Global interest in the war in Ukraine becomes a convenient and effective news event for cybercriminals to exploit.
Since the invasion of Ukraine, we have seen a variety of emails used as decoys to take advantage of the situation and convince recipients to take some action that will ultimately benefit the attacker. Although this activity has gradually increased since the end of February, it still represents a small part of the overall spam program. Cisco Talos expects this activity to continue to increase as this conflict continues.
Some emails sent include spam messages requesting bitcoins or posing as a Bitcoin marketplace (Marketplace) and as a Bitcoin transaction wallet.
Likewise, Talos, Cisco’s cybersecurity intelligence unit, has observed the distribution of malware campaigns that try to take advantage of the public interest in Ukraine.
Global interest in the war in Ukraine becomes a convenient and effective news event for cybercriminals to exploit. Cisco Talos saw the same kind of activity when the pandemic started and is now seeing it in Ukraine. Criminals, especially cybercriminals, are opportunists. If a certain item used as a lure is going to increase the chances of a potential victim falling into their trap, they are going to use it.
We expect this type of behavior to continue and likely to increase in the coming days and weeks. As this conflict progresses, an increasing number of cybercriminals will try to exploit it. We have already seen a large number of scams in addition to the delivery of malware through traditional means such as email. This particular conflict is unique in that a cyber army of Ukrainian sympathizers believe they are carrying out attacks against Russian entities using software they do not understand and that when they receive it they are infected
Organizations need to be working to detect this type of activity in their environment. While there may be protection to prevent these malware attacks from occurring, the risk of fraud is significant and can be difficult to block, especially in the case of maliciously used corporate email (BEC), where email accounts trustworthy ones send messages with malicious files. One way to deal with it is to address it on your own telemetry, if applicable, and try to locate threats as they occur. We recommend creating a list of words to actively search for, making sure to include both Ukrainian and Russian Cyrillic versions as these are also being widely targeted by cybercriminals.
diarioti.com
Eddie is an Australian news reporter with over 9 years in the industry and has published on Forbes and tech crunch.