Simply Security - News, Views, and Opinions from Trend Micro

Disasters Present Cybercriminals Multiple Points to Leverage

Posted on March 28th, 2011 in Current News, Cybercrime by TrendLabs | Be the first to comment | Tags: cybercrime

The recent tragedy that affected Japan is not the first incident to be leveraged by cybercriminals. Criminals have established early on just how low they would go just to steal money from users — Hurricane Katrina in 2005, Hurricane Gustav in 2008, Chinese Sichuan earthquake in 2008, and recently the Haiti Earthquake in 2010 were all used by cybercriminals one way or another for social engineering.

From a technical perspective, it is disheartening how closely cybercriminals have monitored the entire incident, just to use not only the event itself but also the ones after to take advantage. Let’s trace the events, along with the threats that were found leveraging them.

Information Demand Met with Attacks

The earthquake happened March 11, 2011 and almost immediately, most of the world was aware of the incident, and constantly seeking for more information on Japan’s status.

The sudden and fast increasing demand for information on the earthquake was met with BHSEO attacks, wherein cybercriminals rigged search results for strings related to the incident, and led users to malicious sites.

Unsurprisingly, social networks were also filled with inquiries, footage, bits of information on the tragic event, and of course, posts set up to look like footage and information, but actually lead to malicious sites and files.

A few hours after, the tsunami that was triggered by the earthquake hit the coasts of Aomori, Iwae, Miyagi and Fukushima, causing more damage to the affected areas. Many people from Japan who managed to get themselves in safer ground by the time the tsunami struck were able to take videos, showing how the waves destroyed the infrastructure located near coastal lines.

The cybercriminals, again, quickly took action to leverage on the event and deployed attacks in social networks such as Facebook. Posts that posed as footage of the tsunami were seen all over the networks, and lead to other malicious pages.

False Cries for Help

The world watched on as the Japanese people endured the earthquake, tsunami, and its grave effects, and efforts to assist them were immediately triggered all over the world. Leaders from different countries expressed their willingness to provide help to the Japanese people. Organizations such as the Red Cross also launched campaigns which enabled other people to help with the efforts by sending in their donations.

Unfortunately, not only relief efforts were triggered, but attacks as well. Only a few hours after the disaster, phishing sites posing as donation websites already began to surface. This continued for days after the disaster; bogus domains posing as charity organizations increasing in number, along with one that pretends to be from organizations such as Unicef.

Nuclear Meltdown Issues

Nuclear plants were among the infrastructure that was affected by the earthquake, and the extent of the damage and its effects have caused alarm not only among the Japanese people, but all over the world. Possibilities of a nuclear meltdown are continuously being speculated on, while Japanese workers work hard to prevent any other damage.

However, it seems that not only the Japanese are working hard at this point, as even information on the nuclear plant has been used for social engineering. We’ve seen several targeted spam attacks, with the messages supposedly bearing information on the status of the nuclear plant. The messages arrive with attached documents, usually .DOC, .XLS, and .PDF files which contain exploit codes for both old and new vulnerabilities, including one that was only recently patched by Adobe.

What to Do?

Seeing multiple varied attacks for different events related to one event sends a clear message to us of just how much criminals will leverage such an incident –even one as tragic as this one– just to steal money from users. For situations such as this, it is important for users to have clear guidelines as to how they can prevent being victimized by attacks.

Here are some tips which can help users avoid becoming victims of scams and other web threats:

Verify the source — Check if the sender of the email is known or not. Discard the email if the source is unknown. If the sender is someone you know and the message requests for personal information, try to verify the request from the sender through a different medium. Keep in mind that charitable organizations will never mass-send solicitation messages and requests for personal information. It’s best to go directly to the official websites of the said organizations to send in donations.
Examine the URL — Double-check the links contained in email messages. Check the URL in the browser address bar and make sure that you are in the right website.
Handle attachments with caution — Refrain from opening attachments contained in emails from unknown sources. The attachment is likely to be a malicious file which when opened will be installed into your system.
Read between the lines – Check the text of the email message for grammar lapses, strange wordings, and other errors. Also, observe the quality of the images in the message, as these are may also be of low quality if they are sent by fraudulent users.
Check with a techie friend — If still in doubt of the integrity of a certain message or website, seek the assistance of a techie friend and ask for ways to verify. Trend Micro offers portals such as the Malware Blog and the Trend Community, where users may seek the help of Trend Micro engineers, as well as other techie users in dealing with security concerns. One may also choose to utilize free services, such as the Trend Micro Site Safety, which verifies the nature of URLs, and preventive tools such as eMail ID and Web Protection Add-On.