Russia/Ukraine Related Phishing is a Tsunami of Risk
Security experts have long expected there to be a significant digital component to modern warfare, and they were right, even if it’s not quite what they were expecting. But while hacking and other strategic cyberatttacks were thankfully not as damaging as it was thought that they might be, something else has stepped up to help nation-state threat actors get the job done, helping them conduct everything from infrastructure attacks to disinformation campaigns: phishing.
AI is the secret weapon you’re looking for to boost business email security. SEE WHY>>
Times of Trouble Bring Out the Bottom Feeders
Phishing has historically tended to skyrocket during times of trouble. The global pandemic offers a telling example of that with phishing spiking by more than 600% at the beginning of 2020, and new surges of phishing attacks following in the wake of every COVID-19 variant. Pandemic phishing hasn’t gone away even as COVID-19 loosens its grip on some areas of the world. A fresh wave based on the Omicron variant just made the rounds, and cybercriminals show no signs of abandoning the topic anytime soon.
The Russia-Ukraine conflict has been a goldmine for ghoulish cybercriminals who are acting quickly to capitalize on the tragedy. But they’re facing plenty of competition from nation-state threat actors, who have waded into the fray with phishing efforts in many directions in the hopes of dealing a critical blow to their adversary. Of course, Russia is the reigning monarch of nation-state cyber activity – 58% of all nation-state attacks in the last year were launched by Russian nation-state actors according to the 2021 Microsoft Digital Defense Report.
See how to avoid cybercriminal sharks in Phishing 101. DOWNLOAD IT>>
Be Alert for These Phishing Attacks
Ukraine Charity Phishing Scams
Unfortunately, heartless people will try to make someone’s loss their gain during tragedies. Researchers have noticed a major spike in phishing emails that attempt to use the conflict as bait to hook in unwary but generous folks.
Keep these risks in mind:
- Messages tugging on people’s heartstrings, asking for aid for specific populations like orphaned children or homeless pets. These messages can be generic but it’s also quite possible that tailored messages like these are part of a sophisticated spear phishing effort. It’s not hard for bad actors to find out what their target is interested in from their social media accounts to up the chance that they’ll successfully get the victim to take the bait.
- Spoofing is endemic. Sophisticated phishing emails loaded with legitimate-looking formatting like the Ukrainian flag and fancy logos abound. Some of these messages are framed as legitimate communications from humanitarian organizations like The United Nations Children’s Fund (UNICEF). Others claim to be from more vague senders like Help for Ukraine.
Please don’t let the fact that there are bad actors exploiting this tragedy put you off from helping the millions of Ukrainian victims of Russian aggression. The US Federal Trade Commission (FTC) has guidance available for spotting fake charities. Here are a few legitimate charities to consider.
- World Central Kitchen has been on the ground since the beginning, feeding people still under siege inside Ukraine as well as refugees at border crossings. Donate here>>
- Polish Humanitarian Action is providing baby supplies, hygiene products and food to refugees who have fled across the Polish border. Donate here>>
- Fight for Right is working to help evacuate people with disabilities and critical medical needs who have been unable to escape the conflict. Donate here>>
Learn the secret to ransomware defense in Cracking the RANSOMWARE Code. GET BOOK>>
Website Malware & Ransomware Traps
Fake charity websites rife with ransomware are popping up at warp speed. MSN reported that researchers had discovered a handful of sites decked out in trappings like Ukraine’s colors and war or refugee images that solicit donations but are actually scams.
Business Phishing Threats
Of course, beware of malicious attachments purporting to share things like war photos, maps, and in one scam, information about US companies that are still doing business in Russia. Of course, the only thing these attachments have to offer is malware including ransomware.
- Analysts warn of a scheme that uses a Microsoft sign-in theme. In the bogus email, users are warned that there have been unauthorized log in attempts on the recipient’s account, and the location of those attempts was listed as “Russia/Moscow”. The user is urged to update their login info, giving the bad guys their credentials.
