ThreatCloud data and situation assessment from Check Point
Check Point Research has taken a close look at the development of cyber attacks after the start of the Ukraine-Russia war. The figures speak a clear language: virtual attacks against the military and authorities of Ukraine increased by 196 percent in the first three days of the fight.
Phishing e-mails in East Slavic languages increased sevenfold, with a third of them addressed to Russian citizens, sent from Ukrainian e-mail addresses – either real or redirected by spoofing. As a result, fraudulent e-mails in these languages now account for almost 12 percent worldwide. In addition, fraudulent emails are sent, calling on citizens of other countries to donate to Ukraine, but the money would end up with criminals.
It should be added that the Ukrainian government has established an international IT army of so-called hacktivists (hacker activists) via the Telegram news program, which has over 175,000 members. Even in underground forums on the Dark Net, this group is looking for members, with a text that was probably written on the orders of a higher-ranking official of the Ukrainian Ministry of Defense. The Anonymous Collective has become part of this Ukrainian IT army and declared cyber war on Russia, although some success has already been recorded. The websites of Russian authorities, such as those of the Kremlin, have been shut down. In addition, this hacker group has published 200 gigabytes of data from the Belarusian arms manufacturer Tetraedr and some databases of the Russian Ministry of Defense. In addition, some influential celebrities support Ukraine, such as Elon Musk, who wants to keep Ukraine on the Internet through his company Starlink, and Unbalancer, a DDoS stress testing company that collects donations to buy servers for a DDoS attack on Russia.
On the other hand, some notorious hacker groups, such as the Conti ransomware group, have announced that in the event of a cyber attack against Russia, they will retaliate for the attack. CoomingProject is also on the Russian side and has repeatedly published some stolen data sets of Western companies in 2021.
In between, the mentioned criminal phishing scammers are floating around, sending false calls for donations, because the Ukrainian government officially called for such in crypto currency and has already received 1.5 million US dollars (1.34 million euros).
Lotem Finkelsteen, Head of Threat Intelligence at Check Point Software Technologies
Lotem Finkelsteen, Head of Threat Intelligence at Check Point Software Technologies, reported: “It is important to understand that this war also has a cyber dimension, and people are also on the net on hitting a page , from the Dark Web to social media. Hacktivists (hacker activists), cyber criminals, white hat hackers and even technology companies choose a site and are encouraged to act on behalf of their choice. However, we strongly warn people who want to donate to Ukraine against fraudulent e-mails that want to make false capital out of their willingness to donate. Therefore, always check the e-mail address of the sender and pay attention to spelling errors in the texts. Also, check if the sender of the email is authentic. Meanwhile, we will continue to monitor all areas of cyber activities related to the ongoing war.“
Check Points experts give some tips on how people can protect themselves against phishing emails:
Detect fake domains
One of the most common techniques used in phishing emails are good fake mailbox addresses for the senders. Similar-looking URLs are designed to look like a legitimate or trustworthy domain at first glance. For example, a phishing email instead of the email address manager[at]company.com the address manager[at]cornpany.com or boss[at]company.com use it. Phishers can also use completely fake, but plausible-sounding domains in their attacks.
Beware of unusual attachments
A common goal of phishing emails is to trick the recipient into downloading the attached malware and running it on their computer. For this to work, the email must contain a file capable of executing code. Therefore, phishing emails may contain unusual or suspicious attachments. For example, a supposed invoice can be a ZIP archive file, or an attached Microsoft Office document can request the activation of macros to display the content. If this is the case, it is likely that the email and its attachments are contaminated.
Wrong grammar or wrong tone of voice
Phishing emails are often not written by people who are fluent in the respective language. This means that these emails may contain grammatical errors or sound incorrect in the choice of words. Real emails from a reputable company will probably have these errors less often or not, which is why this is a warning sign of a phishing attack. Phishing emails also often have the goal in their text to persuade the recipient to do something that is not in his interest, such as passing on confidential data or installing malware through supposedly real approaches. To achieve this, hackers often use psychological tricks in their campaigns, such as the following:
- The feeling of urgency: Phishing emails often suggest to recipients that something needs to be done immediately. That’s because someone in a hurry is less likely to think about whether the email looks suspicious or is legitimate.
- Use of authority: Business Email Compromise (BEC) scams and other spear phishing emails often pretend to be from the CEO, department head, CEO, or other high-level authorized person. These impostures take advantage of the fact that the recipient is inclined to follow orders from executives, whoever they may be.
Beware of suspicious requests:
Hackers always want to use phishing emails to steal money, login data or other sensitive information. If an e-mail makes a request or a claim that seems unusual or suspicious, then this could be an indication that it is a phishing attack.