GUEST OPINION by Patrick Tiquet, VP of Security and Compliance, Keeper Security: The recent malware attacks leveraging direct messages on TikTok can have potentially severe consequences. Social media giant TikTok had reported a security breach this week, compromising multiple high-profile accounts, including Paris Hilton, CNN, and Sony. The malware was transmitted via direct messages, and have the ability to remove access from the original owners. At the moment, the nature of attack and mitigation measures by TikTok remains unclear. "Users’ personal and financial information are at risk, accounts may be compromised and malware can continue to spread, leading to identity theft and significant reputational damage for celebrities, brands and even everyday users of the platform. If the malware gains control of users' devices, the potential for cyber crimes escalates dramatically. "Anyone can be a victim of a hack. While celebrities and other high-profile individuals are targeted for their status, cybercriminals often target low-hanging fruit en masse. The path of least resistance consists of easily guessed passwords, weak or non-existent Multi-Factor Authentication (MFA) and social engineering schemes that use phishing and malicious links. "Phishing can be launched through any medium, using urgency and fear to prompt immediate action. Ensuring that URLs match the authentic website is key. A password manager can automatically identify when a site’s URL doesn't match what’s in the password vault, providing critical protection against phishing scams. "These high-profile breaches highlight the critical need for enhanced security by both the platform and its users. Users should avoid clicking unknown links and ensure they are using strong, unique passwords on every online account. We recommend passwords of at least 16 characters, using a random combination of numbers, uppercase and lowercase letters and symbols. "Besides using strong passwords, MFA provides an additional layer of security that can help prevent most breaches. If a cybercriminal successfully guesses your username and password, MFA requires a second form of authentication to log in. If you receive an MFA notification without attempting to log in, decline access and promptly update your credentials. A secure password manager can help create, store, fill and manage your passwords and MFA options." "It can alert you in real-time if your credentials or private information appear on the dark web. The dark web contains over 20 billion stolen usernames and passwords from public data breaches, which cybercriminals buy and sell to execute attacks. "Being able to take swift action to protect your identity and online accounts is crucial, and dark web monitoring allows users to change their credentials immediately, preventing potential breaches."

文章来源：itwire

TKFFF公众号

扫码关注领【TK运营地图】