A number of hack-for-hire firms are using the COVID-19 pandemic to infiltrate financial services firms. Defences are not always good enough though.
Two reports this month highlight the problem of a rapidly growing hack-for-hire market which is targeting corporations, government institutions and not-for-profits around the world. It’s a yet another addition in the cyber war powered by highly professional and well-funded criminal organisations – and given the perfect environment by Coronavirus to step up their efforts.
First came a report from Google which identified numerous hack for hire firms, spoofing the World Health Organisation to target business leaders and companies in the US and UK. The report found hundreds of examples of Coronavirus-themed attacks which use WHO branding and encourage individuals to sign up for direct notifications for important announcements. The emails contain a link to an attacker-hosted website that closely mirrors the official WHO site featuring fake login pages, all prompting users to hand over their personal details.
In a blog, Google said:
“Generally, 2020 has been dominated by COVID-19. The pandemic has taken centre stage in people’s everyday lives, in the international news media, and in the world of government-backed hacking.”
Meanwhile, a second report from Citizen Labs highlighted a shadowy hack-for-hire organisation which it termed “Dark Basin” linked to an Indian tech firm, BellTroX InfoTech Services. As well as financial institutions, this group had been targeting rights groups and not-for-profits including Greenpeace, The Rockefeller Family Fund, and the Union of Concerned Scientists as well as a number of organisations involved in the ExxonKnows campaign which asserts that Exxon knowingly hid information about climate change.
Their investigation kicked off in 2017 when a journalist noticed a phishing attack and asked them to investigate. Their study linked the attempts to a network of URL shorteners operated by the group that they came to call Dark Basin. They identified nearly 28,000 additional URLs containing the email addresses of targets around the world. This helped researchers build up a map of who they were targeting and warn some of them.
The evidence linking this group to BellTrox was not hard to find. Employees of BellTrox were found uploading screenshots and taking credit for the attacks on social media. A number of individuals claiming to work for BellTrox could be found on LinkedIn listing services such as email penetration, exploitation and corporate espionage.
Hacking is also becoming an increasingly common occurrence in corporate disputes. The recent case between the Ras Al Khaimah Investment Authority and Farhad Azima included allegations in which Azima claimed RAKIA used the services of hackers to access his emails and leak documents online.
The reports shed light on a world in which hacking is a growth industry backed by well funded and highly professional companies. The underhanded nature of this world makes it extremely difficult to trace responsibility and the current situation makes all companies uniquely vulnerable.
All the sophisticated cyber security technology in the world can be rendered useless by a convincing email. In an environment of high uncertainty in which companies are relying on guidance from trusted organisations such as the WHO, phishing emails can become more effective than ever. All it takes is one click on a malicious link and the hackers are through the defences.
Financial institutions, as always, find themselves in the firing line. If they are breached, they face financial and reputational losses as well as compliance risks.
To counter the attackers, therefore, companies need to get their defences in order, ensure everyone in the organisation is aware of the latest attacks, and that robust measures have been put in place.
The hackers are coming and they have better infrastructure and resources than ever.
Building effective defences will be one of the key challenges of the COVID-19 crisis.