This installment of State of the Internet / Security examines credential stuffing and web application attack trends over the last 17 months, with a focus on the gaming industry. One reason gaming is so lucrative is the trend of adding easily commoditized items for gamers to consume, such as cosmetic enhancements, special weapons, or other related items. Gamers are also a niche demographic known for spending money, so their financial status makes them tempting targets. We began collecting credential abuse data at the beginning of November 2017 and chose to use the same period with our application attack data to make direct comparisons between plots easier for readers.
Credential abuse is nothing new for the gaming industry, where virtually any gamer can share an anecdote about an account that has been taken over due to credential stuffing attacks. Over the 17-month period, Akamai witnessed 55 billion credential stuffing attacks — showing that no industry is immune to them. The gaming industry alone saw 12 billion of those attacks, marking it as a growing target for criminals looking to make a quick buck. For now, attackers see credential abuse as a low-risk venture with potential for a high payout, and these types of attacks are likely to increase for the foreseeable future.
We didn’t forget about web attack data. When we look at web attack data historically observed by Akamai, 89.9% of the attacks fall into one of two categories: SQL Injections (SQLi) and Local File Inclusion (LFI) attacks. The data over this same 17-month period shows that SQLi have continued to grow at an alarming rate as an attack vector. While we can see that the attacks escalated with the holiday shopping season, they never returned to their previous levels.