While the concept of humans being the weakest link in cybersecurity is undeniable, it is not always YOU or your employees that are that weakest link. Often, it’s your family or your employees’ families. The mother-in-law who uses your personal or work email to sign you up for a special deal. The grandfather who passes along your contact information to help you reconnect with an old school pal. The significant other who overshares on social media. The friend who wants to help you land a great job. Or worst of all, the child who likes to play video games and watches YouTube.
It’s no secret that children and the elderly are often targeted in cyberattacks, primarily due to their lack of awareness and education in cybersecurity safety. One alarming trend in 2024 is the exploitation of popular platforms like YouTube to deceive and steal from unsuspecting users.
While the videos themselves may appear harmless, the real danger lies in the links embedded in descriptions or comments, which can lead to malware downloads or phishing attempts. YouTube has emerged as a hotspot for malicious software such as Vidar, Lumma Stealer, Redline, and Racoon. For more information on StealerLogs and the dangers they pose to your system, as well as how they function, check out our previous blog posts, here and here.
A notable investigation conducted by ProofPoint in April 2024 uncovered multiple compromised YouTube channels. These channels, although appearing legitimate, were used as conduits for distributing malware or collecting sensitive information from viewers.
So, how are these threats specifically targeting children and youth? Cybercriminals often exploit children’s trust and curiosity by embedding malware in content related to popular games or offering seemingly enticing freebies like game upgrades or cracks. Children, eager for new games and unaware of online risks, are more likely to fall victim to these deceptive tactics.
Even if your child’s device does not store personal information directly, it still poses a significant risk if connected to the same network as other devices that do. Malware infiltrated through one device can potentially compromise the entire network, putting all connected devices— including those containing payment information or personal identifying information (PII)— at risk.
Not only can your children compromise your personal network, but they can also inadvertently jeopardize your business or the business you work for. If young children who don’t have their own devices play on your phone and accidentally compromise it or your home network, the consequences can extend to your workplace. Bringing compromised devices to work or accessing corporate networks remotely could unwittingly upload malicious files, endangering sensitive corporate data or infrastructure.
Parents and professionals alike must remain vigilant and educate themselves and their children about cybersecurity best practices. Establishing safe browsing habits, monitoring online activities, blocking click-through links, and restricting unsupervised access to platforms like YouTube can significantly mitigate these risks.
So, remember, the next time you’re out to dinner in that crowded restaurant with a fussy child, YOU can easily become the weakest link in cybersecurity by queuing up that favorite YouTube video and handing your phone over to your child just to entertain them. Your kid’s entertainment could also be the entertainment of threat actor.
Products
Services
Use Cases