With over 1.7 billion users, TikTok has become a significant target for cyber criminals. In June, a notable vulnerability within TikTok’s direct messaging (DM) feature was exploited by threat actors. Similar to zero-day exploits, this zero-click attack allowed malicious code to execute as soon as the message was opened, giving attackers total access to the compromised account.

 

The Uniqueness and Concerns of the Attack Methodology

Zero-day and zero-click attacks are increasingly used by cyber criminals, but this incident stands out for several reasons. Unlike many cyber attacks that require users to click a malicious link, this attack triggered malware simply by opening the DM. This method compromised accounts without the user’s active participation. Moreover, the attackers specifically targeted high-profile accounts, including those of CNN and Paris Hilton. This selective approach suggests an intent to spread misinformation through accounts with large followings. The exploitation of such a basic feature as direct messaging highlights the vulnerability of even the most fundamental aspects of social media platforms.

 

Potential Consequences of the Attack

Although TikTok has publicly addressed and fixed the vulnerability, the incident raises concerns about future attacks. The compromised accounts could have been used to spread misinformation, fake news, and propaganda. Additionally, these accounts could send phishing messages to followers, leading to further account takeovers. There’s also a risk that attackers could use personal information from compromised accounts for identity theft.

 

Emerging Attack Methods Used by Adversaries

Cyber criminals continuously evolve their tactics to target individuals and businesses. The TikTok incident is just one example. Adversaries are also increasingly targeting cloud environments due to their widespread adoption. They manipulate AI tools to enhance ransomware campaigns, identify zero-day vulnerabilities, and use generative AI chatbots to exploit vulnerabilities in employees to breach organisational networks.

 

Staying Ahead of New Attack Methodologies

To combat these sophisticated attacks, businesses and individuals must take proactive measures:

  1. Adopt a multi-layered defence strategy: implementing various measures and tactics strengthens system infrastructure and core operations, making it harder for hackers to find weaknesses.

 

  1. Comprehensive training and awareness programs: educating employees about cyber security through webinars, workshops, and simulated cyber-attack scenarios fosters a culture of vigilance.

 

  1. Deploy robust defence technologies: utilising tools like endpoint threat detection and response (EDR) software can detect and respond to abnormalities in daily activities, providing an additional layer of security.

 

As cybercriminals continue to leverage advanced technologies for their attacks, staying informed and prepared is crucial. Businesses must prioritise cybersecurity and implement strong defences to protect against evolving threats.

More news

Sales: 0808 253 6500

Support: 0161 822 2580

Email us

To find out how our technology can transform your business get in touch