The games industry is facing a significant increase in security threats, with a common form of attack up 94% in the past year, according to cybersecurity researcher Tricia Howard. With 2.58 billion video gamers worldwide and $183.9 billion in revenues projected for 2023, the industry is a prime target for malicious actors. One of the unique aspects of the games industry is its prevalent threat actor profile, known as the troublemaker. These individuals can build bots to take down streamers or deliver malicious payloads through chat features, highlighting the need for robust security measures.
The games industry embraces behaviors that may be viewed as suspicious or malicious in other sectors. Modding and botting, for example, are integral to the gaming culture and gameplay in certain scenarios. However, these same practices can also be utilized for malicious purposes, blurring the line between harmless activities and potential security threats. The overlap between gaming enthusiasts and individuals with technical knowledge creates opportunities for both rule-breaking and technical discoveries.
In addition to cyber threats within the games themselves, the industry must also contend with external security challenges. Attackers are attracted to the industry’s financial potential, and the multitude of targeted ads in games can influence players’ spending habits and attract threat actors. The rise of subscription services in the gaming world has further expanded the attack surface, increasing the likelihood of credential stuffing and account abuse.
Layer 7 distributed-denial-of-service (DDoS) attacks have seen a significant increase, with more than 25 billion attacks observed in four out of the last 18 months. The Asia-Pacific and Japan region has the highest global revenue for the games industry and has experienced the most Layer 7 DDoS attacks in the past 18 months. Bots are also prevalent in the gaming industry, with a 391% growth in bot requests from Q1 2023 to Q1 2024. The Steam Summer and Winter Sales periods see a surge in bot traffic, posing a challenge for both gamers and game companies.
Web application firewall (WAF) attacks have seen a steady increase in the gaming industry, with SQL injection (SQLi) being the most significant threat. LFI attacks, which can lead to other web-based attacks, have also been on the rise in recent years. The sporadic nature of SQLi attacks may be attributed to the release of highly anticipated games and the COVID-19 backlog, which increased demand and attracted malicious actors.
Despite these security challenges, the games industry continues to inspire real-world innovation. The community’s passion for gaming has led to the creation of technologies and lifestyles that were once confined to the digital realm. However, it is crucial for game publishers to prioritize security measures and collaborate with cybersecurity experts to ensure the safety of both players and their platforms.