Hackers Target Young Gamers: How Your Child Can Cause Business Compromise

  /     /     /  
Publicated : 23/11/2024   Category : security


Hackers Target Young Gamers: How Your Child Can Cause Business Compromise


Its 10 p.m. Do you know what your children are playing? In the age of remote work, hackers are actively targeting kids, with implications for enterprises.



Video games are a part of nearly every kids life, and distributed work is increasingly a part of every adults. According to experts, its a recipe for small-time gaming scams to turn into larger-scale business compromises.
Hackers will leverage anything popular or good in this world, and
video games are no exception
. As described in a March 1
blog post from Kaspersky
, financially motivated attackers are targeting children, in particular, with open-faced scams aimed at stealing in-game items, account credentials, and bank details.
The story doesnt necessarily end there, though. Even a primitive phishing attack against a kid playing Fortnite could, theoretically, turn into a wider attack not just against the parent but also the parents workplace.
An attack that targets a business, through an employee or through an employees child, may seem like a step too much work when
phishing
and
business email compromise
are so much simpler. But, to state the obvious: Children are easy marks, and nearly
all of them play video games
. That, combined with the proliferation of remote work and bring-your-own-device (BYOD) policies, makes this vector a long-tailed but fruitful one for attackers.
Last year, researchers for Avanan uncovered a
surge of Trojans
hidden in cheat codes for the ultrapopular online game Roblox. The file would be downloaded by the child, explains Jeremy Fuchs, cybersecurity researcher/analyst at Avanan, and then, most likely, mistakenly uploaded to a corporate OneDrive folder. This file installs library files (DLL) into the Windows system folder. The malicious code can be perpetually referenced by Windows and remains running.
This is just one of
many forms
that
gaming scams
can take. For example, weve seen multiple cases in which a BYOD device was compromised via a gaming-related phishing site, which led to the compromise of the connected corporate network, says Jordan LaRose, practice director for infrastructure security at NCC Group. Another gaming-related vector weve seen in the wild are direct exploits through users playing games. This is most common on mobile devices but can affect desktop gaming as well. Attackers will either embed an exploit directly in an attractive mobile game that users download and thereby compromise their mobile device, or target a user playing a game with a remote code execution (RCE) vulnerability to compromise the computer running it.
Mere weeks ago, such a vulnerability was being exploited in the mega-hit
Grand Theft Auto V
.
The potential damage caused by such a compromise is clear. Trojans like this can break applications, corrupt or remove data, and send information to the hacker, Fuchs says.
Whats less obvious but more worrisome is how this damage could extend beyond the device or even the home in question.
Fuchs puts it bluntly: The perimeter no longer exists.
We can access work documents on home computers and vice versa, he says, but it also relates to game usage.
Young children, especially, often play games from their parents PCs and mobile phones or, if nothing else, their home Wi-Fi. Parents then take their PCs and phones to work, or work remotely from their home network.
Fuchs theorizes that kids could be playing on their parents computer and accidentally upload it. This is an easy way for compromises and malicious files to easily infect your corporate cloud. But in most cases, a child need not go that far — attackers can make the jump from home to office on their own.
In the era of BYOD and remote working, LaRose explains, attackers often just need to compromise a users personal computer to get a foothold on a corporate network. Once an attacker has a foothold on a personal device, they can often steal a VPN session or browser session, or simply find a users corporate credentials stored in their computer.
In their blog post, Kaspersky researchers recommended that gamers practice diligent cyber hygiene: strong passwords, two-factor authentication, antivirus, and the like. They also highlighted the utility of virtual bank cards that only fill to meet the exact amount of a particular purchase.
By entering the numbers from your bank card, Kaspersky explained, you risk losing all the funds you have there. And remember that a bundle of licensed games selling for a song is a reason to be wary.
LaRose stresses that gaming is not innately any more insecure an activity than normal Web browsing. Still, because
gaming can be
just as
insecure
, businesses should do everything they can to separate a users presence in the corporate environment and the personal one.
He recommends implementing endpoint/extended detection and response (EDR/XDR) and a security operations center (SOC) that can help respond in case of a breach.
The most important defenses of all, though, are the policies and procedures businesses that implement to address remote work and BYOD.
If BYOD is absolutely necessary for a business to function, LaRose says, they should limit the policy to mobile phones only and ensure they use a strong mobile device management (MDM) solution that separates work and personal data on the phone. This is an imperfect solution with some workarounds for attackers but will at the very least serve as a deterrent and give the business more visibility into any potential exposures.

Last News

▸ New threat discovered: Mobile phone ownership compromised. ◂
Discovered: 23/12/2024
Category: security

▸ Some DLP Products Vulnerable to Security Holes ◂
Discovered: 23/12/2024
Category: security

▸ Scan suggests Heartbleed patches may not have been successful. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Hackers Target Young Gamers: How Your Child Can Cause Business Compromise