San Francisco: YouTube creators, particularly in the auto-tuning and car review community, have become target of a massive wave of account hijacks, a media report said.
###
The account hacks are the result of a coordinated campaign where hackers use phishing emails to lure victims on fake Google login pages from where they collect users’ account credentials, an investigation by ZDNet found.
###
The attacks appear to have affected creators from India as well, as Twitter is flooded with complaints about missing channels from YouTube.
###
“I am a subscriber & also a big fan of his work #Musafirakajoshi and Somebody hacked my brother Rahul joshi’s YouTube channel #Musafirakajoshi @YouTubeIndia Please get in touch with him as soon as possible. @YouTubeIndia And bring his channel back as soon,” wrote one Twitter user.
###
“The recent phishing attacks on YouTube are an escalation of a classic scheme, in which users are lured to fake login pages, where they enter legitimate credentials. Cybercriminals are always looking for the weakest link in the cybersecurity protecting valuable assets; in this case, it was users,” Jonathan Knudsen, Senior Security Strategist at Synopsys Integrity Group
Click Here: New Zealand rugby store###
According to a YouTube video from Life of Palos uploaded over the weekend, hackers were capable of bypassing two-factor authentication on users’ accounts.
###
Hackers targeting YouTubers might have used Modlishka, a reverse proxy-based phishing toolkit that can also intercept 2FA SMS codes, he suggested.
###
The best proactive defence against such attacks is education. With the right knowledge, many fewer users would have fallen victim to these attacks.
###
“While SMS 2-factor authentication is better than no second factor, this incident is still a reminder of its weaknesses which is why NIST stopped recommending its use back in 2016,” said Bill Lummis, Technical Program Manager at HackerOne.
###
“It is important that the industry moves towards newer tools such as time-based One-time Password (TOTP), which recycles numbers every 30-90 seconds on a physical device, or Universal 2nd Factor (U2F), such as Yubikey, given that attacks like this will only become easier to execute over time,” Lummis said.
###
