In case you’ve been living under a rock in the last few months, or the year is 2450 and this blog made it to the list of humanity’s archive of must read materials, we are in the midst of a global pandemic caused by the COVID19 disease.
The pandemic has meant that most of our lives have changed significantly for the time being, and possibly for the foreseeable future. Most of the people with desk jobs are working from home, leaving your house is currently allowed but alertness and basic consideration is required, we are all turning into couch potatoes and the world economy is about to go down the drain.
But anyways, we have other things to worry about, such as how cyber criminals are increasingly using the situation for their own benefit.
People are feeling unsafe, anxious, depressed, unsure and the lack of certainty and clarity is seriously challenging our social norms.
Cyber criminals however are having the year of their life. People’s mental state allows them unprecedented access to success in using various social engineering techniques.
The increased work from home capabilities of many companies and huge increase in remote workers has significantly increased the available attack surface, giving attackers a very solid ground for exploitation.
I know a lot of you are thinking
“Who in the world is going to come after me and my site/data/information?
I have nothing of value.”
The thing is – you are wrong.
You have plenty of things of value – whether is your own personal data, bank accounts, passwords, files, or data you hold on clients/collaborators/partners, or even if it’s something as insignificant as what’s in your shopping basket, your data does have value.
In fact, most cyber attacks are opportunistic.
There are automated programs that crawl he internet all day long with nothing else to do but spot potential targets. These are easy to find, easy to configure and don’t even need any special knowledge to manage.
It’s like when you leave your phone visible in your car. If a thief walks by your car and sees your phone, they might break in and steal it. They didn’t target you specifically, they just saw an opportunity and used it.
It is important to remember that the same holds valid for your data. Therefore you should make the effort to protect it, even if you think it is not valuable.
Now, let me move on into my story. I received a couple of threatening emails with the title of:
“Your Site has been hacked”
Moving on to say:
From: Violette Given <hacker@albertoastorga.es>
Subject: Your Site Has Been HackedMessage Body:
PLEASE FORWARD THIS EMAIL TO SOMEONE IN YOUR COMPANY WHO IS ALLOWED TO MAKE IMPORTANT DECISIONS!We have hacked your website http://www.infosecwise.com and extracted your databases.
How did this happen?
Our team has found a vulnerability within your site that we were able to exploit. After finding the vulnerability we were able to get your database credentials and extract your entire database and move the information to an offshore server.What does this mean?
We will systematically go through a series of steps of totally damaging your reputation. First your database will be leaked or sold to the highest bidder which they will use with whatever their intentions are. Next if there are e-mails found they will be e-mailed that their information has been sold or leaked and your site http://www.infosecwise.com was at fault thusly damaging your reputation and having angry customers/associates with whatever angry customers/associates do. Lastly any links that you have indexed in the search engines will be de-indexed based off of blackhat techniques that we used in the past to de-index our targets.
How do I stop this?
We are willing to refrain from destroying your site’s reputation for a small fee. The current fee is $2000 USD in Ethereum (ETH).
Send the bitcoin to the following ETH address (Copy and paste as it is case sensitive):
0xdE1B970f18a51FCfCBa91829fBb6532460E88794
Once you have paid we will automatically get informed that it was your payment. Please note that you have to make payment within 5 days after receiving this notice or the database leak, e-mails dispatched, and de-index of your site WILL start!
How do I get Ethereum?
You can easily buy coins via several websites or even offline from a Ethereum-ATM. We suggest you https://cex.io/ for buying coins.
What if I don’t pay?
If you decide not to pay, we will start the attack at the indicated date and uphold it until you do, there’s no counter measure to this, you will only end up wasting more money trying to find a solution. We will completely destroy your reputation amongst google and your customers.
This is not a hoax, do not reply to this email, don’t try to reason or negotiate, we will not read any replies. Once you have paid we will stop what we were doing and you will never hear from us again!
Please note that Bitcoin is anonymous and no one will find out that you have complied.
—
This e-mail was sent from a contact form on InfoSecWise (http://infosecwise.com)
It makes me laugh really … I received two of these emails recently, both matching almost word by word. I don’t really know if they are from the same people. They are more likely different and unrelated opportunistic attackers.
You see, as any website or a blog out there, you probably want people to be able to reach you in some way, shape or form. Putting your email address out there is pretty risky because of above said automatic crawlers who will pick it up and try to use it as an open relay to send millions of spamming or malware messages to unsuspecting users.
The next best thing to not publicly posting your email is using a contact form. The contact form does not have many relying capabilities so it’s harder to be exploited in a more general email attack.
It does not stop them however from trying to send you attacks through the form. There won’t be many ways to filter those messages and if you are just using the built-in hosting provider’s mail servers, there won’t be much in place to protect you from these messages.
The good news is that at least they are coming through a very dumb text form, which reduces the attack surface for any kind of scripts or attachments significantly.
It does not have any protection for Social Engineering though. A lot of systems don’t. The best protection is your own reasoning and critical thinking, so make sure you use it 🙂
Let’s go through this message and I will point a few obvious reasons why this is a Social Engineering attack.
To start with, if we go back again to a previous post about spotting fake emails , you will notice that they didn’t use my name in the email.
Second they started by urging me to forward this email to someone who can make important decisions, thus creating a point of authority.
Third, they are threatening to release whatever data they stole if I don’t pay in 5 days, thus creating a point of urgency.
Authority and Urgency are two of the most common Social Engineering tactics that target users into convincing them to do something for the attackers to accomplish financial gain. In this case, they are requesting a ETH payment of $2000.
Fourth, even though not many, I did spot a few spelling errors. A legitimate company will at least proof-read their emails. The text is also showing inconsistencies with their ransom request. They are asking for Ethereum in one line, then bitcoins in another line.
The last and most obvious thing really is that my website was not hacked at all. The site is still happy and available for you nice people to read. 🙂 I am still fine to manage it with no issues and the DB is alive and kicking. So even if there is any doubt or any concern that an attack might have taken place, start digging in your back yard first and if you can’t find any evidence, you are likely going to be ok.
As one last note, the email comes from hacker@albertoastorga.es Do you really think a real attacker would send an attack from an email address as ridiculous as that? Ah, poor albertoastroga.es probably got hacked as well.
I know these emails are not really nice to get, they can be concerning and they can cause fear and anxiety, but a bit of critical thinking can go a long way and in this case, will save you some worry.
As final thoughts, I hope you are staying safe during this unprecedented time and may the force be with you!