Spoofing attacks to soar as COVID wrecks supply lines
Threat actors will take advantage of shipping delays and disruption to supply lines caused by COVID-19 to increase spoofing attacks, rendering more businesses vulnerable to cyber scams well into 2022.
Disruptions to supply chains caused by pandemic-related restrictions have already proved fertile grounds for threat actors who impersonate delivery companies and send out fake notices of delayed consignments – and this trend looks set to continue for the foreseeable future.
“Cybercriminals have shifted focus to targeting the supply chain and partner ecosystems, turning this into yet another critical threat vector,” Adenike Cosgrove, cyber security strategist at Proofpoint, told CyberNews. “Attackers are leveraging compromised supplier accounts and [using] supplier impersonation to send malware, steal credentials, and perpetrate invoicing fraud. This is heightened in post-pandemic times, as the world struggles to sustain the supply chain for the production of goods.”
Cybercriminals commonly mimic large reputable firms such as UPS and DHL – whose name and branding were faked in nearly a quarter of email phishing attacks in the final quarter of last year – to lure businesses and consumers into clicking on links containing malware. Their details are then harvested by threat actors using cleverly disguised fake websites. In some cases, Trojans are also installed, permitting remote control of victims’ computers.
“It is very difficult to set adequate laws around supply chain security because things change,” added Cosgrove. “A supplier can be secure today but insecure tomorrow due to unpatched systems.”
“Companies of all sizes and industries are exposed to supplier risk, and it’s a universal concern,” she continued, adding that last year, in one month alone, 98% of 3,000 organizations monitored across the UK, US, and Australia received a threat from a supplier domain.
To make matters even more difficult, threat actors are tightening up on traditional ‘giveaways,’ such as poor grammar in emails, making their scams more convincing. Fake sites are also benefiting from superior design, with more sophisticated graphics used to make them appear genuine. All of this increases the chances of a panicky customer or stressed business employee clicking on a link containing malware.
“Phishing emails have become much more realistic-looking,” said Kristen Bolig, head of SecurityNerd. “Improvements in their deception can be seen in fewer spelling errors, use of legit company logos, or really similar replicates, more formal wording, and even email addresses that contain the company name.”
Bolig advised recipients who don’t immediately spot a red flag to carefully scrutinize emails to detect potential scams.
Beware the Brexit effect
Customs regulations in the wake of Britain’s exit from the European single market could be another driver for increased phishing attacks, with customers and companies doing business between the UK and EU targeted.
In the run-up to Christmas, cybersecurity experts warned shoppers to beware of bogus messages regarding orders that invite them to click on infected links. With three in ten businesses that import goods from the EU to the UK recently declaring they were unprepared for the post-Brexit customs regime – which came into effect at the beginning of this year - further disruption to the supply chain seems likely. Given their actions during the festive season, digital fraudsters will probably seek to exploit this development as well.
“Cyber criminals notoriously capitalize on global events to target users with attacks, including those leveraging the supply chain,” said Cosgrove.
How to avoid being scammed
Faced with this uncertain climate, shipping and logistics companies – and those who do business with them – must take it upon themselves to beef up their security practices, Troy Gill, cybersecurity manager at Zix threat research firm, told ThreatPost recently.
“Amidst more sophisticated spoofing attempts, companies should seek to implement best practices,” said Gill. “Security-awareness training is an effective internal process to implement, because it teaches employees how to spot email attacks. Having a better understanding of when they shouldn’t click on a link or download an attachment will go a long way in protecting employees.”
He also urged businesses to adopt Domain-based Message Authentication, Reporting & Conformance (DMARC) to stop crooks from sending emails with counterfeit addresses. DMARC does this by authenticating a sender’s identity and verifying that their domain has not been impersonated before allowing the message to reach its destination.
“Another tool is an email threat-protection system, preferably one that’s dynamic and continuous in its analysis,” Gill added. “Incoming emails can be scanned for signs of malware, predictive phishing patterns, and other suspicious indicators.”
More from CyberNews:
Subscribe to our newsletter