How Cybercriminals Use Breaking News for Phishing Attacks

How Cybercriminals Use Breaking News for Phishing Attacks

Trustwave SpiderLabs issued a warning that threat actors may attempt to take advantage of CrowdStrike's software update that caused widespread outages by using the news as the center of a social engineering scheme to convince people to open malicious phishing emails or fall for other types of attacks.

Using this news cycle is nothing new. Cybercriminals often attempt to exploit hot topics dominating the news cycles where they use the news to tempt targets into clicking on a malicious link or offering up vital information.

Chad Sweet, Co-Founder and CEO of The Chertoff Group, whose affiliate The MC² Security Fund acquired Trustwave earlier this year, said on MSNBC, "Unfortunately. we're already seeing reports that bad actors are exploiting this moment, taking advantage of CrowdStrike customers."

Additionally, Trustwave CISO Kory Daniels shared, "The recent CrowdStrike outage underscores a growing concern: the potential for widespread disasters, either natural or digital, to serve as catalysts for criminal activity. When systems fail and chaos ensues, it creates ideal conditions for criminals to prey on the unique opportunity. History has shown us that these moments of disruption are often accompanied by a surge in criminal behavior. It's essential to recognize that the digital landscape, like the physical world, is susceptible to unforeseen events, and we must be prepared to defend against criminal acts that may follow."

This has happened with the Ukraine-Russia conflict, tax preparation periods, and even the Olympics as attackers exploit headlines to their advantage. This is done by crafting sophisticated social engineering attacks that pique a person's interest through general curiosity, need, or fear.

How such an Attack is Planned

Cybercriminals are masters of manipulation. They understand that news events evoke strong emotions such as fear, curiosity, anger, or even excitement. These emotions can cloud our judgment and make us more susceptible to falling for their tricks.

When looking at the current CrowdStrike situation, threat actors have several options, but all depend upon their targets, not only knowing what is going on but most likely being directly involved on some level.

Here's how they build their social engineering scheme:

• Creating a Sense of Urgency: News often involves time-sensitive events. Cybercriminals capitalize on this by creating a false sense of urgency in their attacks.
• Leveraging Trust and Authority: Major news stories often involve reputable organizations or government agencies. Cybercriminals impersonate these entities to gain trust. They might send emails or create fake websites mimicking the official sources, asking for personal information or login credentials.
• Exploiting Curiosity: People are naturally curious about breaking news. Cybercriminals create enticing headlines or subject lines to pique interest, leading victims to click on malicious links or attachments.
• Capitalizing on Fear and Anxiety: During times of crisis, fear and anxiety can run high. Cybercriminals exploit these emotions by spreading misinformation or offering fake solutions. For instance, after a data breach, they might send emails claiming to offer protection services while actually installing malware.

The actual attack will likely focus on phishing attacks: Phishing remains the most common method attackers use to gain access. As we all know, they send emails or text messages that appear to be from legitimate sources related to the news story. These messages often contain malicious links or attachments designed to steal personal information. In this case, likely centered on the CrowdStrike problem.

These emails can be used to gather data, such as credentials or malware, that could give the threat group access to the target's system.

Another method cybercriminals use is to create fake websites mimicking news outlets or organizations involved in the story. These sites often ask for personal information or try to install malware.

Trustwave MailMarshal Protects Against Phishing

The most effective measure against phishing attacks is to stop them before they hit an employee's inbox. Trustwave MailMarshal has decades of development, is easily deployed, and has an incredibly high success rate.

MailMarshal:

• Protects against ransomware attacks, Business Email Compromise (BEC), phishing scams, malware, and Zero-Days
• Zero clients reported ransomware infection in 20+ years
• 99.99% malware and exploit capture rate
• < 0.001% spam false positives
• Layered threat intelligence, powered by telemetry from 5,000+ global MSS/ MDR clients and ML-powered algorithms
• Granular control of internal SMTP traffic
• Decades of leadership in email security supported by Trustwave SpiderLabs elite threat detection security team
• Deploy on-prem or hybrid cloud
• Complements Microsoft 365 and other cloud email.

Top Email Security Best Practices

To safeguard against cybercriminals, organizations must prioritize email security and establish a comprehensive defense strategy to protect this vulnerable attack vector. Here are some essential measures to implement:

• Deploy a robust email security solution: It is crucial for organizations to have a powerful email security solution in place. This solution should offer advanced protection mechanisms to detect and mitigate various email-based threats.
• Enable Multi-Factor Authentication (MFA)/Two-Factor Authentication (2FA): Organizations should enforce MFA/2FA on all accounts wherever possible. This additional layer of security helps invalidate credential-based attacks.
• Conduct regular security training: Providing annual security training refreshers for all employees is essential. This training should cover topics such as phishing awareness and overall security practices. By educating employees about the types of attacks they may encounter, organizations empower them with the knowledge to recognize and respond to threats. Security teams should remind staff members to request a second form of verification and validation before making any changes to bank details or initiating payments over email.
• Implement a Secure Email Gateway (SEG): Organizations should adopt a Secure Email Gateway tailored to their specific needs. This gateway should be optimized to detect and block email threats effectively. Additionally, organizations must establish clear policies on how different file types sent via email will be handled to mitigate risks associated with malicious attachments.

By incorporating these measures into their email security strategy, organizations can significantly enhance their defenses and reduce the risk of falling victim to email-based attacks.