close
close

first Drop

Com TW NOw News 2024

How phishing attacks quickly adapt to take advantage of current events
news

How phishing attacks quickly adapt to take advantage of current events

How phishing attacks quickly adapt to take advantage of current events

According to research from Egress, a whopping 94 percent of businesses will experience phishing attacks in 2023, a 40 percent increase from the previous year.

What’s behind the rise in phishing? One popular answer is AI – specifically generative AI, which has made it trivially easier for threat actors to create content they can use in phishing campaigns, such as malicious emails and, in more advanced cases, deepfake videos. Additionally, AI can help write the malware that threat actors often plant on victims’ computers and servers as part of phishing campaigns.

Phishing as a Service, or PhaaS, is another development sometimes cited to explain why phishing threats are at an all-time high. By allowing malicious parties to hire skilled attackers to carry out phishing campaigns for them, PhaaS makes it easy for anyone with a grudge – or a desire to steal some money from unsuspecting victims – to launch phishing attacks.

Phishing has become agile

To truly understand what’s driving the rise in phishing, we need to analyze how malicious actors are using AI and PhaaS to operate in new ways, particularly by responding more quickly to changing events.

In the past, it was difficult for threat actors to take advantage of unexpected events to launch impactful campaigns due to the time and effort required to manually create phishing content (as opposed to using generative AI). Similarly, groups looking to target an organization with phishing often had no quick and easy way to launch an attack without PhaaS solutions. However, recent developments suggest that this is changing.

View the trending phishing and impersonation TTPs in The Phishing & Impersonation Protection Handbook

Phishing attacks targeting evolving events

Phishing has a habit of latching onto current world events to capitalize on the excitement or fear surrounding these events. This is especially true when it comes to evolving events, such as the CrowdStrike “Blue Screen of Death” (BSOD).

Phishing in the aftermath of the CrowdStrike BSOD

CrowdStrike, the cybersecurity provider, released a buggy update on July 19 that caused Windows computers to boot incorrectly and users encountered the infamous Blue Screen of Death (BSOD).

CrowdStrike resolved the issue relatively quickly, but not before threat actors began launching phishing campaigns designed to take advantage of individuals and companies seeking a fix for the outage. Within the first day of the CrowdStrike incident, Cyberint detected 17 related typo-squatting domains. At least two of these domains copied and shared Crowdstrike’s workaround in what was apparently an attempt to solicit donations via PayPal. By following the breadcrumbs, Cyberint traced the donation page to a software engineer named Aliaksandr Skuratovich, who also posted the website on his LinkedIn page.

Phishing attacks

Attempts to profit by collecting donations for a solution that originated elsewhere were among the milder attempts to profit from the CrowdStrike incident. Other typosquatted domains claimed to offer a solution (available for free via CrowdStrike) in exchange for payments of up to €1,000. The domains were taken offline, but not before organizations fell victim to them. Cyberint’s analysis shows that the crypto wallet associated with the scheme raised around €10,000.

Phishing attacks

Phishing attacks in response to planned events

When it comes to planned events, attacks tend to be more diverse and detailed. Threat actors have more time to prepare than in the wake of unexpected events like the CrowdStrike outage.

Phishing at the Olympic Games

Phishing attacks related to the 2024 Paris Olympics also showed that cybercriminals can run more effective campaigns by linking them to current events.

An example of an attack in this category is the phishing email discovered by Cyberint, which claimed that recipients had won tickets to the Games and that in order to collect the tickets, they would have to make a small payment to cover the delivery costs.

Phishing attacks

However, when recipients entered their financial information to pay the fee, the attackers could pose as victims and make purchases through their accounts.

In another example of Olympic phishing, cybercriminals registered a professional-looking website in March 2024 claiming to sell tickets. In reality, it was a scam.

Phishing attacks

Although the site was not that old and therefore did not have much authority based on its history, it still ranked high in Google search results, making it more likely that people who wanted to buy Olympic tickets online would fall into the trap.

Phishing and football

Similar attacks took place during the UEFA Euro 2024 football championship. Specifically, the criminals launched fraudulent mobile apps that posed as UEFA, the sports governing body organising the event. Since the apps used the organisation’s official name and logo, it was likely easy for some people to assume they were legitimate.

Phishing attacks

It’s worth noting that these apps weren’t hosted on the app stores run by Apple or Google, which typically detect and remove malicious apps (though there’s no guarantee they’ll do so quickly enough to prevent abuse). They were available through unregulated third-party app stores, making them somewhat harder for consumers to find. However, most mobile devices wouldn’t have controls in place to block the apps if a user went to a third-party app store and attempted to download malicious software.

Phishing and recurring events

Even when it comes to recurring events, phishers know how to abuse situations to launch powerful attacks.

For example, during the holiday season, there is a lot of gift card fraud, non-payment scams, and fake order slips, as well as phishing scams that try to lure victims into applying for fake seasonal jobs in an attempt to collect their personal information.

The holiday season creates a perfect storm for phishing due to the rise of online shopping, attractive deals and a flood of promotional emails. Scammers exploit these factors, leading to significant financial and reputational damage for businesses.

When it comes to phishing, timing is everything

Unfortunately, AI and PhaaS have made phishing easier and we can expect malicious actors to continue using such strategies.

See The Phishing & Impersonation Protection Handbook for strategies that businesses and individuals can implement.

However, companies can anticipate peaks in attacks in response to specific developments or (in the case of recurring phishing campaigns) certain times of the year and take measures to limit the risk.

For example, they can teach employees and consumers to be extra careful when responding to content related to a current event.

While AI and PhaaS have made phishing easier, businesses and individuals can still defend themselves against these threats. By understanding the tactics threat actors use and implementing effective security measures, the risk of falling victim to phishing attacks can be reduced.