Phishing News Highlights

Colonial Pipeline Ransomware Attack

On the morning of May 7th, 2021, an employee of Colonial Pipeline found a ransom note from hackers on a control room computer. They had been attacked by DarkSide, a ransomware group based in Russia. By the end of the day, the CEO of the company decided to pay the ransom to minimize loss and disruption of gas access, as the pipeline is responsible for 45% of the fuel in the East Coast. The company experienced a six-day outage after the attack. Gas prices spiked to the highest prices in 6 ½ years since gas prices were trending down due to the pandemic. 

The US government advises against paying off ransomware attackers because it “can encourage more criminal activity and often doesn’t lead to a restoration of systems.” But CEOs of essential services are often left with no choice but to pay. “I’m against paying ransom because every time you pay these groups, you’re helping them expand their capabilities,” he said. “But companies are literally brought to their knees with no other option,” said David Kennedy, chief executive of security company TrustedSec LLC. Colonial Pipeline paid out almost 5 million dollars in the form of 75 bitcoin in exchange for a decryption tool from hackers. Blount, CEO of Colonial Pipeline says the decision to pay off the attackers, which the US government doesn’t recommend, didn’t come easy. “I will admit that I wasn’t comfortable seeing money go out the door to people like this. But it was the right thing to do for the country,” he said.

DarkSide closed its doors shortly after the hack, stating that an unknown user drained their accounts and that they were releasing decryption tools for all of the companies that have been ransomed but which haven’t yet paid. But we shouldn’t be convinced DarkSide won’t make a comeback under a different name in the future. With cybersecurity threats becoming more sophisticated each day, we need to protect foundational institutions from these attacks. "The cybersecurity landscape is constantly evolving, and we must adapt to address new and emerging threats," says Secretary of Homeland Security Alejandro Mayorkas. "The recent ransomware attack on a major petroleum pipeline demonstrates that the cybersecurity of pipeline systems is critical to our homeland security." 

COVID-19 Related Domains Enable Phishing

On Thursday, May 20th, 2021, The U.S. Attorney’s Office for the District of Maryland seized the domain “COVIDReliefSociety.org” which falsely claimed to sell vaccines for the COVID-19 virus online and instead collected the information for nefarious purposes like fraud, phishing, and the deployment of malware. This domain is the 10th pandemic-related domain seized by the office. A blog post on the fraudulent site stated that “you can now buy Covid-19 Vaccine Online from the Covid-19 Relief Society and have it delivered the same day anywhere in the world,” promising to fulfill orders of up to 2 million vaccines in an overnight shipment. The domain now redirects to a page stating that the government has seized the domain.

The appearance of fraudulent sites has persisted throughout the vaccine rollout. Earlier, on the 3rd of the same month, the United States Attorney's Office for the District of Maryland seized a different domain, "Freevaccinecovax.org," which appeared to be a site for a company developing a vaccine for COVID-19. Still, the site collected visitor’s information to be used for nefarious purposes. We saw an outbreak of fraudulent sites and phishing attempts alongside the pandemic between stimulus check related-scams and the promise of early access to the vaccines.

With the increase in online activity, and more interestingly, the mass consumption of information and misinformation on the pandemic gives scammers a larger platform than usual. Phishing attacks increased by 11% in 2020, while a total of 85% of breaches involved a human element. With more people depending on the internet to find information on their stimulus checks, where they could get tested for the virus, and whether or not the vaccine is available to their demographic yet, the pandemic created a perfect storm for the cybercrime spike we’ve seen in 2020 and the early months of 2021.

How Cryptocurrency and Stock Trading Enables Social-Engineering

Sophos’ new software was recently able to uncover a server that was hosting 167 counterfeit apps impersonating major financial firms and popular cryptocurrency trading platforms, such as Barclays, Gemini, Bitwala, Kraken, Binance, BitcoinHK, Bittrex, BitFlyer, and TDBank. All of the scams could be operated by the same group. Some tactics for bringing people to the app included befriending users via a dating app and attempting to lure them into installing and adding funds to one of the fake apps and websites that resembled those of trusted brands. Some users even downloaded what appeared to be an app but was a short-cut icon linked to a fake website.

Since the creation of bitcoin and blockchain, it’s been a favorite form of currency among ransomware attackers and online scammers due to its untraceable nature. In Q1 2019, 98% of ransomware payments were in bitcoin. In March, criminal groups were able to secure as much as $370 million in ransom payments in 2020, a 336% increase from 2019. Despite its popularity among scammers, each day, more banks offer cryptocurrency services to their customers.

Cryptocurrency has been steadily growing in popularity for the past decade, but recent celebrity endorsements and affiliations, such as Tesla announcing that it bought $1.5 billion worth of Bitcoin, has pushed cryptocurrency into the mainstream market, as well as it’s corresponding security risks. Musk's endorsements have also led to a number of scams using Elon Musk’s name. Elon Musk impersonators have stolen over $2 million through cryptocurrency scams since the start of 2021. The US government is taking steps to do more to regulate cryptocurrency, like requiring any cryptocurrency transfer over $10,000 to be reported to the IRS. With cryptocurrency being such a relatively new phenomenon, we can expect to learn of more cryptocurrency regulations soon.