Using global events as lures for malicious activity.

The CyberWire


At this point. I think i can even say it rounds up to have been doing this twenty years and we see different and new mauer campaigns every week right there's always someone doing something new tweaking something finding a new way to do it but in doing so there are certain patterns that are always habitually followed. And really when you look at it. Probably the most effective one is bad guys trying to find a way to use current events as lures and i know that sounds really open ended and people think we'll how could that possibly help me and that's kind of the reason we wrote. This blog was to not only highlight what we're seeing but to help people understand what could be used in the future right so you know if we sit back right now and take a high level look over the next six months you know. We see a lot of social issues. The play we see an election coming up. We see the typical holiday shopping season. And then after that we started seeing tax season in the us. I would expect our campaigns target each and every one of those in order and potentially a couple of overlapping right. Yeah it's interesting to me that that One of the things you highlight here is that there are the ones that sort of run on the calendar. You know the tried and true every holiday season. We're going to have stuff every tax season. We're gonna have stuff but then In addition to that you know we've got things like covid. Nineteen we've got things like black lives matter these things that are top of mind and also emotional Hot points for a lot of people absolutely and you touched right on the thing that they're trying to exploit right. They want you to hear this topic. They want you to read this topic. See it in your emotion kicks in when people are thinking with emotion. They don't necessarily have the same thought that say an email would go through right And so by putting in these emotionally charged topics. They're trying to find someone who's going. Good impulsively click on it and potentially get exploited without really thinking through like hey with. Would steve really send me a link on this black friday sale for patio cushions. Right for zebra. Steve feels strongly about patio cushions. Right yeah you know but but anything like that anything that might be coming up. They will try and the reality is one percent work. So ninety nine percent of people are gonna cds and see right through them right they're gonna see the email with misspellings they're going to see. Oh it's a word doc. I know not to open that or it's a pdf. They're looking for that one percent that will so for every single one you see. Think about the people that you know in your life that are the least technical and then think about them at their worst possible moment right. Maybe they just saw a piece of news. That was incredibly inflammatory. Maybe they just had a relative or someone they care deeply about diagnosed with covid nineteen right. All of these scenarios are going to influence the way that they click and the speed that the click. And that's really unfortunately what the bad guys prey upon. Yeah you know it's also Interesting to me. How short circuits that. The the rational thinking part of a people's brains As you say and Tricks them into acting in a way that they probably wouldn't if they were in a better state of mind right and you know. Unfortunately we see this over and over again. There are regional specific versions. You know we see a lot of stuff in asia. That's very specific days. It's even been localized and the right languages. That would make sense to the people in the regions. It's got you know social context that are specific to the region. And so you know it's it's a business now. It's not someone trying to get lucky. It's not someone saying. I'm going to really nail that one person no there. They know they're getting one percent but the thing is to send out you know two hundred thousand. Emails has a cost that approaches zero. Yeah and again. You know as to contrast that against some of the other things that we've seen and i know you know you and your team track things like some of these ransomware campaigns. We've seen that have become highly targeted or you know some of these business. Email compromise campaigns that are really specific and who thereafter We still have these sort of You know spray and pray campaigns that are running these massive numbers games

Coming up next