Recently, there has been a spade of reports in Reddit's /r/cybersecurity of a "new" attack that relies on users being unaware of how their computer works, and tricked into executing a malicous script, by describing the attack as a CAPTCHA challenge.
CAPTCHA stands for "completely automated Public Turing test to tell computers and Humans Apart". It's those picture tests where you need to answer certain question, such as "pick out the tiles in a segmented picture that contains a bus" or "which pictures has a motorcycle in it?" But later the term was genericized to mean any sort of "are you human" challenge test designed to weed out the automated scripts.
The fake version asks the user to press Windows-R on their keyboard, followed by Control-V, to prove they're human.
EDIT: The attack has been highlighted by KrebsOnSecurity and named "ClickFix" attack.
If you didn't recognize these keystrokes, Windows-R (Win-R) brings up the Windows Run box, where you are supposed to enter a program to run. And Control-V (Ctrl-V) pastes what's in the clipboard into the whatever you have open.
In other words, you just ran something, but you have no idea what.
That is indeed... VERY bad. Because you basically just gave away control of your PC to the bad guys. And who knows what they'll do with it, probably download malware to your PC, steal all your accounts, and more.
Given that 99% of the users will NEVER need to touch the Run box, you should disable it ASAP, esp. if you have computers being used by users who can be tricked into running this (very young, or very old)
To disable the Windows Run box, please follow this article:
https://www.auslogics.com/en/articles/enable-or-disable-run-command-winr-box/
There are ways around it, but if you trained your users well (call me if you run into any errors you don't understand), you can stop them from trying to further compromise their PC. This is basically a barrier that says "are you sure what you're doing? Call me before you continue..." instead of blindly follow some malicious instructions.
No comments:
Post a Comment