• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   Exploits   »   Disasters Present Cybercriminals Multiple Points to Leverage

Disasters Present Cybercriminals Multiple Points to Leverage

  • Posted on:March 28, 2011 at 6:07 am
  • Posted in:Exploits, Malware, Social, Spam
  • Author:
    Ryan Flores (Threat Research Manager)
9

The recent tragedy that affected Japan is not the first incident that cybercriminals leveraged. Cybercriminals have established early on just how low they would go just to steal money from users—Hurricane Katrina in 2005, Hurricane Gustav in 2008, the Chinese Sichuan earthquake in 2008, and recently the Haiti Earthquake in 2010 were all used one way or another as social engineering bait.

From a technical perspective, it is disheartening how closely cybercriminals monitored the entire incident just to take advantage of not only the event itself but also the ones that happened afterward. Let’s trace the events, along with the threats we found leveraging them.

Information Demand Met with Attacks

The earthquake happened on March 11, 2011 and, almost immediately, most of the world was aware of the incident and constantly sought out more information on Japan’s status.

The sudden and fast increasing demand for information on the earthquake was met with blackhat SEO attacks wherein cybercriminals rigged search results for strings related to the incident and led users to malicious sites.

Unsurprisingly, social networks were also filled with inquiries, footage, bits of information on the tragic event, and, of course, posts set up to look like footage and information but actually led to malicious sites and files.

A few hours after, the tsunami that was triggered by the earthquake hit the coasts of Aomori, Iwae, Miyagi, and Fukushima, causing more damage to the affected areas. Many people from Japan who managed to get themselves in safer ground by the time the tsunami struck were able to take videos showing how the waves destroyed the infrastructure located near coastal lines.

The cybercriminals again quickly took action to leverage the event and deployed attacks in social networks such as Facebook. Posts that posed as footages of the tsunami were seen all over the network and led to other malicious pages.

False Cries for Help

The world watched on as the Japanese endured the earthquake, the tsunami, and their grave effects. Efforts to assist them were immediately triggered all over the world. Leaders of different countries expressed their willingness to provide help to the Japanese. Organizations such as the Red Cross also launched campaigns that enabled other people to help with the efforts by sending in their donations.

Unfortunately, not only relief efforts were triggered but attacks as well. Only a few hours after the disasters hit, phishing sites posing as donation websites already began to surface. This continued on for days after the disaster; bogus domains posing as charity organizations increased in number, along with one that purported to be part of organizations such as Unicef.

Nuclear Meltdown Issues

Nuclear plants were among the infrastructure that were greatly affected by the earthquake. The extent of the damage and its effects caused alarm not only among the Japanese but also among people from all over the world. Possibilities of a nuclear meltdown were continuously speculated on while the Japanese worked hard to prevent any other damage.

However, it seems that not only the Japanese worked hard at this point, as even information on the nuclear plant was used as social engineering bait. We saw several targeted spam attacks with messages supposedly bearing information on the status of the nuclear plant. The messages arrived with attachments, usually .DOC, .XLS, and .PDF files, which contained exploit codes for both old and new vulnerabilities, including one that was only recently patched by Adobe.

What to Do?

Seeing multiple varied attacks for different events related to one event sends a clear message to us of just how much cybercriminals will leverage such an incident—even one as tragic as this—just to steal money from users. For situations like this, it is important for users to have clear guidelines as to how they can prevent being victimized by attacks.

Here are some tips that can help users avoid becoming victims of scams and other Web threats:

  • Verify the source. Check if the sender of the email is known or not. Discard the email if the source is unknown. If the sender is someone you know and the message requests for personal information, try to verify the request from the sender through a different medium. Keep in mind that charitable organizations will never mass-send solicitation messages and requests for personal information. It’s best to go directly to the official websites of the said organizations to send in donations.
  • Examine the URL. Double-check the links contained in email messages. Check the URL in the browser address bar and make sure that you are in the right website.
  • Handle attachments with caution. Refrain from opening attachments contained in email messages from unknown sources. The attachment is likely to be a malicious file, which when opened, will be installed into your system.
  • Read between the lines. Check the text of the email message for grammatical lapses, strange wordings, and other errors. Also, observe the quality of the images in the message, as these may also be of low quality if sent by fraudulent users.
  • Check with a techie friend. If still in doubt of the integrity of a certain message or website, seek the assistance of a techie friend and ask for ways to verify. Trend Micro offers portals such as the Malware Blog and the Trend Community where users may seek the help of our engineers as well as of other techie users to deal with security concerns. Users may also choose to utilize free services such as the Trend Micro Site Safety, which verifies the nature of URLs, and preventive tools such as eMail ID and Web Protection Add-On.

More information can be found in our report, “Staying Safe from Disaster Relief Scams.”

Learn how to protect Enterprises, Small Businesses, and Home Users from ransomware:
ENTERPRISE »
SMALL BUSINESS»
HOME»

Security Predictions for 2020

  • Cybersecurity in 2020 will be viewed through many lenses — from differing attacker motivations and cybercriminal arsenal to technological developments and global threat intelligence — only so defenders can keep up with the broad range of threats.
    Read our security predictions for 2020.

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Recent Posts

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits
  • August Patch Tuesday Fixes Critical IE, Important Windows Vulnerabilities Exploited in the Wild
  • Water Nue Phishing Campaign Targets C-Suite’s Office 365 Accounts

Popular Posts

Sorry. No data so far.

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, äž­ć›œ, æ—„æœŹ, ëŒ€í•œëŻŒê”­, 揰灣
  • Latin America Region (LAR): Brasil, MĂ©xico
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Đ ĐŸŃŃĐžŃ, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.