Cybercriminals have been exploiting the increased popularity in video games during lockdown to launch attacks.
In April 2020, the daily number of blocked attempts to direct Kaspersky users to malicious sites that exploit the gaming theme increased by 54% when compared to January 2020.
In the same month, the number of blocked attempts to direct users to phishing pages for one of the most popular gaming platforms increased by 40% compared to February 2020.
Over the last few months, millions of people around the world were relegated to staying at home, as many countries enforced some form of lockdown measures or movement restrictions. With more people at home and greater amounts of free time on their hands, many turned to available online entertainment, including video games.
Beginning in March 2020, the overall number of Steam users (the most popular online gaming platform, community, and store) increased significantly, with the platform reaching an all-time record for both active users and concurrent users actively playing games by March 30.
Upon noticing this trend, researchers decided to look deeper into the threat landscape of video games during the lockdown period. What they found – not surprisingly – was that cybercriminals have been exploiting the increased interested in video games to launch various attacks.
According to data, there was a significant increase in the daily number of attempts to direct users to malicious sites that exploited the gaming theme, a 54% increase in April when compared to January.
Often, users are lured by promises such as free versions of popular games, updates and extensions, or cheats. However, if users click on these links, a wide variety of malicious programs can be downloaded, from password stealing malware to ransomware and miners, software that secretly mines cryptocurrency from the victim’s computer.
The game most often used by criminals was Minecraft, one of the most popular games ever made. Its name was used in more than 130,000 web attacks. The other most popular games used in attacks were Counter Strike: Global Offensive and The Witcher 3.
According to statistics compared with February, the number of blocked redirects to phishing pages that contained the word “Steam” increased by 40% in April.
“Many of these video game-related attacks are not particularly sophisticated. There is a large user component to their success. The past few months have shown that users are highly susceptible to falling for phishing attacks or clicking on malicious links when it comes to games – whether they’re looking to find pirated versions or eager for a cheat that will help them win,” comments Maria Namestnikova, security expert at Kaspersky.
“Now that many players started using the same machines that they use to enter corporate networks for games, their cautiousness should be doubled: risky actions make not only personal data or money vulnerable but also corporate resources” said Yury Namestnikov a security expert at Kaspersky.
“When working from home, if possible, try to avoid mixing your personal computer with the one you use for accessing corporate network,” concluded Namestnikov.