New Delhi: The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) collaborated to provide a warning regarding an increasing cyber-threat posed by Russian intelligence organs. The agencies reported that attackers are actively using large-scale phishing attacks on the users of popular commercial messaging apps. The idea is to hack into private accounts without cracking the encryption of the apps.
Officials say thousands of accounts all over the world are already compromised due to the campaign. The targeted people are high-value individuals, including government officials, military administrators, journalists, and political individuals. After intruders enter the accounts, they can read messages, get a contact list, and use the account to proliferate additional phishing attacks, resulting in a chain reaction of breaches.
How the attacks work
There are cyber actors posing as customer support officers of messaging applications. They deliver persuasive messages that cause the users to be wary of a suspicious activity or possible leakage of data. Such messages tend to compel the victim to enter malicious links, scan QR codes, or provide verification codes and PINs.
There are two main tactics. The first one is a linked device abuse where the victims, without knowing, allow attackers to add their own devices to the account. The second is full account takeover; victims provide either login credentials or a two-factor authentication (2FA) code. In each of the examples, the attackers take over without breaking encryption.
Why encryption isn’t enough
The agencies emphasised that messaging applications are secure. Creaking of end-to-end encryption is not being solved. Rather, the attackers are going around security by deceiving the users themselves. This causes phishing to be among the most powerful methods of cyberattack even though it is quite easy.
Having entered an account, the attacker is able to trace the discussions and act as the victim. This enables them to attack a larger number of individuals, making the attack more massive.
Warning signs to watch for
Even in the case when the unexpected message seems to be posted by the trusted sources, the users should be attentive. Messages requiring a verification code, log-ins, and immediate action are significant warnings. Bad grammar, strange tone, or pressurising are also the typical symptoms of phishing.
One should never open suspicious links and attachments. Experts advise one to contact another channel of communication before acting on an unfamiliar request.
Steps to stay protected
The security services advise that users should never provide PINs or 2FA codes unless the request is initiated by him/her. Checking connected devices and participants of group chats regularly can allow them to identify unauthorised access on time.
Two-factor authentication and expiring messages are also security features that a user should be able to enable. Risks can be minimised through the process of updating apps and reporting suspicious activity as soon as possible.
What to do if you’re targeted
In case of suspicion of the phishing attempt, the user should cease interaction at once and report the case. In the U.S., one may report a case to the Internet Crime Complaint Center (IC3) or the police. Internal security teams of organisations should also be alerted.
One of the points that the FBI and CISA stress is that the legitimate support teams will not request you to provide a verification code via a direct message. Any such appeal must be regarded as a counterfeit.