Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

3/5/2019
04:20 PM
Connect Directly
Twitter
RSS
E-Mail
100%
0%

Cybercriminals Target Young Gamers

Deceptive and inappropriate tactics are prevalent in free gaming apps, according to a new report to be released at the RSA Conference.

RSA CONFERENCE 2019 – San Francisco – Children under the age of 12 who play video games have become a prime target for cybercriminals, who are taking advantage of the kids' naivete and susceptibility to influence, according to a new report by Rubica.

Rubica CEO Frances Dewing, who will discuss the report at an RSA session Wednesday afternoon, says parents should look out for free gaming apps, which almost always contain advertisements and in-app purchase or upgrade options.

"An adult consumer expects to be advertised to when using an otherwise free service," Dewing says. "Using advertising or in-app purchasing as a revenue method is a socially accepted practice. However, the problem with free apps targeting children is that studies have proven that children are often unaware that what they are watching or interacting with is an advertisement."

The major app stores do not contain safety ratings that factor in advertising practices or guidelines for parents, guardians, or educators, Dewing adds.

"More concerning in a game or app made for young children is the prevalence of deceptive and inappropriate tactics," Dewing explains. "It's not uncommon for kids' apps to contain aggressive prompts to download other apps that may be age-inappropriate or unlock gates for cybercriminals to access everything from emails to banking apps."

Dewing says there have been numerous cases in which wealthy individuals have lost hundreds of thousands of dollars in hacking cases involving children and video games, though such cases typically do not make the news.

Michael Bruemmer, vice president of consumer protection at Experian, says preying on young children playing video games has become a perfect storm around three trends: the lack of awareness of the children; the exploding world of downloads and apps kids have access to without proper adult supervision; and the unblemished identities of the children.

Threat actors steal the identities of young children to pose as adults and set up fraudulent credit cards and bank accounts.

"There was a case I heard of in which a woman who worked from home had her children download games onto her work computer, only to find out that a bad threat actor had injected keylogging software that stole user name and password information," Bruemmer says. "When the woman planned to make a wire transfer of $28,000, the bad threat actor posed as one of the kids in an email and had the exchange diverted. Fortunately, two-factor authentication software used by the broker intercepted the wire exchange and the fraudulent wire transfer was stopped."

As part of the Rubica study, the company evaluated the top 20 free kids apps on the iTunes and Google Play app stores. A recent Experian report also discusses cyberthreats to the online gaming industry.

Related Content:

 

 

Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry's most knowledgeable IT security experts. Check out the Interop agenda here.

Steve Zurier has more than 30 years of journalism and publishing experience, most of the last 24 of which were spent covering networking and security technology. Steve is based in Columbia, Md. View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
3/6/2019 | 10:05:40 AM
On Gamers
They are a different breed - very skiled at a limited set of functions and live for super high end systems.  Beyond that they lack security rules and protocols.  I found some great tech info on a gamer site a long time ago - so it can be a good thing but I would rarely put stock into their world.  I mostly moved away from Games at the end of the DOOM - HERETIC -HEXEN - DUKE NUK'EM cycle some years ago.   DOOM was and still is a great game
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/1/2020
Ripple20 Threatens Increasingly Connected Medical Devices
Kelly Sheridan, Staff Editor, Dark Reading,  6/30/2020
DDoS Attacks Jump 542% from Q4 2019 to Q1 2020
Dark Reading Staff 6/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The Threat from the Internet--and What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15478
PUBLISHED: 2020-07-01
The Journal theme before 3.1.0 for OpenCart allows exposure of sensitive data via SQL errors.
CVE-2020-6261
PUBLISHED: 2020-07-01
SAP Solution Manager (Trace Analysis), version 7.20, allows an attacker to perform a log injection into the trace file, due to Incomplete XML Validation. The readability of the trace file is impaired.
CVE-2020-15471
PUBLISHED: 2020-07-01
In nDPI through 3.2, the packet parsing code is vulnerable to a heap-based buffer over-read in ndpi_parse_packet_line_info in lib/ndpi_main.c.
CVE-2020-15472
PUBLISHED: 2020-07-01
In nDPI through 3.2, the H.323 dissector is vulnerable to a heap-based buffer over-read in ndpi_search_h323 in lib/protocols/h323.c, as demonstrated by a payload packet length that is too short.
CVE-2020-15473
PUBLISHED: 2020-07-01
In nDPI through 3.2, the OpenVPN dissector is vulnerable to a heap-based buffer over-read in ndpi_search_openvpn in lib/protocols/openvpn.c.