The COVID-19 pandemic isn’t the only worldwide crisis to have been exploited by cyber criminals. Seven earlier crises that were similarly leveraged include another disease – the 2009 swine flu – as well as natural disasters like the earthquakes in Haiti in 2010 and Japan in 2011 and malicious events, including the mass shooting targeting New Zealand mosques in 2019. Following a brief review of each of these, and what cyber criminals did to take advantage of the situations, the article presents lessons learned. The first of which is that cyber crime simply has no scruples. Whenever there is a possibility of financial gain, threat actors will immediately take advantage of any situation that has the interest of the general public, even if doing so ruins businesses or results in the loss of human life. The second lesson is also quite evident: social engineering is still a major part of cyber crime tactics during crises. Yes, attackers may use ever-evolving sophisticated tools, even to the point of employing AI/machine learning to devise when a phishing attack will be more successful. But a simple fact still holds true: humans are the primary target. This is exploited even further during crises. Since major events attract lots of public interest, several facets of our human nature (such as curiosity, fear, goodwill, and even tiredness) may increase an attack’s chance of success. Read the article at Infosec.
H2Oex: In Person 1 day event/exercise. Thurs Dec 5th. Washington DC. Join us!