Intel Advisory: Cyber Threat Actors Expected to Leverage Major Storms for Fraud

The Center for Internet Security (CIS), a MACo Partner, warns that malicious actors may leverage public interest during natural disasters to conduct financial fraud and disseminate malware.

Malicious actors leverage public interest during natural disasters and other high profile events to conduct financial fraud and disseminate malware – that according to The Center for Internet Security (CIS), a MACo Corporate Partner. The landfalls and impending landfalls of Hurricanes Florence, Isaac, and Helene, Tropical Storm Olivia, and Typhoon Mangkhut will highly likely propel the emergence of new and recycled scams involving financial fraud and malware.

According to CIS:

Malicious actors are notorious for posting links to fake charities and fraudulent websites that solicit donations for victims of natural disasters or deliver malware. The Multi-State Information Sharing and Analysis Center (MS-ISAC) previously observed similar scams and malware dissemination campaigns in response to high profile events including the Boston Marathon bombing, Hurricane Harvey, and the Tennessee wildfires. It is highly likely that more scams and malware will follow over the course of the recovery period, so Internet users need to exercise caution before opening related emails, clicking links, visiting websites, or making donations to relief efforts.

From September 6-11, 2018, the MS-ISAC observed an increase in registered domains likely related to Hurricane Florence. The most recently registered domains include the words, “claims,” “compensation,” “lawyers,” “relief,” and “funds,” which could indicate the domains use in possible scams or other malicious activity, so they should be viewed with caution. It is likely that these domain registrations will continue, especially after Hurricane Florence makes landfall. We believe that these domain registrations will also likely occur for the other storms.

It is highly likely that malicious actors will also capitalize on this disaster to send phishing emails with links to malicious websites advertising relevant information, pictures, and videos, but containing phishing web pages or malware. Other phishing emails are highly likely to contain links to, or attachments with, embedded malware. Victims who click on links or open malicious attachments risk compromising their computer.

User Recommendations

The MS-ISAC recommends that users adhere to the following guidelines when reacting to high profile events, including news associated with the disasters and solicitations for donations:

  • Users should exercise extreme caution when responding to individual pleas for financial assistance such as those posted on social media, crowdfunding websites, or in an email, even if it appears to originate from a trusted source. When making donations, users should consult the Federal Trade Commission Consumer Information website for guidance or the National Voluntary Organizations Active in Disaster website.
  • Be cautious of emails or websites that claim to provide information, pictures, and videos.
  • Do not open unsolicited (spam) emails or click on the links or attachments in those emails.
  • Never reveal personal or financial information in an email or to an untrusted website.
  • Do not go to an untrusted or unfamiliar website to view the event or information regarding it.
  • Malicious websites often imitate a legitimate site, but the URL may use a variation in spelling or a different domain (e.g., .com vs .org) so ensure the link goes to the correct website.

Technical Recommendations

The MS-ISAC recommends that technical administrators adhere to the following guidelines when reacting to high profile events, including news associated with any of these disasters, and solicitations for donations:

  • Issue warnings to users about potential scams, implement filters on emails, block suspicious IP addresses and domains at your firewall and on your web server proxy, and flag emails from external sources with a warning banner
  • Use antivirus programs on clients and servers, with automatic updates of signatures and software.
  • Apply appropriate patches and updates immediately after appropriate testing.

More information regarding emergency preparedness for cyber infrastructure is available in the associated MS-ISAC Security Primer.

MACo members have a great resource available to them to help address this and other cybersecurity related issues: the Center for Internet Security (CIS). Through MACo’s partnership with CIS, members have access to a number of cost-effective resources to improve their employees’ security awareness, including industry-leading training programs from the SANS Institute, as well as social engineering and phishing exercises, and expert-led training seminars.

Learn more about CIS benefits for MACo members.