If someone offered you a chance to hack one of your friends’ Facebook account, would you grab it? If you answered yes, you may have unwittingly set yourself to be hacked as well.
According to Blue Coat Elastica Cloud Threat Labs (BCECTL), cybercriminals are enticing would-be hackers with crimeware-as-a-service (CaaS) by promising hacking privileges but in reality, they are the ones going to be hacked. What happens is the cybercriminals offer CaaS by providing a Google Doc that allegedly contains phishing and hacking tools that the would-be hacker needs to hack their friend’s Facebook account.
The catch is, to access the said tools, one must provide his own Facebook information before he can access the content of the document. All these data are then sent to an attacker-controlled domain. The tool just keeps tricking the would-be hacker to give more information with the pretense that the hacking tool will be provided once all information has been obtained but that never happens. The would-be hacker has become a victim of a social engineering attack without his knowledge.
From there, cybercriminals can then sell the acquired information to the dark web and can be used by more notorious entities to gain access to a user’s other accounts such as cloud services.
"We are living in a world where these social networks have become part and parcel of our lives," BCECTL director Aditya Sood, stated. "Cybercriminals can abuse this information and other tools, and sell that access to users."
Though this may seem like a personal problem, Sood stated that this kind of attack can also affect the enterprise especially now that more businesses are relying on the cloud to store their data, even the company’s sensitive files. If an employee falls for a social engineering attack, then that employee’s credentials can be used to gain access to the company’s sensitive information stored in the cloud.
This type of attack is just one way cybercriminals are exploiting people. Sood emphasized the need for businesses to have cloud security in place to fend off cyberattacks. Of course, making sure you're not going to be a victim of social engineering is a big part of it.
Image source: Pixabay