application attacks. We initially saw these attacks spike during the holiday season, however, they never returned to their previous levels.

Throughout this report, you'll notice that we looked at 17 months of data. We began collecting credential abuse data at the beginning of November 2017, and decided to use the same time frame with our application attack data in order to make direct comparisons between plots easier for all of our readers.

Want to dive deeper into all of these stories? Read the latest State of the Internet / Security today.

Leave a comment