Big Data Intelligence - Or Katz, Akamai and Tsvika Klein, Akamai
Volume 5, Issue 3 Web Attacks & Gaming Abuse...Criminals are going to follow the money. Over the...
Transcript of Volume 5, Issue 3 Web Attacks & Gaming Abuse...Criminals are going to follow the money. Over the...
[state of the internet] / securityExecutive Summary:
Web Attacks &
Volume 5, Issue 3
Gaming Abuse
Editor’s Note:This issue of the State of the Internet / Security report examines web attack and credential abuse trends in the
gaming industry over the past 17 months.
We chose to focus on the gaming industry in this report. Trade in game accounts represents one of the most
active and rapidly evolving underground economies, fueled purely by credential abuse. We also take a look at
the growing trend of SQL injection (SQLi) as a method of web application attacks, along with the countries that
are the top sources for web application attacks and credential stuffing.
Guest Author: Monique BonnerIn this issue, Akamai Chief Marketing Officer Monique Bonner reflects on three lessons about working with
security teams she’s learned since taking on her role three years ago:
“I used to believe our security product and research teams were like any other in the tech space: Innovation
focused, improvement oriented, all while keeping an eye on costs and ROI. And what I’ve learned is that, while
those things are certainly part of what our security teams do, it’s not what drives them. It’s not what keeps them
curious. It’s not what keeps them awake for 24 hours straight to help defend a customers’ website during a
DDoS attack.”
[state of the internet] / security
Web Attacks & Gaming Abuse: Executive Summary 2
Top Web Attack Vectors November 2017 – March 2019
[state of the internet] / security
Web Attacks & Gaming Abuse: Executive Summary 3
Big Picture of Web AttacksIn the 17-month period tracked by this report, Akamai
saw that SQLi attacks represented nearly two-thirds
of all web application attacks. While every application
attack vector has remained stable with an even
growing pattern, none are growing as quickly as SQLi.
Top Source Countries – All Verticals Top 10 Web Attack Source Countries November 2017 – March 2019
COUNTRY TOTAL ATTACKS GLOBAL RANK
United States 967,577,579 01
Russia 608,655,963 02
Netherlands 280,775,553 03
China 218,015,784 04
Brazil 155,603,585 05
Ukraine 154,887,375 06
India 142,621,086 07
France 121,691,941 08
Germany 113,233,187 09
United Kindom 102,531,816 10
Where are the attacks coming from? The United States
currently holds the top spot in both as the source
country and the target country. However, Russia, the
Netherlands, and China are all high on the list of
where these types of attacks are originating.
0.0 B
0.5 B
1.0 B
1.5 B
2.0 B
2.5 B
4.5% 2.2% 1.7% 1.8%
SQL Injection LFI XSS PHPi
Attack Vector
Att
acks
(Bill
ions
)
RFI Other
65.1%
24.7%
Attacks
100,000,000
1,000,000
10,000
10
Akamai secures and delivers digital experiences for the world’s largest companies. Akamai’s intelligent edge platform surrounds everything, from the enterprise to the cloud, so customers and their businesses can be fast, smart, and secure. Top brands globally rely on Akamai to help them realize competitive advantage through agile solutions that extend the power of their multi-cloud architectures. Akamai keeps decisions, apps, and experiences closer to users than anyone — and attacks and threats far away. Akamai’s portfolio of edge security, web and mobile performance, enterprise access, and video delivery solutions is supported by unmatched customer service, analytics, and 24/7/365 monitoring. To learn why the world’s top brands trust Akamai, visit www.akamai.com, blogs.akamai.com, or @Akamai on Twitter. You can find our global contact information at www.akamai.com/locations. Published 06/19.
For an in-depth look at these stories, please download the full report:
State of the Internet / Security: Web Attacks and Gaming Abuse
Credential Abuse & Gaming
Looking Forward
Criminals are going to follow the money.
Over the past 17 months, Akamai saw a total of 55
billion credential stuffing attacks, and the gaming
industry accounted for 12 billion of them. Criminals in
the gaming vertical will often target users of popular
games, and work to find accounts that they can
compromise. Once those attackers are armed with
the necessary credentials, the compromised account
can then be traded or sold, making the underground
economy for credentials a lucrative spot.
Many gaming companies have warned players against
password reuse across multiple websites and games.
Password reuse is a primary reason why credential
stuffing attacks are so successful. While good
credential hygiene is the responsibility of the end
user, businesses must work to bridge the knowledge
gap in order to keep their customers and users safe.
Across all industries, the United States is still the top
source for credential stuffing attacks. However,
when you look into the gaming vertical specifically,
the United States drops to third, behind Russia
and Canada.
The gaming industry is popular in the worst of ways
— it’s the target. The data and stories presented
in the latest issue of the State of the Internet /
Security illustrate that these trends will likely not
trend downwards in the near future. While gaming
companies continue to innovate and improve their
defenses, these organizations must also continue
to educate their consumers on how to protect and
defend themselves. When consumers and businesses
follow best practices, we might even see a limit on the
impact of credential abuse campaigns.
[state of the internet] / security
Web Attacks & Gaming Abuse: Executive Summary 4
Top Source Countries – Gaming
COUNTRY TOTAL ATTACKS GLOBAL RANK*
Russia 2,674,783,777 02
Canada 1,486,753,732 04
United States 1,435,752, 015 01
Vietnam 617,097,561 09
India 599, 317,123 06
*All Verticals