“Every business is impacted by credential stuffing botnets.”
America is the top source and targeted location for web based attacks, while gamer accounts are quickly becoming a favourite target of threat actors.
This is according to research from US-based cloud service provider Akamai that found in its State of The Internet report that SQL injection and Local Filer Inclusion attacks comprised over 85 percent of the attack vectors recorded. SQL injection attacks accounted for 65 percent of web based attack vectors from November 2017 to March 2019.
Akamai recorded just under four billion (3.993) web attack alerts over a 17 month period, with 1.23 billion of these occurring in the first quarter of 2019 alone.
SQL Injection Attacks
In its report Akamai noted that: “The growth of SQLi as an attack vector over the last two years should concern website owners. In the first quarter of 2017, SQLi accounted for 44% of application layer attacks. This actually represented a rather large drop from the previous baseline, which was historically slightly over 50%.”
The United States is not only getting attacked the most, but it is also the biggest source of attacks with over 2.6 billion attacks being traced back to US servers: “The United States maintains an unhealthy lead as the biggest source of these attacks, but Russia, the Netherlands, and China all show significant amounts of alerts originating from their countries.”
Of course it must be noted that an intelligent threat actor will mask not just their identity, but will obfuscate their attack vector and origin. As a result much of the attack traffic originating in the US will be the result of compromised networks being used as part of a botnet attack infrastructure.
Gaming Industry Under Attack
A key concern highlighted in the report is the rise of credential stuffing, a process that involves threat actors who have already obtained the login credentials of users from a previous attack or a simple purchase on the dark web. These stolen credentials are then used in attempts to login into other websites and accounts.
Credential stuffing is made possible due to the fact that many online users still erroneously have the same login details across multiple websites. Once a threat actor has the key to one, they have the key to all. The issue is finding what other accounts are using the same login details. So the simple solution is to automated the process and send in the bots.
Martin McKeay senior security advocate at Akamai commented a previous report that: “Every business is impacted by credential stuffing botnets. Many businesses just see the traffic because of scatter shot scans, but financial services and retail sites are prime targets. Account takeover is profitable for attackers, guaranteeing that it will be a threat for the foreseeable future.”
The gaming industry in particular seems to be vulnerable to this type of attack as it saw over 12 billion credential stuffing attacks targeting websites associated with video games. These websites are the access points for attackers to get into player accounts. Threat actors target player accounts as they can be attached to credit cards information.
These accounts can also have secondary value as players obtain high value in-game, often cosmetic items, which depending on their rarity have tradable value. For instance items collected in the first season of the online game Fortnite have been sold in auctions for hundreds of pounds, with rare items fetching thousands in online auctions.
The ever changing games industry is in a slightly unregulated state and security configurations change from publisher to publisher. Akamai note in its report that: “Unless multi-factor options are required, it is left up to the user to enable and use them, creating a classic trade-off between security and usability. Criminals are targeting these gaps and compromising dozens, if not hundreds, of accounts each day.”