Skip to content

At The Identity Organisation, we're here to help!

    Your privacy is important to us, and we want to communicate with you in a way which has your consent and which is in line with UK Law on data protection. As a result of a change in UK law on 25th May 2018, by providing us with your personal details you consent to us processing your data in line with current GDPR requirements.

    Here is where you can review our Privacy & GDPR Statement

    To remove consent at any time, please e-mail info@tidorg.com with the word "unsubscribe" as the subject.

    +44 (0) 1628 308038 info@tidorg.com

    “Pastejacking” Attacks Are Becoming a Thing (Because Users are Falling for Them)

    New analysis shows users can be convinced to copy and paste malicious code on behalf of the attacker.

    I first saw this kind of attack earlier this month – where the user is asked to launch the Run dialog box and paste in a malicious command.

    I never thought I’d see something similar again, but I was wrong.

    New analysis of this attack technique now known as “pastejacking” by security vendor Trellix shows that attackers are using variants of this method to get users to assist in the attack. Previously, it was simply pasting a command into the Run dialog box. But in the latest campaign, users are asked to launch Windows PowerShell Terminal and then paste in the contents of the cache.

    This idea needs to stop. No user ever will legitimately receive an email from someone they don’t know and need to do the Windows equivalent of cartwheels to get the document sent to open. 

    And yet, it appears that users are willing to do those proverbial cartwheels – likely because they haven’t been educated through security awareness training that these kinds of emails are a scam and should be avoided at all costs. 

    The very fact the attacker needs the user to do so much work tells us that the good guys are winning.  Putting proper training in place only increases our odds of winning.

    KnowBe4 empowers your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.


    Request A Demo: Security Awareness Training

    New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn’t a one and done deal, continuous training and simulated phishing are both needed to mobilize users as your last line of defense. Request your one-on-one demo of KnowBe4’s security awareness training and simulated phishing platform and see how easy it can be!

    PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser: https://info.knowbe4.com/one-on-one-demo-partners?partnerid=001a000001lWEoJAAW

    Sign Up to the TIO Intel Alerts!

    Back To Top