During these trying times, these types of attacks and methods of attack are more directed to COVID-19 world, but the theory is still applicable to the non-COVID-19 world. The driving force of most of the attacks we have seen and will continue to see in the COVID-19 and post-pandemic world will be for economic gain through fraud.
The rapid onset of the COVID-19 pandemic has forced the mass adoption of a remote workforce for business continuity. Businesses have had to make rapid decisions to increase VPN licensing, provide corporate devices for home use to those who would not ordinarily have them and adopt new applications without really assessing risk. Over the past few weeks we have read posts like tips for working at home or risk associated with work-from-home (WFH), but how has it affected the attacker?
This is an interesting question. From what is understood it seems that there may be a degree of moral code under certain Ransomware groups. While most of the groups have pledged not to hit hospitals or pharmaceuticals until the COVID-19 situation improved, however some malware groups are still actively targeting hospital systems to exploit the situation.
The example above is an attack on an industry, but as an attacker, how could I take advantage of the situation as it relates to the average work-from-home user? The current conditions of stay-at-home orders are changing our work and personal life behaviour. These changes in behaviour create an opportunity for adversaries.
We will look at an attacker who is not targeting a specific company or industry but taking more of an opportunistic approach to cast a wide net. Let’s consider two avenues of attack. We’ll talk about social engineering tactics (including phishing) and drive-by malware downloads and how these attacks can be used with changes due to the global pandemic. All of these attacks, both real and hypothetical, can truly impact everyone’s life. What is the impact to your security posture and risk to your business? This is the critical question to ask yourself.
Social engineering attacks, in times of disruption, have been happening since the dawn of time. There are many tools at the disposal of the social engineer. Manipulating the social paradigm shifts in work-from-home situations allows attackers to social engineer people who have let their guard down and accept more risk than normal. With more WFH scenarios, all facets of social engineering need to be defended against.
Fraud and disinformation campaigns are happening at an increased pace to take advantage of the global pandemic. The tools which social engineers use are varied to include phishing, vishing and smishing.
Phishing – Luring Those Who Are Vulnerable
Here is an example of an attack using phishing and/or potential waterhole attack that could be.
There a lot of non-technical folks communicating over Zoom. During Zoom meetings and virtual happy hours users are changing their backgrounds to lighten the mood. This is an opportunity for an attacker. An attacker can easily create a website that promises and maybe even includes downloadable Zoom backgrounds while delivering malware at the same time.
Another example of COVID-19 changing our behaviour is in the amount of home delivery orders being placed. These delivery orders have become a necessity as of late and e-commerce and e-delivery companies have mentioned that the increased demand can impact the timeliness of the delivery. This creates a big opportunity for an attacker. There is a higher degree of probability that users who receive phishing emails regarding their delivery packages being delayed, would actually have open orders. This would increase the likeliness a user will click the link.
These are just two phishing examples of how attackers take advantage in the change in behaviour that has come with COVID-19. Many other phishing scenarios are becoming more prevalent and more damaging, and with the pandemic situation rapidly changing there will be more hypothetical information to phish against, and there will be new techniques, tactics and procedures for more advanced phishing campaigns.
Vishing – The Voice of the Social Engineer
There is an increase of this type of social engineering in the COVID-19 world. With the ready availability of burner apps and the ease to spoof caller IDs, these types of social engineering attacks are easy to execute and are unfortunately highly successful, depending on the demographic of the victim. The main objectives are fraud and identity theft.
Smishing – These Messages Stink!
Smishing, or SMS phishing, is on the rise and are one of the easy ways to entice vulnerable victims. Attackers are sending SMS messages for members of society to pre-emptively receive stimulus as shown below
Additionally, fake COVID-19 smishing is occurring where the intended victim has been in contact with someone who is infected as shown above. This is especially dangerous as the Government and agencies are ramping up contact tracing as an important part of restoration to a normal society.