- Another Ukraine email phishing scam discovered in the wild targets organizations in the manufacturing sector for malware using a .zip attachment named “REQ Supplier Survey”. The attackers ask recipients to fill out a survey concerning their backup plans in response to the war in Ukraine. When the target proceeds to open the attached survey, the malicious payload is downloaded and deployed from a Discord link immediately. This attack aims to infect recipients with two well-known remote access Trojans – Agent Tesla and Remcos.
See how to avoid cybercriminal sharks in Phishing 101. DOWNLOAD IT>>
Russia & Its Allies Are Involved in Bold Disinformation & Phishing Campaigns
This conflict has made it clear just how nation-state threat actors can weaponize phishing quickly and creatively. Russian advanced persistent threat (APT) groups and allied cybercrime organizations acting in concert with them have not relented as the ground war grinds on.
- According to reports from a number of outlets, Google’s Threat Analysis Group (TAG) says that a Belarusian hacking group known as Ghostwriter is behind a recent flood of attacks, conducted with the aim of snatching up credentials of Ukrainian government officials and members of the Polish military.
- The same group, Ghostwriter is thought to be responsible for email misinformation campaigns in neighboring countries in the time leading up to the Russian invasion of Ukraine and after, many of them critical of NATO.
- Ghostwriter is also behind a flurry of phishing attacks on webmail users from providers in the region including i.ua, meta.ua, rambler.ru, ukr.net, wp.pl and yandex.ru.
- Threat Post reports that Google TAG has blocked a number of domains recently associated with nation-state phishing efforts including [.]secure-ua[.]website, i[.]ua-passport[.]top, login[.]creditals-email[.]space, post[.]mil-gov[.]space and verify[.]rambler-profile[.]site.
- The Washington Post reports that Fancy Bear, a nation-state cybercriminal group known to be associated with Russia’s GRU military intelligence unit, launched several large phishing campaigns against users of Ukr.net, a Ukrainian media organization.
- Microsoft has detailed a number of what it describes as “opportunistic phishing campaigns” or sophisticated spear phishing campaigns related to Ukraine.
- Facebook (or Meta) announced that it had uncovered attempts to spread disinformation and phish Ukrainian targets on its platform. Twitter and Google have removed accounts involved in the campaigns. Ghostwriter is the group suspected of being behind those efforts.
- A disinformation campaign reported by NPR involved a network of about 40 accounts, pages and groups on Facebook and Instagram that were known to be operated by Russia or Russian sympathizers in Ukraine. In that effort, the perpetrators used fake personas, including computer-generated profile pictures, to masquerade as independent news outlets and spread false information about the war, like claims that Ukraine is a failed state.
See 10 reasons why Graphus is better than other email security solutions. SEE THE LIST>>
Nation-State Phishing Danger is Escalating
Nation-state cyber threats are something that organizations in every sector will have to be prepared to deal with long term. As the world becomes increasingly interconnected and cloud-driven, threat actors will have more reason and more opportunity to strike targets that fall well outside their prior theaters of operation. The bad guys are getting better at pulling off successful operations as well. Russian nation-state actors are increasingly effective, jumping from a 21% successful compromise rate in 2020 to a 32% rate in 2021 – and every increase in that percentage is a loss for public and private sector organizations around the world.
Learn the secret to ransomware defense in Cracking the RANSOMWARE Code. GET BOOK>>
Protect Your Organization from Phishing Immediately (and Affordably)
Stop phishing immediately with Graphus – the most simple, automated and affordable phishing defense available today. When you choose AI-powered, automated email security, your business gains an array of strong defenses against phishing that stop today’s nastiest phishing threats cold. Graphus’ AI technology refines your protection daily to ensure that your business is protected against tomorrow’s phishing threats too.
- You’ll gain a powerful guardian that protects your business from some of today’s nastiest threats like spear-phishing, business email compromise, ransomware and other horrors that will fit perfectly into your IT budget.
- Plus, automated security is up to 40% more effective at spotting and stopping malicious messages like phishing emails than a SEG or conventional security.
- Get detailed, actionable threat intelligence with the Graphus Threat Intelligence add-on, featuring detailed reports on the malicious or compromised IP and email addresses, URLs, and attachment hashes used in cyberattacks that target your users.
- Click here to watch a video demo of Graphus now.
