An adware campaign working, via Facebook messenger, is using targeted notes and URLs to trick Facebook users into clicking through to an installation screen for adware.
Alan Levine, an IT Security Veteran and Security Advisor to Wombat Security Technologies commented below.
Alan Levine, Security Advisor at Wombat Security:
Why are criminals targeting this?
Cyber hackers may have multiple aims, but a consistent key objective is to compromise as many end user devices as possible. Under an attacker’s control, these compromised devices represent significant value because they can then be deployed as a digital army for a variety of malicious purposes.
What can organisations do to defend or mitigate such attacks?
There is no instant powder for cyber defense; one can’t just add water to address the issue. Cyber defense is complicated, expensive, intrusive, and ultimately incomplete and vulnerable. But organisations can take a relatively simple, cost effective step to seriously mitigate cyber risk. Cyber security awareness training sensitises an organisation’s workforce to be on alert, to be aware, and to be ready to respond in the right way when confronted with cyber threats.
What can users do to protect themselves?
First and foremost, although it wouldn’t be a popular choice, users of Facebook Messenger can protect themselves by taking a break, patiently waiting until Facebook’s security team addresses the malware, secures the Messenger vector, and eradicates the threat. Most users won’t take a break, however. Facebook — and Messenger in particular — have become inherent factors, or features, of our digital lives. Given that cyber threats targeting these social media platforms are endemic, the best way for users to protect themselves is to be trained to be suspicious, to apply care, and to think before they react to a message or click on a link. Cyber awareness training programs educate end users, and educated end users are more likely to do the right thing and less likely to be victimised by this kind of cyber-attack.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.