Current Event of the Week in the Cyber Security World!

 

In the recent weeks, several YouTube channels have been hijacked. Most of these hijacks happened within the cars review and the vehicle tune - up communities. Some victims of these attacks include: Built, Troy Sowers, MaxtChekVids, PURE Function and Musafir. Although the main source, this was not the community under attack. These hacks have caused an uproar on social media throughout the Twitter and YouTube Support Forum.

sdfv

                                                                               image: ZDNet

Currently, YouTube is doing their best to handle this situation as this is not their first incident. 

The accounts being hacked were results of a coordinated attacks which lure users with messages to phishing websites which logged their credentials.

Users had received individual emails, while others received email chains. The Hackers bypassed 2FA (Two Factor Authentication.) It is said they used a reverse proxy-based phishing toolkit that can intercept 2FA SMS codes.

ZDnet has followed up with YouTube staff and have a general idea of the attack chain used below:

 

dca

 

                                                                               image: ZDNet

 

Many of the hijacked sites have a traffic surge of hackers selling the accounts to the highest bidder. YouTube must regain ownership of these compromised accounts and in turn place ownership back with the original owners.

ZDNet also spoke with a hacker named Askamani, active on OGUsers, an internet forum known for trafficking access to hacked accounts.

Askamani said that the campaign that targeted members of the YouTube car community has all the signs of "regular business."

Later Askamani states that someone must’ve hacked a social media influencer database.

 

sd

 

                                                                              image: ZDNet

 

Remember to stay safe on social media platforms! Only include the information that is necessary.  

Designated as a Center for Academic Excellence in Information Systems Security Education by the US National Security Agency, UAT offers an ethical hacking degree that’s highly recognized by industry and government entities alike.

 

Resources: 

Catalin Cimpanu. (n.d.). Retrieved from https://www.zdnet.com/meet-the-team/u/catalin.cimpanu/

Cimpanu, C. (2019, September 23). Massive wave of account hijacks hits YouTube creators. Retrieved from https://www.zdnet.com/article/massive-wave-of-account-hijacks-hits-youtube-creators/

Technology News, Analysis, Comments and Product Reviews for IT Professionals. (n.d.). Retrieved from https://www.zdnet.com/

 

 

 

Posted on Sep 25, 2019 10:32:00 AM by Marcos Xochihua in Hacking, in cybersecurity, in phishing schemes

Marcos Xochihua

Written by Marcos Xochihua

Marcos Xochihua is a Network Security major and Student Ambassador at University of Advancing Technology (UAT)

   

Email me when there is a new post.

I'd like more information about UAT

Lists by Topic

see all

Recent Posts

Posts by Topic

see all

Posts by Author

see all