The first I ever heard of the WhatsApp mobile messaging app was a couple of months ago, when a friend told me she had downloaded it. Two days later, I began getting messages in my inbox telling me that I had voicemail on WhatsApp. Obviously it was spam, since I didn’t have that app installed on any of my devices, but it was an odd coincidence. I warned my friend about the spam, which was loaded with malware. She thanked me profusely; she was using her phone for BYOD purposes as well as personal, and you can imagine the problems that could have ensued.
As if the malware spam wasn’t enough for WhatsApp’s reputation, the site was one of several sites—including several antivirus software sites—to be hit with a DNS attack this week. As Grayson Milbourne, security intelligence director at Webroot, explained to me in an email:
AVG and a number of other antivirus vendors, [as well as WhatsApp] were using Network Solutions as their domain name registrar. The group responsible used a social engineering technique, sending a fraudulent password reset notification to Network Solutions, which was accepted. The attack granted the group access to the company’s secure database, where they were able to change the IP addresses for a number of antivirus companies.
Milbourne went on to say that the way the attack happened showed it was an act of hacktivism—the website was simply sent to a different site and the servers weren’t hacked. He added:
This could have been far more damaging if a cybercrime group wanted to spread malware.
These types of attacks can be avoided in a couple of ways. First, Milbourne suggests using multi-layer authentication so that accounts can’t be hacked. He also said that registrar companies should take the extra step of verifying changes of their customers’ websites. H.D. Moore, chief research officer at Rapid7, also pointed out that a registry lock on these domains would have prevented the attack.
What these attacks show is the damage that can be done to a brand with lax security in place. WhatsApp was an app I heard about through word of mouth, but since then, my primary exposure to this product has been through news of malware and DNS attacks. Upon hearing this negative publicity, most people would think twice before they would want to use the app or visit the website. As I’ve said before, bad security can definitely damage your name and your company’s brand.