New cyber attack warning: confirming you are not a robot can be dangerous

The Ukrainian Computer Emergency Response Team has issued a new security warning after discovering a cyberattack campaign carried out by the APT28 threat group, also known as Fancy Bear. This group is believed, with a high degree of confidence, to be affiliated with Russian military intelligence operations. Here’s what we know so far and what you should keep in mind if you think you might be at risk of being attacked.

CERT-UA’s APT28 Fancy Bear Cyber ​​Attack Campaign Warning

The warning of the Ukrainian CERT, number CERT-UA#11689was published on October 25 and, courtesy of the language translation tools on the Google page, detailed an ongoing investigation into a phishing campaign using emails containing a database table and a link displaying what appears to be a Google reCAPTCHA bot detection dialog.

ForbesNew Gmail security warning as hackers strike in 10 secondsBy David Winder

The frequency of these anti-bot CAPTCHA tools has dropped considerably for most users, largely due to the large number of browser extensions that help defeat them and applications like iOS that use the server-based automatic verification system. Apple to avoid the need to complete them yourself. However, it is not entirely unexpected for one to appear and, something the Fancy Bear threat group is banking on, it is certainly not something that would arouse suspicion in the user. If anything, the opposite is true: the use of such an anti-bot defense tends to suggest a reliable rather than dangerous outcome.

In the case of this cyberattack campaign, CERT-UA said that checking the box that requests confirmation in response to the question “I am not a robot” will initiate a malicious PowerShell command statement in the user’s clipboard.

Mitigate the risk of being a victim of CAPTCHA cyberattack

Okay, so the most important point to note here is that the cyberattack campaign in question appears to be primarily targeting local government workers in Ukraine. That immediately filters out a lot of the concerns everyone else might have. Most importantly, however, that doesn’t mean other threat actors won’t use the same techniques now that the methodology is available and apparently fools some victims. Therefore, it is still necessary to be aware of the threat and how to mitigate it.

ForbesNSA tells iPhone and Android users: restart your device nowBy David Winder

Which brings me to the second important point here: the cyberattack is initiated by clicking a link (don’t do that), which causes the I’m not a robot dialog to appear in the first place. If you reach this stage of such an attack, then further interaction is required to execute the campaign payload: the PowerShell command triggers a script that instructs the user to follow a series of additional steps.

These include: pressing a combination of Win+R to open the command prompt, pressing a combination of Win+V to paste the malware payload execution instructions, and finally the need to press Enter to run it and install the malware. There are many steps that require a lot of trust on the part of the user. Don’t be so trusting. Period. Ask yourself: when have I been asked to do something like this before? I would bet my house that the answer to that, for 99.9% of people is, eh, never. So why start now? With cyber attack campaigns, especially those that involve AI-powered phishing techniquesIt’s easy to forget that most still rely on the old tricks. Stay alert, don’t let job pressures or knee-jerk reactions cause you to take unnecessary risks, and you can keep even state-sponsored hackers at bay.

ForbesGoogle adds nudity filter, scam blocker and more for 1 billion message usersBy David Winder