An email phishing campaign tied to Russian-speaking hackers has been targeting YouTube users. For the protection of consumers, the campaign has been disrupted during the last week of October 2021. This is another example of the phishing tactics being used by rogue elements, designed to fool users of online services.
However, the stopping of the hacking activity has only come after the hackers had used “cookie theft malware” to compromise YouTube accounts and hijack the channels, sell them or use them for broadcasting cryptocurrency scams.
Looking into this nefarious activity is Josh Rickard, Security Solutions Architect at Swimlane.
Rickard starts off his analysis by looking at the nature of the cybersecurity threat: “Phishing attacks are one of the most common forms of cyberattacks leveraged by cybercriminals. It has become all too easy for malevolent actors to create seemingly legitimate email campaigns to trick well-intended employees into providing access to the attacker—and they are highly effective, with 74 percent of attacks in the United States being successful.”
Such tactics are delivering results for many criminal entities, as Rickard finds: “Today, we see the most recent example of how devastating these seemingly simple yet highly effective campaigns can be. In this case, a phishing campaign tied to Russian hackers was able to use “cookie theft malware” to hijack an undisclosed number of YouTube accounts, ultimately selling them for up to $4,000 per channel or using them to broadcast cryptocurrency scams.”
Yet all is not bleak. Rickard says that “while phishing campaigns continue to be ever-commonplace”, there are new protocols in place that can challenge the cyber-threat.
Rickard discusses “evolutions in cybersecurity” which “are making the tools to combat these attacks equally accessible.”
Asa example, Rickard notes: “Security orchestration, automation and response platforms must be implemented in order for organizations to be able to recognize and respond to phishing attempts. Systemwide security automation that centralizes detection, response and investigation efforts into a single platform allows for phishing threat recognition and reaction in real-time, drastically decreasing the chances of hacked or stolen information via malicious campaigns.”
In addition the security expert cites: “Low code security automation makes security implementation increasingly accessible, enabling more teams to help stop phishing campaign attacks in their tracks. With versatile cybersecurity platforms such as these, dangerous threats are kept at bay and valuable data remains protected and in the right hands.”
