Threat Intelligence

3/5/2019
04:20 PM
Connect Directly
Twitter
RSS
E-Mail
100%
0%

Cybercriminals Target Young Gamers

Deceptive and inappropriate tactics are prevalent in free gaming apps, according to a new report to be released at the RSA Conference.

RSA CONFERENCE 2019 – San Francisco – Children under the age of 12 who play video games have become a prime target for cybercriminals, who are taking advantage of the kids' naivete and susceptibility to influence, according to a new report by Rubica.

Rubica CEO Frances Dewing, who will discuss the report at an RSA session Wednesday afternoon, says parents should look out for free gaming apps, which almost always contain advertisements and in-app purchase or upgrade options.

"An adult consumer expects to be advertised to when using an otherwise free service," Dewing says. "Using advertising or in-app purchasing as a revenue method is a socially accepted practice. However, the problem with free apps targeting children is that studies have proven that children are often unaware that what they are watching or interacting with is an advertisement."

The major app stores do not contain safety ratings that factor in advertising practices or guidelines for parents, guardians, or educators, Dewing adds.

"More concerning in a game or app made for young children is the prevalence of deceptive and inappropriate tactics," Dewing explains. "It's not uncommon for kids' apps to contain aggressive prompts to download other apps that may be age-inappropriate or unlock gates for cybercriminals to access everything from emails to banking apps."

Dewing says there have been numerous cases in which wealthy individuals have lost hundreds of thousands of dollars in hacking cases involving children and video games, though such cases typically do not make the news.

Michael Bruemmer, vice president of consumer protection at Experian, says preying on young children playing video games has become a perfect storm around three trends: the lack of awareness of the children; the exploding world of downloads and apps kids have access to without proper adult supervision; and the unblemished identities of the children.

Threat actors steal the identities of young children to pose as adults and set up fraudulent credit cards and bank accounts.

"There was a case I heard of in which a woman who worked from home had her children download games onto her work computer, only to find out that a bad threat actor had injected keylogging software that stole user name and password information," Bruemmer says. "When the woman planned to make a wire transfer of $28,000, the bad threat actor posed as one of the kids in an email and had the exchange diverted. Fortunately, two-factor authentication software used by the broker intercepted the wire exchange and the fraudulent wire transfer was stopped."

As part of the Rubica study, the company evaluated the top 20 free kids apps on the iTunes and Google Play app stores. A recent Experian report also discusses cyberthreats to the online gaming industry.

Related Content:

 

 

Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry's most knowledgeable IT security experts. Check out the Interop agenda here.

Steve Zurier has more than 30 years of journalism and publishing experience, most of the last 24 of which were spent covering networking and security technology. Steve is based in Columbia, Md. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
3/6/2019 | 10:05:40 AM
On Gamers
They are a different breed - very skiled at a limited set of functions and live for super high end systems.  Beyond that they lack security rules and protocols.  I found some great tech info on a gamer site a long time ago - so it can be a good thing but I would rarely put stock into their world.  I mostly moved away from Games at the end of the DOOM - HERETIC -HEXEN - DUKE NUK'EM cycle some years ago.   DOOM was and still is a great game
Crowdsourced vs. Traditional Pen Testing
Alex Haynes, Chief Information Security Officer, CDL,  3/19/2019
BEC Scammer Pleads Guilty
Dark Reading Staff 3/20/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
The State of Cyber Security Incident Response
The State of Cyber Security Incident Response
Organizations are responding to new threats with new processes for detecting and mitigating them. Here's a look at how the discipline of incident response is evolving.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-10091
PUBLISHED: 2019-03-21
AudioCodes IP phone 420HD devices using firmware version 2.2.12.126 allow XSS.
CVE-2018-10093
PUBLISHED: 2019-03-21
AudioCodes IP phone 420HD devices using firmware version 2.2.12.126 allow Remote Code Execution.
CVE-2017-2659
PUBLISHED: 2019-03-21
It was found that dropbear before version 2013.59 with GSSAPI leaks whether given username is valid or invalid. When an invalid username is given, the GSSAPI authentication failure was incorrectly counted towards the maximum allowed number of password attempts.
CVE-2017-16231
PUBLISHED: 2019-03-21
** DISPUTED ** In PCRE 8.41, after compiling, a pcretest load test PoC produces a crash overflow in the function match() in pcre_exec.c because of a self-recursive call. NOTE: third parties dispute the relevance of this report, noting that there are options that can be used to limit the amount of st...
CVE-2017-16232
PUBLISHED: 2019-03-21
** DISPUTED ** LibTIFF 4.0.8 has multiple memory leak vulnerabilities, which allow attackers to cause a denial of service (memory consumption), as demonstrated by tif_open.c, tif_lzw.c, and tif_aux.c. NOTE: Third parties were unable to reproduce the issue.