In our connected society, there are a number of applications leveraged on a daily basis to complete activities and stay in touch. However, not all of these programs are protected from the cybersecurity threats that are becoming more sophisticated. WhatsApp was a recent victim of a hacking attack that put at risk up to 200 million users of the organization's Web-based service. This event highlights the risks users take when using Web-based services and the importance of taking the proper precautions to ensure that their data and devices are fully protected.
Looking into WhatsApp's breach
WhatsApp has become a popular messaging service, especially after it was bought by Facebook, and is most utilized by individuals ages 18 to 34. As Experian pointed out, these users are often tech-savvy and looking for ways to communicate without the traditional associated costs. Altogether, WhatsApp boasts about 900 million active users across its platforms, 200 million of which leverage its Web-based version.
With such a large installed base, it is likely that WhatsApp was also being widely used by people at work. The hack was relatively simple and perpetrated by sending vCards – electronic contact cards – containing malicious code to WhatsApp users, ITV reported. If the hacking attack were successful on a work computer, that company would be at risk of losing sensitive company and customer data. The challenge for companies is to detect these kinds of breaches before they become front page news.
This hacking attack was easily detectable since malicious code distributed bots, remote access tools and ransomware to the person's device. This activity would have generated network activity that would appear as suspicious to a SIEM application. But having a SIEM application is not enough. The alerts generated must be diligently assessed and analyzed to ensure that security offenses are identified and resolved. So companies may have seen alerts from WhatsApp users but failed to take action to resolve the security breach.
A repeat offense
This isn't the first time that WhatsApp services contained a significant vulnerability. Earlier this year, Dutch developer Maikel Zweerink released a software kit enabling anyone to determine when WhatsApp users were online, even if their profiles were set to "private", the International Business Times reported. This was obviously a massive breach of privacy for users of the application, but was submitted as a proof of concept rather than a malicious act, aimed at showing that WhatsApp was broken.
If this vulnerability and the vCard hack were placed together, there would be critical security risks for users and their devices. Although both events were handled quickly, the potential for disaster in both situations is a major concern.
Invest in Managed SIEM
Businesses must ensure that their systems and products are always secure, and investing in security information and event management services can help them achieve these goals. Managed SIEM will not only identify any unusual and unauthorized behavior, but it can also provide inspiration for solutions to mitigate the damage and ensure that critical systems and data remain protected. These tools could mitigate critical vulnerabilities like the vCard hack before they become even larger problems for users and the company. This capability will give businesses more peace of mind and help organizations improve their security footprint for the long term.
Cybersecurity news and analysis brought to you by Arctic Wolf, leading provider of managed SIEM.