Cybercriminals are using the war in Ukraine to enrich themselves by defrauding people trying to help the embattled country.
Their techniques include malware, phishing attacks and straight-up scams. Emails that purport to come from Ukrainian government agencies deliver malware designed to let an attacker control the recipient’s computer. When Ukraine started soliciting donations in cryptocurrency, criminals created and marketed fake coins. And some are attempting to trick inexperienced volunteers for Ukraine’s “IT Army” into downloading malware disguised as distributed denial of service (DDoS) software to fight Russian interests online.
The fact that regular people far from Ukraine are getting involved in DDoS attacks and donating cryptocurrencies is a sign that the “baseline technological knowledge for the majority of people is much higher than it ever has been,” said threat researcher Nick Biasini, head of outreach at security firm Cisco Talos. But a little knowledge can be a dangerous thing: It’s also given cybercriminals a way to capitalize on their efforts and prey on the public’s best intentions, especially those of the well-meaning amateur hackers joining in Ukraine’s cyber defense.
“Broadly speaking, cybercriminals take advantage of whatever situation is out there and whatever situation is in the news,” said Allan Liska, an intelligence analyst at the security firm Recorded Future, which tracks ransomware attacks.
The current situation echoes the early 2000s, when “hacktivism” was popular. Hackers would release legitimate tools that people could use to launch a DDoS attack against targets like banks, and cybercriminals would follow by putting out similar-sounding tools that were actually malware.
“History doesn’t repeat itself, but it often rhymes,” Liska said, invoking a Mark Twain-attributed quote. “We have seen similar kinds of activity in the past even as it relates to activism, but not in a war setting.”
Scams surge as global concern rises
Since Feb. 1, network intelligence and cybersecurity provider Cujo AI has identified about 1,500 unique internet domains that are related to helping Ukraine. About 5 percent of them are scam sites, said…