Following the news that the criminals are targeting Reddit users with a drive-by malware attack to empty cryptocurrency wallets (original Reddit thread), Brian Laing, VP at Lastline commented below.
Brian Laing, VP at Lastline:
“Reddit uses very basic authentication measures – just username and password. It was never intended as a place to shield financial access which the introduction of BitCoin repositories has now effectively done. There is no second factor to the authentication steps making even simple, brute force attacks possible. Reddit/Bitcoin Wallet are likely targets for these reasons.
“We have seen many similar hacks dating back some years, but not specific to Reddit per se. As long as hackers continue to see positive results in the Reddit community exploit, we would expect to see this continue.
“Advice to users would be to separate social applications which are not multi-factor protected from any financial access tools and not click on any link sent to you unless you know both who sent it and whether the link is authentic. If the use cannot predetermine both pieces of information without executing the link/file, then discard.”
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.