Brazil lives from a virtual attack epidemic – 25.10.2020 – Ronaldo Lemos

The Covid-19 crisis required a process of digital transformation, and another problem grew as well. There is a real epidemic of virtual attacks including platforms like Whatsapp and Instagram.

One reason for this is the increasing use of digital platforms. During the pandemic, Whatsapp had a 40% increase in usage, according to the Kantar consulting firm. In some markets like Spain, usage has increased by 76%.

Among users aged 18 to 34, the use of Facebook and Instagram increased by 40%.

With more time online at home and without the protection that corporate networks generally have for office workers, the attack surface has increased significantly. Because of this, it is very possible that you have someone you know who hacked your WhatsApp account in the past few days.

The way this attack takes place varies. One of the methods takes advantage of a bug in Whatsapp Web and sends a wrong contact to the user. To solve this type of attack, the action is simple: update your WhatsApp application immediately.

Another type of attack uses what is known as “social engineering,” the famous human error. From an already hacked WhatsApp or Facebook account, or via SMS messages sent to the person’s number, the attacker pretends to be a friend who needs help. He says he’s having trouble getting a code on his phone and asks for help sending the code to him.

From there, he asks Whatsapp to send a verification code to the victim who thinks he is talking to a person he trusts and eventually forwards the code. The attacker uses the code to gain access to the victim’s account.

From there, it will analyze the most frequent contacts of this account and send scam messages asking for money or trying to open more hacked accounts. It’s a very rudimentary attack method, but it was effective.

Another similar attack occurred on Instagram, targeting verified accounts (the blue seal). Several celebrities in Brazil have fallen victim to this scam in the past few weeks.

The attacker used a verified hacked account to rename it to Instagram Support. From there, it sends a verified or unverified message to other accounts stating that it is offering or renewing the blue seal and sends a link with information for the user to fill out. Since the hacker has a blue seal, he convinces people to send him. He then uses this information to take over the victim’s account.

The lessons from these cases are useful. Always activate the second authentication factor in all your accounts first. If you have a third factor (like the PIN number in WhatsApp) trigger it too. In addition, it should be remembered that there is not yet a massive identity verification system on the Internet. So you can hardly trust anything.

Also, be careful if someone text you with a blue seal or verified account.


It no longer worried about cybersecurity

It is already a general data protection law that sets out information security obligations

There is already an epidemic of attacks and the need for individuals and businesses to prepare

Leave a Reply

Your email address will not be published. Required fields are marked *