De ja vu-lnerability

Written by:
Hyve
Date Posted:
29 January 2018
Category:
Security

This just in: people are still stupid.

Sketchy links
Scammers are still successfully tricking people into clicking on sketchy links they get sent via Facebook and WhatsApp, which gives them access to the messages, Facebook accounts and emails on their PCs and phones.

I know, right.

The lovely people at EFF have gone and done some research with cybersecurity firm Lookout. It shows that professionals are clicking badly. Army boys, doctors, journos, legal eagles and more.

So, it’s not just divvies doing the clicking on the malware.

The scammers used common but sophisticated phishing antics to nick messages, call recordings, audio recordings, pics and more.

EFF technologist Cooper Quentin said in a statement : “One of the interesting things about this ongoing attack is that it doesn’t require a sophisticated or expensive exploit. Instead, all Dark Caracal needed was application permissions that users themselves granted when they downloaded the apps, not realising that they contained malware.”

Click happy
In this particular used-to-be-secret Dark Caracal op, the criminals used WhatsApp messages and links posted to Facebook groups to fool idiots into clicking. And, as per, when they clicked it would let spy and password grabbing malware onto their phones. In the biz, these attacks are known as waterhole attacks.

Crims work out way. Say a group of activists are hanging out and target that Facebook group that they’re trying to infiltrate and then post links to the malware. When clicked, the links would take them to a fake Facebook log in page, where, obviously, some of the folk would put in their password and username. Game over.

2 factor
What should people do? Well, not click on sketchy links, not put passwords into faecbok.com/login and USE TWO FACTOR!

Here’s my wishes for the week. Take one friend you have and explain to them about two factor and set it up on one of their social accounts. Imagine if everyone did that.

Post in the comments if you helped a friend get more secure. You might win a prize*

*You probably wont win a prize.

No votes yet.
Please wait...

Find out why Safestore adopted Hyve as their hosting provider

Case Studies


Hyve are 100% carbon neutral. We use carbon offsetting to balance out the release of carbon dioxide from our offices and infrastructure.