Hackers went after high-profile social media accounts belonging to celebrities and famous brands. They tricked them into clicking zero-click exploit sent through private messages, to take control of the accounts. Kaspersky has some useful tips.
The recent report on hackers targeted celebrities on social media with the full impact of the hacking attempt is still being investigated has raised considerable cybersecurity concerns, although the social media company has indicated that only small number of accounts were compromised.
According to Social Media Statistics for Malaysia Report, there are 28.68 million social media user identities in Malaysia, about 83.1% of the Malaysia’s population. The most recent cyber hack is not new, as the Malaysia internet regulator has also initiated investigation on 50 million accounts affected in a security breach by hackers some years ago.
“This incident highlights the ever-present threat of social engineering attacks on popular social media platforms. Hackers sent private messages to the targeted social media accounts, with the intention to take over the accounts. By clicking on deceptive private messages, account owners would risk compromising login credentials and granting hackers unauthorized access to the accounts,” says Yeo Siang Tiong, General Manager of Southeast Asia at Kaspersky.
Kaspersky expert revealed that the popular social media security issue stems from a zero-click exploit used by illicit groups, without having the user to click a malicious link, but rather just open the direct message in the social media for the malware to trigger.
While the social media company is working on halting the attacks, Kaspersky expert shared that the zero-click exploits are very difficult to stop and decipher. However, there are some things the social media users can do to try to reduce some of the risk:
- Use strong and unique passwords. The weakest link is often the entry point to the platform, which is the password. This should be unique and not one that you re-use on multiple social media platforms. If you struggle to come up with a unique password, consider using a password manager to generate a unique and strong password.
- Two-factor authentication. While many people choose to use SMS or email as the source of the second verification, Kaspersky recommend using an authenticator app.
- People you do not know, do not click to read the direct message. There is no reason for you to assume that you should click on any link sent from people you do not know. It may be a goal to chase the influencer wagon and make fast cash, if something sounds too good to be true, it probably is.
- Talk to your kids on basic safety on social media networks.
Kaspersky expert also has developed a detailed guide on security and privacy setup on social media. Also use the Privacy Checker to configure both the privacy and security of other social media networks.