Five Recommendations for Protection Against Advanced Hacking Attacks The first I ever heard of the WhatsApp mobile messaging app was a couple of months ago, when a friend told me she had downloaded it. Two days later, I began getting messages in my inbox telling me that I had voicemail on WhatsApp. Obviously it was […]
Five Recommendations for Protection Against Advanced Hacking Attacks
The first I ever heard of the WhatsApp mobile messaging app was a couple of months ago, when a friend told me she had downloaded it. Two days later, I began getting messages in my inbox telling me that I had voicemail on WhatsApp. Obviously it was spam, since I didn’t have that app installed on any of my devices, but it was an odd coincidence. I warned my friend about the spam, which was loaded with malware. She thanked me profusely; she was using her phone for BYOD purposes as well as personal, and you can imagine the problems that could have ensued.
As if the malware spam wasn’t enough for WhatsApp’s reputation, the site was one of several sites—including several antivirus software sites—to be hit with a DNS attack this week. As Grayson Milbourne, security intelligence director at Webroot, explained to me in an email:
AVG and a number of other antivirus vendors, [as well as WhatsApp] were using Network Solutions as their domain name registrar. The group responsible used a social engineering technique, sending a fraudulent password reset notification to Network Solutions, which was accepted. The attack granted the group access to the company’s secure database, where they were able to change the IP addresses for a number of antivirus companies.
Milbourne went on to say that the way the attack happened showed it was an act of hacktivism—the website was simply sent to a different site and the servers weren’t hacked. He added:
This could have been far more damaging if a cybercrime group wanted to spread malware.
These types of attacks can be avoided in a couple of ways. First, Milbourne suggests using multi-layer authentication so that accounts can’t be hacked. He also said that registrar companies should take the extra step of verifying changes of their customers’ websites. H.D. Moore, chief research officer at Rapid7, also pointed out that a registry lock on these domains would have prevented the attack.
What these attacks show is the damage that can be done to a brand with lax security in place. WhatsApp was an app I heard about through word of mouth, but since then, my primary exposure to this product has been through news of malware and DNS attacks. Upon hearing this negative publicity, most people would think twice before they would want to use the app or visit the website. As I’ve said before, bad security can definitely damage your name and your company’s brand.
Sue Poremba is freelance writer based on Central PA. She's been writing about cybersecurity and technology trends since 2008.
The go-to resource for IT professionals from all corners of the tech world looking for cutting edge technology solutions that solve their unique business challenges. We aim to help these professionals grow their knowledge base and authority in their field with the top news and trends in the technology space.
Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.
