Cybercriminals are exploiting the COVID-19 pandemic to hook unsuspecting people curious for information on the crisis. They are bombarded with fabricated new work from home policies or fake layoff/furlough notifications. The Internet Crime Complaint Center (IC3), the online crime reporting mechanism of the Federal Bureau of Investigation (FBI), has seen the frequency of complaints shoot up since the beginning of the pandemic. According to reports, the number of complaints has tripled or quadrupled.
Origin of The Perpetrators
According to several reports and social media, most of these attacks are executed by criminals in Russia, China, or North Korea. However, INKY, a cloud-based cybersecurity company, has a totally different view. Its latest report traces most phishing attacks to the US.
Dave Baggett, Co-Founder and CEO of INKY, says a large number of IP addresses tracked in the phishing email headers originated from somewhere in the US. Asked why the US figures so prominently in the phishing attack ecosystem, Dave claimed: "The majority of our users are American. Phishers prefer to target victims within their own geography because it's more natural to research and impersonate since it's the same culture and language. Non-American attackers also spoof a USA origin to evade geographical filters."
In an exclusive interview with the International Business Times, the INKY co-founder and CEO gives his detailed take on the attacks. Excerpts from the interview:
IBT: What are the new trends you have observed recently in the phishing world?
Dave: Malicious HTM or HTML attachments that build credential harvesting sites on a victim's local network. Bad actors get stolen credentials directly emailed to them if the victim uses it.
We have also observed dynamic algorithms that impersonate the recipient's domain in a phishing email.
IBT: How easy is it for someone to execute an attack of this nature?
Dave: Executing a phishing attack is easier than you can think. Anybody could buy a cheap confusable domain name and some hosting space to execute an attack. And impersonating sites of any reputable organizations have become super-easy. Anyone can just download real company logos, trademarks, copyrights, and HTML/CSS codes from the internet and add them on a site to imitate.
IBT: How are the underground cybercriminal networks impacting the phishing landscape?
Dave: These networks lower the barrier of entry for phishing. Criminals use dark web markets to sell stolen credentials, phishing kits and offer hacker-for-hire services.
IBT: How impactful could deepfake and similar other AI techniques be while lodging a phishing attack?
Dave: We don't see any evidence yet that attackers are using adversarial AI to bypass email gateways. However, we see many phishing emails incorporating specific non-AI techniques to get through. This demonstrates that attackers are studying the incumbent systems, learning their weaknesses, and then designing phishing templates that fool these incumbent systems. An example is "zero font": the attacker embeds text in the HTML body of the email that confuses the email gateway, but sets the font size of the text to zero. Hence, it remains invisible to the end-user.
IBT: How can individuals and businesses safeguard themselves from these attacks?
Dave:
- Verbal confirmation for financial requests
- Don't use links, type the link in a browser
- If a link has to be used, hover over it to ensure it's not misleading
- Beware of unfamiliar attachments types like SLK, IMG, RAR