Who can be a victim of a cyber security attack? Anyone.
That’s a lesson security researchers learned the last several months.
Google’s Threat Analysis Group (TAG) identified an attack on security professionals working on vulnerability research and development.
TAG believes a North Korean government-backed entity made the attack. TAG reminded cyber security professionals to remain vigilant online.
How does it work? The attackers established their own fraudulent research blog and Twitter accounts. They used both to build credibility with security researchers. Then the attackers tried to convince researchers to “collaborate.” The attackers then sent a custom malware.
Attackers also loaded malicious code onto computers which visited their blogs.
What can us normal folks learn? Remember that anyone can be a target any time. If cyber security researchers can be tricked, don’t assume you’re ‘too smart’ to fall into a trap. Remember these best practices:
• Be cautious of who you interact with online. Not all have your interests at heart.
• Don’t open suspicious emails or download files you are sent by strangers.
• Be wary of sites you visit. Not all require you to download a file. That’s why it’s important to choose sites to visit and links to click carefully.
Next: More Tech Talk tips.