Cyber threats surge in gaming industry through 2024

According to recent data from Akamai, a significant increase in cyber threats has been observed within the gaming industry throughout 2024. The findings highlight that the sector is experiencing unprecedented levels of bot activity, web attacks, and Distributed Denial-of-Service (DDoS) attacks.

The year began with a record number of bot requests targeting the gaming industry, with January alone seeing 147 billion bot requests. The data indicates a near 4-fold increase in bot traffic between the first quarter of 2023 and the same period in 2024. January and June were particularly problematic months, as bot requests tripled in June 2024 compared to June 2023. Akamai's report noted that these spikes coincided with major gaming sales events, such as the Steam summer and winter sales.

Akamai’s security researchers also reported a 94% increase in web attacks against games from Q1 2023 to Q1 2024, with the month of June 2024 surpassing the 1 billion attack threshold. Structured Query Language injections (SQLi) were identified as a primary method of attack, with over 700 million incidents reported. Other traditional web attack methods, including cross-site scripting (XSS) and server-side request forgery (SSRF), were also noted but to a lesser extent.

Layer 7 DDoS attacks, which target applications directly, almost doubled year-on-year, also with a 94% increase. Akamai’s data reveals that December 2023, alongside June and August 2023, and May 2024, saw over 25 billion Layer 7 DDoS attacks each month. Despite a slight dip in February 2024, the number of attacks remained higher than it had been in the early months of 2023.

The Asia-Pacific and Japan (APJ) region contributed significantly to these cyber threat statistics, registering 186 billion Layer 7 DDoS attacks over the past 18 months. This region leads the gaming market in global revenue, generating USD $85.8 billion in 2023. It also has a substantial player base, accounting for 23% of its population, which impacts the industry heavily.

The data further reveals that North America experienced the highest number of bot requests, with 845 billion in total, making it a lucrative target for cybercriminals during high traffic periods like the Steam sales. Additionally, web attacks in North America were orders of magnitude higher than in Europe, the Middle East, and Africa (EMEA) and APJ regions. Between January 2023 and June 2024, North America faced nearly 9 billion web attacks, a stark contrast to the combined 332 million attacks observed in EMEA and APJ.

The findings also touch upon the role of subscription services in gaming, which have increased user accounts and opportunities for credential stuffing and other forms of account abuse. This has led to heightened risks, particularly during peak periods of digital transactions and user activity.

Akamai’s report highlights the security vulnerabilities within the gaming community, where collaborative and open behaviour often conflicts with stringent cybersecurity practices. The industry’s culture of modding and botting, while enriching the gaming experience, also presents avenues for cyberattacks. It’s emphasized that threat actors often leverage the same tactics and techniques used in general gameplay to perpetrate malicious activities.

These statistics underscore the complexities and evolving nature of cybersecurity threats faced by the gaming industry and point to the critical need for enhanced security measures to protect both developers and players alike.