Cyberattacks on young gamers up 57 percent in 2022
Woburn, MA – March 1, 2023 – Kaspersky data showed that cybercriminals launched more than 7 million attacks on children exploiting popular games titles in 2022. Kaspersky’s latest report, titled “The dark side of kids’ virtual gaming worlds” revealed the risks for young players in online gaming, and that focused attacks on this age group increased by 57 percent compared to 2021. Phishing pages used by cybercriminals to target young players mostly mimicked global titles including Roblox, Minecraft, Fortnite, and Apex Legends games. To reach parents’ devices and steal their information, cybercriminals create fake game sites evoking children’s interests, to get them to follow phishing pages and download malicious files.
The most exploited children’s games
Kaspersky experts analyzed threats related to the most popular online games for 3-16-year-old kids. Kaspersky security solutions detected more than 7 million attacks from January 2022 through December 2022. In 2021, cybercriminals attempted 4.5 million attacks, amounting to a 57 percent increase in attack attempts in 2022.
In 2022, 232,735 gamers encountered almost 40,000 files, including malware and potentially unwanted applications, that were disguised as the most popular children’s games. Since children of this age often do not have their own computers and play on their parents’ devices, the threats spread by cybercriminals are most likely aimed at obtaining credit card data and credentials of the parents.
The distribution of top 10 children’s games used as a lure for distribution of malware and unwanted software, by number of affected users, January 1, 2022 through December 31, 2022
In the same period, nearly 40,000 users tried to download a malicious file mimicking Roblox, a popular kids’ game platform. This was a 14 percent increase in the number of victims, compared to 33,000 gamers attacked in 2021. Since half of Roblox’s 60 million users are under the age of 13, the majority of victims of these cybercriminals’ attacks are potentially children who lack knowledge of cybersecurity.
Scams on children’s virtual worlds
According to Kaspersky statistics, phishing pages used by cybercriminals to target young players primarily mimicked Roblox, Minecraft, Fortnite, and Apex Legends games. In total, over 878,000 phishing pages were created for these four games in 2022.
One of the most common social engineering techniques targeting young players involves offers to download popular cheats and mods for games. On a phishing site the user may get a whole manual on how to install the cheat properly.
What’s particularly interesting is that there are specific instructions making a point about the need to disable the antivirus before installing the file. This may not alert young players, but it is specially created so malware avoids detection on the infected device. The longer the user’s antivirus is disabled, the more information might be collected from the victim’s computer.
Players are asked to turn off antivirus while downloading a suspicious file
Other key findings in the report include:
- The most popular titles exploited by cybercriminals are Minecraft and Roblox, both in 2022 and 2021.
- The top children's games ranked by number of attacked users even included games for the youngest children; Poppy Playtime and Toca Life World, primarily designed for 3-8-year-old players.
- Kaspersky experts observed a 41 percent rise in the number of affected users downloading malicious files disguised as Brawl Stars, reaching about 10 thousand gamers attacked in 2022.
“In 2022, cybercriminals even exploited games designed for 3-8-year-old children,” said Vasily M. Kolesnikov, security expert at Kaspersky. “This highlights that cybercriminals do not filter their targets by age and attack even the youngest gamers, with the likely target of reaching their parent’s devices. When focusing on young players, cybercriminals don’t even bother to make deception schemes less obvious. They hope children and teenagers have little or no experience or knowledge of cybercriminal traps and will easily fall for even the most primitive scams. Therefore, parents need to be especially careful about what apps their children download, whether their devices have trusted security solutions installed and should teach their children about how to behave online.”
The full report on kids’ threats in online gaming worlds is available on KDaily.
To keep your kids safe online, Kaspersky recommends users:
· Take an interest in your kids’ online activity. Ask them if you can watch their favorite series or listen to music tracks together. You can also learn together some secure practices to stay safe online.
· Parental control apps are a good option. But it’s important to discuss this topic with your child to explain how these apps work and why they’re needed to stay safe online.
· Explain that sensitive information should only be shared via messengers and only with people they know in real life. You can be a role model and show them good examples of good behavior.
· Spend more time communicating with your kids about online safety measures. Try paying attention to your own habits.
· Make talks about cybersecurity more enjoyable and interesting by discussing them with your child through games and other entertaining formats.
Kaspersky is a global cybersecurity and digital privacy company founded in 1997. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help 240,000 corporate clients protect what matters most to them. Learn more at usa.kaspersky.com.
Sawyer Van Horn