Man
Professional
- Messages
- 3,077
- Reaction score
- 614
- Points
- 113
Experts highlight a new trend in cyberattacks, where modern malware turns users into accomplices. A Gazinformservice expert talks about how hackers attack through video hosting sites and how to protect against modern attacks.
Gen Digital's Q3 Security Threat Survey found the threat landscape is rapidly becoming more complex, with key trends including an increase in social engineering attacks, an increase in ransomware, and the development of new malware types targeting both desktop and mobile devices.
The report notes a type of attack called “hack yourself,” which increased 614% in the third quarter compared to the previous quarter. This approach uses social engineering to trick users into performing actions that infect devices. Examples include fake CAPTCHAs that actually infect systems with malicious scripts.
Attacks are often spread through fake YouTube tutorials, fake browser updates, and software patch instructions.
"Many organizations have open access to various video hosting sites, as they often contain useful information that allows employees to improve their knowledge and skills. However, attackers can also find profit here by recording a specially malicious video under the guise of a "help yourself" training video. If an employee operates on a work computer that is not protected, he can harm not only himself and his workplace, but also the entire corporate network. To prevent such situations, it is necessary to use high-quality domestic software packages aimed at ensuring the information security of the IT infrastructure. For example, Efros DefOps allows both centralized control of user access and vulnerability analysis. In this case, even if an employee falls for the attacker's tricks, the vulnerability will be detected and localized in time," says Ksenia Akhrameeva, Ph.D., head of the laboratory for the development and promotion of cybersecurity competencies at Gazinformservice.
Attackers also encourage users to disable antivirus software to avoid detection. Cybercriminals use such campaigns to install infostealers that collect user data, including passwords and financial information.
Source
Gen Digital's Q3 Security Threat Survey found the threat landscape is rapidly becoming more complex, with key trends including an increase in social engineering attacks, an increase in ransomware, and the development of new malware types targeting both desktop and mobile devices.
The report notes a type of attack called “hack yourself,” which increased 614% in the third quarter compared to the previous quarter. This approach uses social engineering to trick users into performing actions that infect devices. Examples include fake CAPTCHAs that actually infect systems with malicious scripts.
Attacks are often spread through fake YouTube tutorials, fake browser updates, and software patch instructions.
"Many organizations have open access to various video hosting sites, as they often contain useful information that allows employees to improve their knowledge and skills. However, attackers can also find profit here by recording a specially malicious video under the guise of a "help yourself" training video. If an employee operates on a work computer that is not protected, he can harm not only himself and his workplace, but also the entire corporate network. To prevent such situations, it is necessary to use high-quality domestic software packages aimed at ensuring the information security of the IT infrastructure. For example, Efros DefOps allows both centralized control of user access and vulnerability analysis. In this case, even if an employee falls for the attacker's tricks, the vulnerability will be detected and localized in time," says Ksenia Akhrameeva, Ph.D., head of the laboratory for the development and promotion of cybersecurity competencies at Gazinformservice.
Attackers also encourage users to disable antivirus software to avoid detection. Cybercriminals use such campaigns to install infostealers that collect user data, including passwords and financial information.
Source
