Russia/Ukraine Related Phishing is a Tsunami of Risk

March 17, 2022

Security experts have long expected there to be a significant digital component to modern warfare, and they were right, even if it’s not quite what they were expecting. But while hacking and other strategic cyberatttacks were thankfully not as damaging as it was thought that they might be, something else has stepped up to help nation-state threat actors get the job done, helping them conduct everything from infrastructure attacks to disinformation campaigns: phishing

AI is the secret weapon you’re looking for to boost business email security. SEE WHY>>

Times of Trouble Bring Out the Bottom Feeders

Phishing has historically tended to skyrocket during times of trouble. The global pandemic offers a telling example of that with phishing spiking by more than 600% at the beginning of 2020, and new surges of phishing attacks following in the wake of every COVID-19 variant. Pandemic phishing hasn’t gone away even as COVID-19 loosens its grip on some areas of the world. A fresh wave based on the Omicron variant just made the rounds, and cybercriminals show no signs of abandoning the topic anytime soon. 

The Russia-Ukraine conflict has been a goldmine for ghoulish cybercriminals who are acting quickly to capitalize on the tragedy. But they’re facing plenty of competition from nation-state threat actors, who have waded into the fray with phishing efforts in many directions in the hopes of dealing a critical blow to their adversary. Of course, Russia is the reigning monarch of nation-state cyber activity – 58% of all nation-state attacks in the last year were launched by Russian nation-state actors according to the 2021 Microsoft Digital Defense Report.  

See how to avoid cybercriminal sharks in Phishing 101. DOWNLOAD IT>>

Be Alert for These Phishing Attacks

Ukraine Charity Phishing Scams 

Unfortunately, heartless people will try to make someone’s loss their gain during tragedies.  Researchers have noticed a major spike in phishing emails that attempt to use the conflict as bait to hook in unwary but generous folks.

Keep these risks in mind: 

Please don’t let the fact that there are bad actors exploiting this tragedy put you off from helping the millions of Ukrainian victims of Russian aggression. The US Federal Trade Commission (FTC) has guidance available for spotting fake charities. Here are a few legitimate charities to consider. 

  • World Central Kitchen has been on the ground since the beginning, feeding people still under siege inside Ukraine as well as refugees at border crossings. Donate here>> 
  • Polish Humanitarian Action is providing baby supplies, hygiene products and food to refugees who have fled across the Polish border. Donate here>> 
  • Fight for Right is working to help evacuate people with disabilities and critical medical needs who have been unable to escape the conflict. Donate here>> 

Learn the secret to ransomware defense in Cracking the RANSOMWARE Code. GET BOOK>>

Website Malware & Ransomware Traps

Fake charity websites rife with ransomware are popping up at warp speed. MSN reported that researchers had discovered a handful of sites decked out in trappings like Ukraine’s colors and war or refugee images that solicit donations but are actually scams.  

Business Phishing Threats 

Of course, beware of malicious attachments purporting to share things like war photos, maps, and in one scam, information about US companies that are still doing business in Russia. Of course, the only thing these attachments have to offer is malware including ransomware.   

  • Analysts warn of a scheme that uses a Microsoft sign-in theme. In the bogus email, users are warned that there have been unauthorized log in attempts on the recipient’s account, and the location of those attempts was listed as “Russia/Moscow”.  The user is urged to update their login info, giving the bad guys their credentials.   
  • Another Ukraine email phishing scam discovered in the wild targets organizations in the manufacturing sector for malware using a .zip attachment named “REQ Supplier Survey”. The attackers ask recipients to fill out a survey concerning their backup plans in response to the war in Ukraine. When the target proceeds to open the attached survey, the malicious payload is downloaded and deployed from a Discord link immediately. This attack aims to infect recipients with two well-known remote access Trojans – Agent Tesla and Remcos.   

See how to avoid cybercriminal sharks in Phishing 101. DOWNLOAD IT>>

Russia & Its Allies Are Involved in Bold Disinformation & Phishing Campaigns 

This conflict has made it clear just how nation-state threat actors can weaponize phishing quickly and creatively. Russian advanced persistent threat (APT) groups and allied cybercrime organizations acting in concert with them have not relented as the ground war grinds on. 

See 10 reasons why Graphus is better than other email security solutions. SEE THE LIST>>

Nation-State Phishing Danger is Escalating 

Nation-state cyber threats are something that organizations in every sector will have to be prepared to deal with long term. As the world becomes increasingly interconnected and cloud-driven, threat actors will have more reason and more opportunity to strike targets that fall well outside their prior theaters of operation. The bad guys are getting better at pulling off successful operations as well. Russian nation-state actors are increasingly effective, jumping from a 21% successful compromise rate in 2020 to a 32% rate in 2021 – and every increase in that percentage is a loss for public and private sector organizations around the world.  

Learn the secret to ransomware defense in Cracking the RANSOMWARE Code. GET BOOK>>

Protect Your Organization from Phishing Immediately (and Affordably) 

Stop phishing immediately with Graphus – the most simple, automated and affordable phishing defense available today. When you choose AI-powered, automated email security, your business gains an array of strong defenses against phishing that stop today’s nastiest phishing threats cold. Graphus’ AI technology refines your protection daily to ensure that your business is protected against tomorrow’s phishing threats too.   

  • You’ll gain a powerful guardian that protects your business from some of today’s nastiest threats like spear-phishing, business email compromise, ransomware and other horrors that will fit perfectly into your IT budget.   
  • Plus, automated security is up to 40% more effective at spotting and stopping malicious messages like phishing emails than a SEG or conventional security.    
  • Get detailed, actionable threat intelligence with the Graphus Threat Intelligence add-on, featuring detailed reports on the malicious or compromised IP and email addresses, URLs, and attachment hashes used in cyberattacks that target your users.   
  • Click here to watch a video demo of Graphus now. 

Stay safe from even the most sophisticated cyberattacks and social engineering scams

Put the powerful TrustGraph® AI of Graphus to work for your business, and in minutes you’ll get a powerful, easy-to-use, and customizable EmployeeShield® against phishing attacks.
Get a Demo of Graphus