Social Engineering Under COVID-19

As a leader of an organization you’re always trying to seize the next opportunity while avoiding unnecessary risks and threats. You can prepare clear strategies, build emergency plans and sometimes even purchase products that will keep your organization safe but most of the time you are so focused on the technological security solutions that you overlook the most valuable and most vulnerable asset in your organization, the human aspect.

Attackers lurking outside the corporate network know you are preparing for them but they also know that the human brain is very sensitive and sometimes automatically responds to their sophisticated attempts to influence it.

As companies around the world struggle to adjust to the new COVID-19 driven reality, cyber criminals appear to be managing just fine – unfortunately global disasters such as this are commonly leveraged by syndicates who carry out all sorts of fraud and cyber attack, mostly utilizing social engineering.

It is therefore reasonable to assume that most companies were not prepared for the sudden, unexpected shift from working on-premise with secure perimeters and acceptable use policies to remote and vulnerable working habits.

Big transformations without proper planning and preparation bring additional security risk to organizations across all sectors. Earlier this year, OP Innovate’s Incident Response and Digital Forensics teams stood up against a wave of COVID-related phishing and whaling emails that flooded personal and corporate mailboxes with themed malicious content that sought to take advantage of the global situation and sow fear and confusion into their multitude of recipients.

But more interesting is how some of the fraudsters combined business email compromise attacks (BEC) with the “COVID confusion” to elevate their attacks to the next level, stuffing their pockets with millions of dollars in a single, well orchestrated  “sleight of hand”.

OP Innovate’s IR team was called in to deal with several phishing campaigns, some resulting in huge financial loss, while others yielded a secondary ransom demand and room for negotiation.

How it Played Out

An Accounts Payable staffer was lured to a spoofed Office365 page by a malicious attachment in an email message received from a 3rd party supply chain vendor known to them.

To gain access to the document, the staffer willingly submitted their email address and corresponding password opening the door to the attacker who subsequently gained full access to the staffer’s mailbox. The attacker worked quickly to learn the organization’s financial approval procedures and through a series of fake emails, the  attacker managed to play the stakeholders against each other and succeeded in wiring several million US dollars to a fraudulent bank account.

A second case recently handled by OP Innovate resulted in a successful negotiation process with the attackers, in which the attacker retrieved the downloaded mail items, preventing a massive PR damage for the customer and their partners.

Key Takeaways:

COVID-19 has turned many internal processes on their head. This doesn’t have to be the way. Even during this uncertain period organizations should maintain alignment of their security controls. A decentralized workspace can mean a diffusion of security responsibility but making an effort to raise staff awareness to cyber security issues they have control over can have a strong effect on protecting the organization.

1. Do not open mails from unknown or suspicious sources

2. If opened – do not click on links contained within the suspicious emails

3. If clicked – stay away from sites that are marked as “dangerous” by your browser

4. If visited – do not insert your email address in order to access an attachment

5. If you made it so far, you may have already given away your password as well.. Give us a call at OP Innovate

shay@op-c.net