Countermeasures: ClickFix attacks often bypass many security tools because the approach relies on user interaction. Training users to recognize suspicious prompts and avoid copying and running code from untrusted sources is a critical first step in defending against the growing threat.Tightening up technical controls such as endpoint protection, web filtering, and email security technologies to block access to known malicious sites and attachments can further mitigate attacks. Incident response planning also needs to be improved. Tightening up organizational PowerShell policies is another way to combat the threat.ESET told CSO: “Users should also remain vigilant whenever anyone is offering ‘one-click’ or ‘copy-and-paste’ fixes to unknown issues. In corporate environments, endpoint detection and response (EDR) tools can flag anomalous PowerShell usage, especially on machines that rarely need it, and thus improve visibility into and protection against such attacks.”
First seen on csoonline.com
Jump to article: www.csoonline.com/article/4016208/sixfold-surge-of-clickfix-attacks-threatens-corporate-defenses.html
