Cybercriminal Situational Awareness

Simon Tame | 22 March 2016

The Internet has made keeping up-to-date with current affairs and finding relevant information so much easier.  There's a problem though: cybercriminals are frequently using current affairs, calendar events, and global issues as part of their social engineering lures. How can we respond? By developing your situational awareness of their activity.


Recently, spam emails were distributed to recipients in Brazil. Nothing abnormal there, spam happens. But the interesting thing about these emails was the use of alleged information on the Zika virus as a lure to encourage recipients to click malicious links. In these instances, curiosity didn't kill the cat – it infected it with malware. But why wouldn't the recipients be curious? After all, Brazil is impacted by the Zika virus. In an age where information is so readily accessible, why would we not be curious about information directly relevant to us? It is only through our awareness to potential risks that we begin to consider our decisions.


This use of current affairs as a lure is not new. Back in 2015, there were a number of terrorist attacks that were widely reported on in global media outlets. Around that time, it was reported that cybercriminals had used fake terror alerts and advice on terrorism in their spear-phishing emails containing malicious PDF attachments that led to the download of malware. We could reach back and think of other examples, such as the tax season in the United States being a seemingly prime time to conduct phishing attempts, or maybe the distribution of phishing emails around the time of the 2014 FIFA World Cup in Brazil. I might go as far to say that it is likely we will see similar attempts at social engineering around the 2016 Rio Olympics, but that remains to be seen.


We all have access to information, and many of us like to have awareness of the current issues and affairs, which would help us make informed decisions. The problem is, so do cybercriminals and other malicious actors. The difference is that their awareness of current affairs influences their decisions in a way that is largely based on how to capitalize on your curiosity to achieve their malicious ambitions.  


The good news, and you should be aware of this, is that by monitoring the activity of these threat actors and the methods they are using, we can educate ourselves and become more aware of how they operate, helping us maintain caution. Reporting on the new methods used by cybercriminals, be it new malware or the capitalizing on current affairs for use in social engineering, can give us valuable insight into what to be aware of and what to avoid. Armed with this information, organizations can make more information decisions about security.