With attacks on WhatsApp users on the rise, Rafe Pilling, Senior Security Researcher, Secureworks, explains to the readers of Security MEA the type of attacks being seen and how users can protect themselves.
Tell us about cybercrime targeting WhatsApp users.
Cybercrime today often involves an element of social engineering and this is what we are seeing in recent WhatsApp scams. Hackers will masquerade as something or someone, to get information, entice someone to click on a link, run a macro or pay a fake invoice.
The challenge with WhatsApp, is that users will appear to receive a message or image from someone in their address book, without realising the account has been hacked. As the message appears to be from someone the victim knows, it is likely that they won’t pay as much attention to the small details and will give away sensitive information or open a malicious document.
How can users avoid this type of attack?
Social engineering attacks often manipulate users and play on feigned relationships and ties to establish trust, all with the aim of encouraging users to share information or click on links and attachments. Technology can of course help to identify and block an incoming piece of malware as well as malicious outbound activity – however in cases like this it really comes down to user awareness and security training.
When we receive any request for information online it is important to take extra precautions and ensure the message is legitimate, even if at first it appears to be from someone you know. Furthermore, be alert to odd requests such as someone asking you to provide: a password, scan a QR code, disclose an authentication code, or send money or crypto-currency to them online, as it is a serious red flag.
What can users do if they think their account has been compromised?
WhatsApp provides clear guidance for recovery at https://faq.whatsapp.com/general/account-and-profile/stolen-accounts/. If your account has been hijacked, someone can impersonate you but should not be able to read past messages. Recovering and securing your account will involve signing into WhatsApp with your phone number and verifying your number using a code that WhatsApp sends you via SMS. Never share this code with anyone. Go on and configure two-step verification on your account to provide enhanced protection. Notify friends and family that your account was hijacked and check if any unusual messages or requests were received.
If WhatsApp messages have been compromised due to malware on your handset a complete wipe and recovery of the device may be necessary. Be careful about what apps and data you restore as you don’t want to reinstall the malware to your device.
Can security solutions protect users?
Privacy, identity, and authenticity are major themes both now and in the future. Social engineering is not only targeting WhatsApp and poses a threat to individuals, but threat actors are also exploiting employees and the businesses they work for.
By using expertise, cyber threat intelligence, and purpose-built technologies, organisations can implement a robust strategy to prepare for and respond to these types of attack. In addition, organisations can strengthen their defences by tuning their processes and tools for the remote workforce.
How effective is the “re-set factory settings” option?
If there is one thing for certain, it is that malware and cyberattacks have become more sophisticated over time. A factory re-set is a commonly used measure of last resort to get rid of malware, but it is not a magic bullet. Sophisticated malware can hide in firmware memory, or in the recovery partition, allowing it to survive a factory re-set. A virus may also be lurking in the user’s back-up files or in another device that they use, such as a USB stick or memory card, and could easily re-infect the device when the user reinstalls their data or apps.