Of all the places on the internet you’d expect to find hackers coordinating their next attack, Britney Spears’ Instagram account isn’t likely to factor high on your list. And yet, the security firm Eset has confirmed that the comments section of the pop star’s Instagram account has been used to spread and control malware. Despite these seemingly innocent associations, the Epic Turla malware attacks have been described by Kaspersky Lab as “one of the most sophisticated ongoing cyber-espionage campaigns.”
It is thought that Turla, as it is more commonly known, is controlled by Russian hackers, and they’ve been using the comments section of Britney Spears’ Instagram account to test their Advanced Persistent Threat (APT) virus. On the surface, the comments look like spam but are actually used to direct infected users to other sites. The virus works by creating a backdoor into a user’s computer and then “phoning home” to the malware’s command and controls servers.
How does Turla malware work?
The comments will often direct users to compromised web pages that will prompt them to install fake Adobe Flash Player or other fake software. From the infected websites found so far, the attacks appear to be targeted at government websites. Once a system is infected, the attacker will receive a summary of the victim so they can decide how to proceed. This might include installing a keylogger on the system or RAR archiver that will allow the attacker to collect more information.
How do I stay safe from Turla malware?
Installing a sophisticated anti-virus software package from a reputable supplier is essential. The only way that your antivirus will stay effective is if you keep it updated, so make sure you don’t put off updating your software for any reason. You should also keep frequently-used third party apps, such as Microsoft Office, updated.
It’s also important to be aware what you are installing on your computer and double check you have the correct version before hitting install. If a browser prompts you to install something, it doesn’t take long to search for the name and install from a trustworthy source.
Be wary of clicking on shortened links generated by websites like bit.ly. If you receive a bit.ly link in an email or on social media, you can put it through a URL expander in order to check where it is taking you.
And finally, this information should be circulated throughout your organisation, as it is important that everyone is aware of the threat and has a basic understanding of how it works. Often, people are the weakest link in an IT security plan and can find ways to circumnavigate anti-malware controls put in place to protect everyone. Educating your workforce is the best way to mitigate the threat of malware to your business.