This Christmas, like the past two, we will see a triple threat kidnapping user files and holding them hostage and demanding a ransom to restore them. Here’s how it works:
It begins in November and continues through the new year. Emails appearing to be from Amazon, Fedex, UPS appear in your inbox with a simple social engineered subject line:
Subject: Tracking Information
and in the body:
Your package has shipped, click here to track it
You click on that link and you just welcomed a Zero-day exploit kit that will install Ransomware, encrypting all your pictures, documents, music and desktop files. Next a popup banner that warns you that you have 48 hours to pay the ransom via Bitcoin or your files will be lost forever. I call this a triple threat because is uses Social engineering, email Spoofing, and Zero-day exploit kits.
Let’s face it, through the Christmas season, we are all waiting on tracking information for the packages we order online. This social engineering works because just about all of us are expecting tracking information.
Since there are little to no checks to verify a sender of an email, anyone can pretend to be Amazon, Fedex, or UPS. This technique is call spoofing and I predict there will be a lot of spoofing this Holiday season.
Last, Zero-days which are twofold, you can have zero-day vulnerabilities and zero-day viruses.
A zero-day vulnerability is a flaw in software such as Adobe flash, Adobe Reader (PDF), or any other plugin that listens to every website you visit. The flaw can lead to total compromise of a computer when exploited. The zero-day aspect mean the software provider doesn’t know that the flaw exist, until its being exploited on the Internet. At which time they will provide a patch to repair the flaw, just a little too late.
A zero-day virus is a virus (or worm) that is found in the wild (meaning:on the Internet) that no one can detect because it’s too new. It takes someone to identify a zero-day virus, capture it, and send it to a antivirus company, Then they will analyze it, reverse engineer it, then classify it, and write the signature to detect and protect from it. Then your antivirus software has to download the new signature. That process can take up to 30 days. All new viruses start as zero-days, meaning your current antivirus software won’t protect you from it until days, weeks or up to 30 days.
In conclusion we will certainly see plenty of social engineering, spoofing of emails, and zero-days this holiday season, remember “think before you click”.
Happy Holidays!