The UK’s National Cyber Security Centre (NCSC) has warned about an increase in targeted attacks against individuals using messaging apps including WhatsApp, Facebook Messenger and Signal.
The alert, issued on March 31, warned that the NCSC and its international partners have seen “growing malicious activity from Russia-based actors using messaging apps to target high-risk individuals.”
High-risk individuals are those whose work or public status means they have access to, or influence over, sensitive information that could be of interest to threat actors.
This includes people working in government and politics, academia, journalism and the legal profession. These people could also have access to other high-risk or high-profile individuals, access which could be exploited by an attacker who has successfully compromised their messaging apps or other online accounts.
Along with attacks attributed to hacking groups linked to the Russian Federal Security Service (FSB), the NCSC also noted that it has previously disclosed similar activity by China state-affiliated group APT31, as well as hackers linked to Iran's Islamic Revolutionary Guard Corps (IRGC).
The Dutch intelligence service has also recently issued a warning over Russian hackers targeting WhatsApp and Signal accounts.
Techniques employed by attackers to target messaging apps include sending malicious links and QR codes to steal account details or install malware, tricking users into sharing login credentials or account recovery codes, joining group chats without being detected or impersonating known contacts of the user to employ social engineering attacks.
The NCSC warned that “anyone can be the victim of social engineering” – but the agency has also issued advice on how to help avoid falling victim.
Some of the key actions which people can take to help secure themselves against cyber threats targeting messaging applications include:
- Not sharing sensitive information via messaging apps
- Using corporately provided messaging services and devices for work communications where available and abiding by your organization’s policies
- Not sharing verification codes or scanning unexpected QR codes
- Enabling multi-factor authentication (MFA)
- Regularly checking for linked devices in settings, reviewing group members and removing or verifying any participants you do not recognize independently
Andy Ward, senior VP at Absolute Security, commented: “Messaging apps like WhatsApp are now embedded in both our personal and professional lives, which is why it also makes them a prime target. Individuals with confidential and sensitive data are the forefront of a cybercriminal’s target.”
“In order to stay protected, organizations and government alike must be monitoring devices and applications to prevent incoming threats as well as helping to recover when the inevitable attack happens,” he added.