New Cyber ​​Attack Warning: Confirming You’re Not a Robot Can Be Dangerous

Ukraine’s Computer Emergency Response Team has issued a new security alert after discovering a cyberattack campaign carried out by the APT28 threat group, also known as Fancy Bear. This group is believed with a high degree of confidence to have ties to Russian military intelligence operations. Here’s what we know so far and what to look out for if you think you’re at risk of being targeted.

The APT28 Fancy Bear Cyber ​​Attack Campaign Warns from CERT-UA

The Ukrainian CERT warning, number CERT-UA#11689was published on October 25 and, courtesy of Google’s translation tools on the page, detailed an ongoing investigation into a phishing campaign using emails that contain a database table and a link that delivers what looks like a Google reCAPTCHA bot detection dialog.

ForbesNew Gmail security alert as 10-second hackers strikeBy means of Davey Winder

The frequency of these anti-bot CAPTCHA tools has been significantly reduced for most users, not least due to the sheer number of browser extensions that help them defeat them and iOS versions that use Apple’s server-based automatic verification system to to avoid the need, fill them in yourself. However, it’s still not a completely unexpected event when one appears and, something the Fancy Bear threat group relies on, certainly not something that would raise suspicion among the user. Rather, it is the opposite: using such an anti-bot defense suggests a reliable outcome rather than a dangerous one.

In the case of this cyberattack campaign, CERT-UA said that checking the box asking for confirmation in response to the question “I am not a robot” will initiate a malicious PowerShell command statement on the user’s clipboard.

Reduce the risk of becoming a victim of the CAPTCHA cyber attack

Okay, the main point to be made here is that the cyber attack campaign in question appears to be highly targeted at local government officials in Ukraine. That immediately filters out a lot of the concerns that everyone else might have. Importantly, this does not mean that the same techniques will not be used by other threat actors now that the methodology is available and apparently fooling some victims. Therefore, you still need to be aware of the threat and how to mitigate it.

ForbesNSA tells iPhone and Android users: restart your device nowBy means of Davey Winder

Which brings me to the second important point here: the cyberattack is initiated by clicking a link (don’t do that), which causes the I’m not a robot dialog box to appear in the first place. Getting to this stage of such an attack requires more interaction to execute the campaign payload: the PowerShell command triggers a script that instructs the user to take some further steps.

These include: pressing a Win+R combination to open the Command Prompt, pressing a Win+V combination to paste the instruction for running the malware payload, and finally the need to press Enter to actually execute it and install the malware itself. That’s a lot of steps that require a lot of trust from the user. Don’t be so reliable. Period. Ask yourself: When have I ever been asked to do something like this before? I bet the answer to that for 99.9% of people is: eh, never. So why start now? In cyber attack campaigns, especially when it comes to cyber attacks AI-enabled phishing techniquesit’s easy to forget that most still rely on old-fashioned trickery. Stay alert, don’t let workload or knee-jerk reactions drive you to take unnecessary risks, and you can even keep state-sponsored hackers at bay.

ForbesGoogle adds nude filter, scam blocker and more for 1 billion messaging usersBy means of Davey Winder