Egress Mid-Year Threat Report Details Scams Affecting Cryptocurrency-based Ukraine Donations, Job Seekers, Electronic Voters, and More

LONDON, UK – 18th May 2022 – Egress, the leading provider of intelligent email security, today issued its mid-year 2022 threat report offering details of emerging vulnerabilities along with insights, from the Egress threat intelligence team, about protecting employees, customers, and businesses from these specific cyberattacks.

The full report, available here: http://www.egress.com/resources/cybersecurity-information/threat-report-launch, provides comprehensive details about threats associated with scam cryptocurrency donations to war-torn Ukraine, email phishing attacks using LinkedIn to target jobseekers, a rise in sextortion phishing emails and zero-day exploits circulating on the dark web, targeting electronic voters as well as Facebook and Gmail users.

Scams Exploit Cryptocurrency-Based Ukraine Donations

Egress analysts have observed a surge in phishing attacks exploiting the war in Ukraine. Targeting individuals and organisations across the U.S. and the U.K., the emails impersonate display names and email addresses of well-known Ukrainian bodies. Examples include emails impersonating the Ukrainian Government asking for cryptocurrency donations to assist their war effort. Egress has located other emails impersonating the Ukrainian Ministry of Defence, the Aid for Ukraine charity, The United Nations, and Ukrainian President Volodymyr Zelenskyy.

“To succeed, these attacks must bypass email defences and get a person to act, which relies on engendering emotional reactions to the needs of refugees and children,” explained Jack Chapman, Vice President of Threat Intelligence at Egress. “If you choose to donate cryptocurrency to a cause, use a reputable source to verify its authenticity and only use publicly available cryptocurrency addresses.”

LinkedIn Impersonation Targets Jobseekers

This email attack targets individuals and organisations in the U.S. and the U.K. using spoofed LinkedIn branding. It encourages targets to click on phishing links and enter credentials onto fraudulent websites, which are scraped when the victim believes they are logging in. Once the scam is completed, the victim is redirected to the real LinkedIn site, so they have no idea their credentials have been stolen and do not take remedial action such as changing their password.

“Current employment trends such as The Great Resignation help to make this attack more convincing by flattering jobseekers into believing their profile is being viewed and expertise is needed,” said Chapman. “We advise organisations to examine their current anti-phishing security stack to ensure they have intelligent controls that engage and warn the user of the threat. Meanwhile, individuals should take extreme caution when reading notification emails that request them to click on a hyperlink, particularly on mobile devices.”

Sextortion Phishing on the Rise

Egress researchers observed a 334% increase in sextortion attacks since March 2022. In these cases, sextortion-oriented phishing emails are targeting individuals and organisations across the U.S. and the U.K. through a variety of subject lines coercing victims to panic and click through for more information. Emails use emotive, threatening language to socially engineer their victim to extort payment. For example, one email states “I don’t think this kind of content would be very good for your reputation”. The attacks follow a similar format by stating the problem, threat, ‘solution’, the deadline to comply, and futility of reporting the incident.

“Phishing attacks like these try to use our own psychology – especially shame, panic, and fear – against us,” explained Chapman. “By providing a specific deadline, cybercriminals apply pressure on victims to comply quickly. Related to these scams our advice is simple – don’t pay the ransom.”

New Threats Target Electronic Voters, Facebook, and Gmail Users

This threat is targeting electronic voters as well as Facebook and Gmail users through zero-day exploits posted to Empire Market, a DarkWeb marketplace where exploits, phishing tools, and templates are available to purchase. Egress analysts found an electronic voting exploit for sale, which allows malicious software to be loaded onto voting machines. Another offers a way to take over a Facebook account through a password reset vulnerability to harvest victim information and make further phishing attacks more believable. A third exploit targets Gmail accounts remotely via a code injection allowing attackers to access accounts, regardless of two-factor authentication.

“New zero-day exploits are being discovered all the time,” added Chapman. “Social media accounts contain a host of information about people, such as date of birth, geographic locations, mother’s surname, and more. Our advice is to stay on top of the latest threats by keeping up with advice from your threat intelligence network.”