Your organization’s leadership is 12 times more likely to be the target of a security incident and nine times more likely to be the target of a data breach than they were last year. Find out how they can be protected.
Read the Datasheet
Gift Cardsharks: The Massive Threat Campaigns Circling Beneath the Surface
Learn about the attack group primarily targeting gift card retailers and the monetization techniques they use.
Get the Report
Threat Hunting Workshop Series
Join one of our security threat hunting workshops to get hands-on experience investigating and remediating threats.
Attend an Upcoming Workshop
Inside Magecart: New RiskIQ & Flashpoint Research Report
Learn about the groups and criminal underworld behind the front-page breaches.
Threat Hunting Guide: 3 Must-Haves for the Effective Modern Threat Hunter
The threat hunting landscape is constantly evolving. Learn the techniques, tactics, and tools needed to become a highly-effective threat hunter.
Global epidemics spread cybercrime as well. Cybercriminals will likely use the global anxiety over the coronavirus to execute ransomware attacks via social engineering.
Cybercriminals have been hugely successful using disasters and global anxiety over virus outbreaks to execute malware attacks via social engineering. Eventually, these types of infections almost always give way to ransomware.
Ebola, Zika, SARs—over the years, actors leveraging pandemics have developed a distinct pattern with the only significant difference being improvements to attack tools. They execute layered attack campaigns, first with phishing and social engineering to infect users with malware, then taking over the entire system with ransomware or other forms of malware. With the novel coronavirus now a top concern worldwide, that pattern is continuing.
The latest intelligence brief by the RiskIQ i3 threat intelligence group* assesses that these attacks will focus primarily on large corporations, which rely on markets and supply chains originating in China and other coronavirus-affected regions. Personnel at these organizations have heightened interest in news and developments related to the virus, potentially making them more susceptible to social engineering that tricks them into clicking on malicious links.
The briefing assesses there are two possible methods of attack, both the result of phishing campaigns. The first involves the AZORult malware, which researchers witnessed was the basis for a phishing campaign targeting members of the shipping industry in January of this year. On at least three different occasions since 2018, however, attackers have used AZORult to deploy ransomware.
The second phishing campaign relies on the Emotet Trojan. Victims in Japan have received emails claiming to contain important information about the coronavirus, but clicking on the link activates Emotet. In September 2019, criminals partnered Emotet with TrikBot and Ryuk ransomware to take over an organization’s network, a scenario that could play out similarly over the coming weeks and months.
Secondary targets could include health organizations involved in tracking the spread, finding a cure, or providing associated public service functions. Targets of opportunity could consist of any institution or individual seeking general information about the spread and impact of the virus.
Company executives, mid-level managers, administrators of local governments, and, healthcare professionals all have a vested interest in following the latest developments around the spread of coronavirus. It only takes one tired or overworked individual to click on what they believe is a legitimate alert or update, so all personnel should be mindful of danger.
The following are guidelines and steps organizations should take to protect their attack surface:
Download the brief for extensive analysis of past ransomware attacks during global epidemics, current phishing campaigns leveraging the coronavirus, and what is likely to develop as the situation evolves.
*RiskIQ’s Incident Investigation and Intelligence (i3) team is comprised of trained intelligence analysts, targeters, and operators.
RiskIQ is the leader in attack surface management. We help organizations discover, understand, and mitigate exposures across all digital channels.
Enrich @Splunk security with attacker-facing asset discovery. Build reports, dashboards, identify vulnerabilities, and enable proactive attack surface management. Learn more and get the app! https://bit.ly/38wV3rm
Security in Google Play is improving, but bad actors can still place mobile apps there. In 2019, RiskIQ detected 25,647 blacklisted apps in the Google Play Store.
'Joker' Android Malware Pulls Another Trick to Land on Google's Play Store http://ow.ly/xniR50AuqJ6 by @jaivijayan #Android #malware #GooglePlay #mobile
Digital change expands what lives outside the firewall. We checked and counted up what we saw. Get the report and take command of your digital attack surface. https://bit.ly/3cOzJ0T
Ready to achieve #ThreatHunting mastery? Check out our most recent threat hunting workshop - we'll show you how to discover unknowns and investigate threats across your organization's attack surface https://bit.ly/2BUDF3V
As the pandemic rages on, we have an election coming up and that brings another round of targeted and themed attacks. RiskIQ Security Intelligence Services Add-on for Splunk helps you extend your program, protecting your organization and constituents. #protect2020 https://twitter.com/RiskIQ/status/1281241793040916483
RiskIQ Security Intelligence Services for @Splunk puts our unmatched internet telemetry at the fingertips of Splunk users, a powerful shield from the onslaught of cybercrime leveraging current events such as #COVID19 and the election. Read more: https://bit.ly/2Oa8ZhH