The cyberattack targeting Oscar-nominated film-fans. Stay informed about this intriguing cybersecurity incident. In a bid to get the latest blockbuster movies, some movie fans are turning to piracy. But, according to researchers at ReasonLabs, they may also be downloading malware.
Cyber crooks are using film nominations to lure unsuspecting users into downloading malicious software. This could be anything from deleting backup files to meddling with boot-up files needed to power up a computer.
Downloading Movies
Many film fans are so eager to watch a hit movie that they don’t mind downloading pirated versions from the dark web. This is a big mistake because the files may be laden with malware, such as Trojans, spyware, infostealers and keyloggers. Security researchers from ReasonLabs have found thousands of these threats inside files that claim to be Oscar nominated movies this year.
The researchers also note that the number of threats increases in proportion to the popularity of the films being targeted. Joker, which is up for the Best Picture award, has attracted the most malware, followed by Judas and the Black Messiah.
Cybercriminals rely on the popularity of movies to trick unsuspecting people into handing over sensitive information or downloading malicious software. They use a wide range of tactics to make their attacks look more convincing and innocuous.
A successful hack can lead to ransomware, in which hackers encrypt proprietary materials remotely and demand payment for their release (like the 2014 Sony Pictures hack). It is possible that some of the stolen data will be leaked, and that can ruin the reputation of a company or a person. This kind of damage can cost millions of dollars to restore.
Phishing Scams
Cyber attackers use phishing to trick victims into carrying out unsafe actions, divulging confidential information or installing malware such as ransomware on their computers. This is accomplished by employing SE techniques such as impersonating trustworthy and reputable sources including financial institutions, government agencies or the victim’s own employer organisation. The attacker also relies on the use of visual cues such as replicating logos to add to the trust factor of the fraudulent email (Mitnick and Simon, 2002). In some cases the attack is so targeted it becomes known as whaling; these attacks are directed at senior executives within a company. Typically, these types of attacks are very sophisticated and require extensive research on the part of criminals. (Moreno-Fernandez et al., 2017).).
Social network groups can also be a target for criminals; this is often the case with groups that encourage users to post uplifting messages of hope such as the popular South African Facebook group #ImStaying.
Malware
Malware is software designed to disrupt a computer or network, leak private information, spy on users, and otherwise wreak havoc. It can come in many forms, including IM worms that spread over popular instant messaging networks like AOL AIM, MSN Messenger and Yahoo Messenger by sending malicious download links to your contacts list. Malware can also come in the form of a mobile app, for example when human rights defenders received SMS text messages inviting them to click on links that would turn their smartphones into digital spy tools.
Researchers at cybersecurity site Reason Labs recently identified a Trojan horse malware in hacked downloads of The Super Mario Bros. Movie, and they say that while the same Trojan has been used in pirated movies before, it may have found its most fruitful audience yet.
Security Tips
With the Oscars just around the corner, movie fans are eager to watch their favorite films. However, they should be careful where they get their movies from. Piracy websites often have booby traps, according to researchers at ReasonLabs. These booby traps can include spyware personal documents stealer, Trojans, and malware. To keep yourself safe, you should only use legal streaming services and reputable download sites. Keeping your Incognito software updated can also help protect you from online threats.
