Virus Makes Media More Vulnerable To Phishing
Phishing attacks increase when we are most vulnerable. Not surprisingly, in recent weeks, the COVID-19 outbreak has affected many people around the world. Data has indicated that more and more phishing attack campaigns have targeted or leveraged users’ fear and feeling of uncertainty to engage them in phishing scams.
According to Akamai’s research, some of these phishing campaigns are seizing the moment and are recycling phishing toolkits to make the effort of deploying and launching those campaigns even easier and faster.
Another effect of COVID-19 is the increase of working from home, which leads to the blend of work and personal related use of the same device for employees. As more of these use cases exist, it might lead to a situation where users and organizations are more likely to be exposed to a higher level of risk as the segregation between customer attacks and enterprise attacks fades away.
When it comes to phishing, the most common attack objectives are to lead victims into installing malicious software or stealing victims’ credentials. Both will give threat actors the ability to monetize the scam into selling victims’ valuable information to the highest bidder, which is later abused by other cybercriminals.
Media Brand Abuse
Media brands are known to be abused mainly due to the fact that their customers’ credentials are valuable to merchants on cybercriminals’ marketplaces and can be used to illegally access the stolen accounts.
Another use case for such stolen credentials can be found in credential stuffing attacks where attackers are counting on the fact that individuals are re-using the same credentials over different services. For example, if a given user’s media-service provider credentials are also being used by that user on other web services, once those credentials are stolen, attackers will try to force themselves into as many web services as possible and to try to get access to as many accounts as they can.
Much like other merchants that have different levels of demand over different periods of the year, stolen media-services credentials also have high demand in different shopping seasons. According to research done by Akamai, during the holiday season of 2019, phishing attack victims were on the rise with both ecommerce and media as targeted industries.
The fact that both of those targeted industries were leading the growing momentum didn’t come as a surprise. Over that time of the year, consumers generally lower their defenses when looking for bargains, and stolen credentials for ecommerce and media sites become more valuable with increased demand.
As more and more people are staying at home in the past few weeks, we predict there will be an increase in the demand for stolen media-services accounts. As a result, we will see an increase in phishing attacks that are targeting media-service customers.
Phishing is not a new attack vector, and unfortunately it is not going to die soon. Phishing attacks abuse users when they are the most vulnerable, whether it is their desire to find outstanding deals and coupons or they are concerned and looking for information about COVID-19 outbreak information. In both cases, their chances of engaging with phishing scams will be high and will lead to a higher scam success rate.
There are a number of strategies media businesses can implement in order to ensure their brands and consumers are secure and their organizations as a whole will be less exposed to phishing security risks. These include the following:
- Apply multi-factor authentication (two-step verification). For example, when consumers try to sign-in on a site, they are required to use a code that was sent to their phones to verify the login attempt. Turning on multi-factor authentication adds an additional layer of defense if their user credentials were stolen.
- Make sure the brand’s website can detect and block credential stuffing attacks and verify all users as humans and not bots. By doing so, it will help businesses to detect massive credential stuffing attacks, flag the stolen credentials and enable resetting of passwords for those users if needed.
- Track if the brand is being abused in the wild, making sure it is not abused by phishing attacks campaigns. For example, businesses can collect and process threat intelligence data resources from a range of sources and shut down the phishing sites that are targeting their customers.
Users need to make sure they think twice before engaging with offers that are too good to be true; they also need to make sure that the website in front of them is trustworthy and legit. Above all, they need to make sure their loved ones, colleagues and friends are safe online, and they should avoid opening files that are delivered from unknown sources.
Or Katz is lead principal security researcher at Akamai Technologies.