Following the tragic news that Brazilian Pop star Cristiano Araujo and his girlfriend died in a car accident, security firms began detecting malicious emails promising footage of the accident. However, the website URLs in the email that promised the footage were configured to redirect users to a variant of well-known banking Trojan family.
Capitalizing off of major news isn't a new tactic, the security firm that discovered the malware made a statement,
Symantec advises users to be cautious when it comes to emails crafted around popular news stories such as the one discussed in this blog because they may be malicious. This type of social engineering is not limited to email and users should also be careful on social media sites, as similar tactics can also be used.
This is an example of social engineering. Fans of the pop star and those curious about the story would be more likely to view any content related to the event. In this case, the shock value of viewing actual footage of the wreck offered even further enticement.
This example shows the velocity of modern communication and the rewards for targeted, contextualized packets of information.
Cyber thieves are seeing success by taking a page out of the modern online digital marketing playbook. In particular, this approach is prevalent in malvertising campaigns. Malvertising is the act of manipulating the online ad ecosystem to deliver malware to individuals at scale in a targeted fashion.
The impact can be remarkable; one well-placed ad can appear on some of the world's most popular and influential websites. As long as a website is a participant in the ad ecosystem, it is at risk.
Through targeting and retargeting methods, malicious ads can 'chase' individuals around the web, periodically flashing on websites or mobile apps for seconds at a time, and appearing only to select audiences.
Amazingly, none of this requires any additional work by the cyber criminals. The ad ecosystem is honed for speed, delivery, and accuracy. The entire process from auctioning off available website space, bidding, and delivery happens almost instantly. It doesn't even require human interaction; automated systems that can be exploited are often left in control.
Attacks like those that capitalize off major news stories put individuals in a pickle since natural human tendency is to be curious about events like the death of a beloved pop star. Thanks to the Internet there is rarely any shortage of content on such an incident, and thanks to the targeting and speed of modern communication, content is delivered straight to the user via alerts, emails, text messages, etc..
However, this is a double-edged sword in modern society, and cyber-thieves are well aware of social tendencies. Acquiring the means to steal valuable information, impersonate identities, spread malware, etc. is the easy part. The hard part is creating content that garners enough attention to reach a wider audience.
Fortunately for the cyber thieves, the very technologies used to deliver content are exploitable. There aren't enough security measures in place to put up resistance and many of these mechanisms occur without human involvement.
The technology developed by RiskIQ over the last half decade was purpose-built to help brands see, feel and experience their digital footprints from the outside looking in. In this way brands have visibility into the threats targeting customers, employees, and the company beyond the perimeter.
To learn more about the technology go here: https://www.riskiq.com/how-it-works. For informational resources such as case studies, white papers, and webinars go here: https://www.riskiq.com/resources. And of course always contact us via our website or Twitter: @riskiq with any questions.
The RiskIQ Intelligence Connector for Microsoft Azure Sentinel Is the Context-Rich Force Multiplier Security Teams Need
Digital initiatives have changed the enterprise attack surface and how organizations appear online, both to users and malicious actors. Meanwhile, the threat landscape has evo...