News

security verification steps

Preventing ClickFix Attacks

We've written and posted about this attack family a few times but it's becoming more prominent lately. For my Mac users, this attack affects you as well, so don't scoff at Windows and scroll away. Attackers have created messaging native to both Windows and Mac.

First, the good news. For most of our clients, the impact is blunted by removing your local administrator rights. You may have been frustrated by this when we did it, but it really is a huge vulnerability. That being said, it just mitigates the threat and doesn't remove it completely. For Mac users, sorry, we can't really do the same for you. Macs think differently (you see what I did there!).

If you've slept since we last wrote about this, you've probably forgotten the specifics. In short, this is an attack where the attacker enlists you directly to have your system for them. They coax you to open up the run dialog or terminal, paste malicious commands, and then run them. They play on the fact that you don't know the ins and outs of your computer and how it works.

They will get you to run any number of things, but mostly they want remote access to your computer. With that, they can steal whatever data they find and use your computer to attack others. Variants of the attack will also capture passwords and secret keys to your cloud environments (e.g., Microsoft 356, Azure, AWS, etc.). When they can run commands, through you, the options are pretty broad and devastating.

How can you reduce your risk? If you are a business, ensure you have revoked all your users' local administrator privileges (and other administrator privileges, if they don't need them). Educate your users specifically on this attack as part of your periodic security awareness training program. If you are a home user, you mostly just need to be aware. You really can't revoke your own admin privileges since you are the owner and manager of that computer. Just be aware and back out of these situations when you find yourself in them.

Review the screenshots in the reference below to get a better idea of what to look for.

Need some help? As always, call us. We can get you squared away for this and so many other threats.

Reference:
https://blog.checkpoint.com/securing-user-and-access/clickfix-the-attack-that-turns-users-into-their-own-attackers/