Malicious Cyber Activity Surges Coincide With Geopolitical Events

Protect yourself! Visit today! A lot of social engineering draws its plausibility from current events. Some of these are as predictable as the calendar. Valentine’s Day? Here’s a quick link to get you those flowers and candy you forgot about. Tax season? Hey, it’s us, the IRS. March Madness? Click here to share your bracket (come on, it’ll be fun). We’ve warned about all of these elsewhere. But other, more serious and less predictable events also shape phishbait. International conflict increasingly plays out in cyberspace as well as physical space. And nation-state hacking units work social engineering as much as any common criminal. The hackers, probably Russian, who intruded into the Winter Olympics networks got there by phishing. Other Russian hackers who’ve taken down sections of the Ukrainian power grid over the last few years got into the utilities’ networks by phishing. Currently an Iranian threat group, called variously “MuddyWater” or “TEMP.Zagros,” is phishing targets in the Middle East and Asia. The goal appears to be strategic intelligence. The means by which MuddyWater accomplishes its cyberespionage is a phishing email baited with a plausible, malicious Word document. When gullible recipients open the email and click the attachment, they install the spyware payload. It pays for any business to keep abreast of geopolitical events if only for this reason: they can help keep their employees aware of some likely forms social engineering will take. You may not be interested in geopolitics, but geopolitics is interested in you. One of the larger crises with significant implications for cyberspace is the current conflict between the UK and Russia over Russia’s apparent attempt to assassinate a spy and his daughter in England. Both sides are threatening cyber retaliation. Security awareness training should be as realistic and timely as possible. KnowBe4 has a Current Events phishing template category that is kept up to date with today’s breaking news items. See Comodo’s take on the correlation of attacks with current events here: