Four Mortal Kombat moves cybercriminals use to attack your security

After a long wait, Mortal Kombat X is finally here. Over the past decade, this fighting video game series has been enjoyed by many generations of gamer. Some of the tricks employed by the characters in the legendary fighting series aren’t a million miles away from those deployed by cybercriminals however…

With security threats increasing all the time, users are in a constant battle to protect their online security – Mortal Kombat style, in fact.

Below, you will see four malicious techniques used by attackers, which would not be out of place in a classical battle between Sub Zero, Kitana, Reptile and their rivals:

Fatality

This is indeed the best-known move to finish off an opponent, available since the very beginning of the series. Many people will certainly feel the adrenaline rush when hearing the famous “Finish Him” (or “Finish Her”, when fighting against a female character) line, providing the chance to execute a fatal finishing move.

Mortal Kombat fans will remember that Shang Tsung’s specialty move is the “Soul Drain”, which involves him stealing his opponent’s soul.

As computer technology has improved, the video above seems pretty unimpressive; nonetheless, it still keeps certain parallels with what goes on in the world of IT security – think about a ransomware infection, the kind of malware that “kidnaps” information and demands the payment of a ransom to restore access to it. We can say that practically in all cases the compromised files are important, private, confidential and valuable.

Isn’t that also the computer’s soul? Of course it is. Therefore, when blocking access to the system’s files, the ransomware is somehow attacking against the system’s own existence… and taking away its innermost and most valuable contents. Just as a dark sorcerer would do.

A piece of advice – the best weapon is prevention. Make sure you have an adequate security solution, are cautious when browsing, and ensure you keep an appropriate security backup schedule to recover essential files in case they are compromised.

Brutality

This final move is a combination of successive punches to finish off the opponent and make him explode! As you’d guess from its name, we can’t help thinking about brute force attacks carried out for password stealing purposes.

These attacks allow cybercriminals to automatically compare a list of credentials from a dictionary with the ones stored in the server, generating massive login authentication attempts until retrieving the correct key, explains Denise Giusto from ESET. These credential dictionaries include widely-used words or common expressions.

With the same discipline, strength and speed used by Kitana in the video below where she destroys her opponent, cybercriminals make numerous password-guesses in a matter of seconds, gaining access to accounts for different platforms and services.

A piece of advice – create a strong and safe password so that no one can guess it – not even someone trying with four arms at the same time.

Good practice is to combine letters and numbers, although in those cases it is important to emphasize on the character-length – it should be longer, as long passwords take longer to break.

Babality

One of the most polemic additions to the Mortal Kombat series was this final move that consisted of turning an opponent into the baby version of themselves. Many complained that it wasn’t gory or violent enough, while others thought it was funny and original.

The truth is that once turned into a baby, the only thing the character who lost the fight can do is cry or have a tantrum, but, in contrast to the cases in which the other techniques are used, he doesn’t die and, at least his body remains in one piece.

When it comes to threats and computer attacks, cybercriminals perform a kind of Babality when using Social Engineering techniques to turn their victims into innocent creatures who fall for different types of scams – malicious links, fake websites, prizes that will never be handed out, profiles run by bots, fraud under the name of legitimate entities, and more.

Why do we still find inattentive users clicking on an attractive ad claiming he has won a prize for being the millionth visitor to the site?

A piece of advice – many of these threats are spread hidden in email attachments, so you should be careful when the email you receive comes from an unknown sender; a good choice is not to enable macros, and scan the mails with a security solution.

It is also worth checking which URL it’s redirecting the advertised link to, because in many cases it is easy to identify a fake or questionable website by looking at its domain. Moreover, do not forget that Social Engineering is based on exploiting topical events; consequently, look out for these topical scams and avoid falling into a trap.

Friendship

Friendship is an act of good will towards the weakened adversary. Instead of killing him, the winning character gives him a gift, dances around or shows some attitude that somehow simulates mercy.

And when it comes to fake friendship, we can’t help thinking about the masters of disguise: the rogue. They are programs that claim to be an antivirus or security solution, usually free of charge, but are actually harmful. The attack starts with striking warning windows indicating the existence of malicious software in the system.

Scared, the victim generally downloads a fake security application that installs malware in the computer.

A piece of advice – once more, you should pay attention so that you can always identify a rogue and, therefore, avoid it. If you use an efficient security solution, you will know that your computer is clean and that the disturbing warning is probably a scam.

As you can see, the fatal techniques used in Mortal Kombat have their parallels in the computer world. Adequate security can ensure you aren’t defeated!

And should you fancy picking up Mortal Kombat X today, it goes without saying you should buy it through the official channels – plenty of malware comes from fake game downloads around the net!

Apply good defensive practices and enjoy the battle! (Only in the video game, of course!)

Author , ESET

Follow us

Copyright © 2016 ESET, All Rights Reserved.