New Social Media Phishing Campaigns Pose Hacking Threat, Hikvision Senior Director of Cybersecurity Overviews the Threat and Provides Cybersecurity Tips
Honoring National Cybersecurity Awareness Month (NCSAM), Hikvision Covers Cybersecurity Trends and Tips to Stay Safe Throughout October
In today’s blog, Hikvision Senior Director of Cybersecurity Chuck Davis will break down the details of new social media phishing campaigns that pose a hacking threat. And, he’ll introduce a newly unveiled threat-hunting tool designed to help you get ahead of security concerns.
In honor of National Cybersecurity Awareness Month (NCSAM), Hikvision is covering cybersecurity trends and tips to stay safe throughout October, and beyond. Visit the HikWire cybersecurity blogs section of our website for more.
The first phishing attack method is a fake verification scam that lures the victim into sharing their User ID and password with the attacker in exchange for the promise of verified status.
The second social media phishing attack is a fake copyright violation warning that threatens the victim with suspending their social media account unless they log into a certain webpage to dispute the copyright infringement claim.
An overview of the threats from the BleepingComputer story: “Scammers are targeting your social network accounts with phishing emails that pretend to be copyright violations or promises of a shiny 'blue checkmark' next to your name. With social networks such as Twitter, Facebook, Instagram, and TikTok becoming a significant component in people's lives, attackers target them for malicious purposes. These stolen accounts are then used for disinformation campaigns, cryptocurrency scams like the recent Twitter hacks, or sold on underground markets.”
In both cases, the attackers are harvesting login credentials to take over social media accounts and will likely use them in credential stuffing attacks on other accounts.
If you realize that you have fallen for one of these attacks, immediately change your social media password and add multi-factor authentication (MFA) to your account.
Introducing A New Threat-Hunting Tool
This week the Electronic Frontier Foundation (EFF) Threat Lab released a new, open source Linux tool called YARA.
From the foundation’s announcement: “At the EFF Threat Lab we spend a lot of time hunting for malware that targets vulnerable populations, but we also spend time trying to classify malware samples that we have come across. One of the tools we use for this is YARA. YARA is described as ‘The Pattern Matching Swiss Knife for Malware Researchers.’”
Put simply, YARA is a program that lets you create descriptions of malware (YARA rules) and scan files or processes to see if they match. The EFF Threat Lab introduced YAYA, or “Yet Another YARA Automation,” its tool to manage YARA rules and scans. YAYA is a free, open source tool available to the public.
Remember, for more Hikvision tips to prevent hacks and stay safe from security concerns, check out this link: HikWire Cyber Blogs.