Exploiting the Ukraine Crisis – Donation Scams and Malspam

By Alvin Rodrigues, Field CSO, Asia Pacific, Infoblox

Cybercriminals have been taking advantage of our anxiety and insecurities to deceive, defraud, and dupe from the early days of the pandemic to the ongoing Russia-Ukraine conflict. In Singapore for instance, we saw scammers building false narratives around vaccinations amidst the vaccine rollout last year to trick consumers to click on dubious links and visit fake pages that harvest personal data.

Humans are the weakest link inside organizations. Social engineering attacks have been part of the cybercrime playbook for a long time. Cybercrime accounts for almost half of all crime in Singapore today, and online scams have also grown exponentially. Recent incidents such as the SMS phishing scams targeting bank customers in Singapore only prove that fraudsters will exploit any situation to deceive and steal. 

The following are some of the ways we’ve observed cybercriminals take advantage of compassionate people to harvest money and credentials.

No trap for these RATs

Malspam campaigns were one of the first campaigns to emerge that leveraged the crisis as clickbait. Disguised behind urgent emails on supply chain issues, the campaigns lured targets into downloading the malware-as-a-service remote access trojan (RAT) Agent Tesla.

RATs are insidious as they are capable of more than stealing and altering data. Agent Tesla can even hijack a device’s core functions once it has been compromised. Most importantly, since victims are unaware of its presence, locating and removing it can be difficult – even with antivirus software. Agent Tesla in particular is known to mutate, making it even more of a danger to organizations both large and small. 

While these campaigns exploit our human weaknesses, other social engineering attacks potentially leverage fear or curiosity. Whether on work or personal devices, individuals should be wary of opening unfamiliar or unsolicited emails, and inspect unusual attachments before downloading and opening them. At the corporate level, because over 90% of malware must touch DNS to enter or leave a network, using DNS security can help security pros accelerate threat hunting. 

Cryptic Ukrainian support 

When the crisis erupted in late February, a wave of positive public sentiment turned towards Ukraine. As such, a flurry of sites emerged offering donations to Ukraine, and even the Ukrainian government requested for donations in cryptocurrency on Twitter.

Seeing this wave of support and concern, cybercriminals immediately pivoted to create fraudulent support campaigns. These social engineering campaigns exploit the ongoing crisis and concern for personal gain, siphoning well-meaning donations into their own pockets. 

Further complicating things are the emergence of Decentralized Anonymous Organizations (DAOs), which leverage a blockchain for transparency and record-keeping. Many such DAOs are legitimate, like UkraineDAO (LOVE) which raised over USD$8m in a month for Ukraine. However, ongoing domain analysis by Infoblox has uncovered fake DAOs that look remarkably like valid relief campaign organizations. These DAOs lack credible ties and are scams to pilfer cryptocurrency, benefiting from the anonymous and decentralized nature of cryptocurrency donations. 

These campaigns highlight how difficult it can be for the average consumer to distinguish between legitimate and malicious activity. Cybercriminals not only abscond with the donations, but can also steal personal information, credit card details, or even deliver malware. 

Prevention is better than cure 

Cybercriminals will always adapt and adjust their tactics to be a step ahead of precautions. Therefore, a healthy suspicion is always necessary when receiving unexpected mail, text messages, or when surfing the net. Organizations should also step-up awareness training for employees to keep their networks, browsers, and devices malware-free.

When it comes to donating, individuals should think twice before sharing sensitive payment information. Be on guard for potentially fraud payment services and redirects to unknown third-party websites. 

The volatility of today’s geopolitics and the long-drawn pandemic have exposed vulnerabilities that cybercriminals are eager to exploit. Practicing good cyber hygiene will be key to mitigating the losses in this modern cat-and-mouse game.

Previous articleExpo 2020 Dubai A Platform To Raise Awareness For Malaysian Agri-Commodities :Sec General Of MPIC
Next articleUOB Malaysia Records 12.2% Increase In Net Profit To RM1.14 billion For 2021


Please enter your comment!
Please enter your name here