CS Mar-Apr 2020
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Coronavirus scam<br />
interfere with the functioning of a<br />
computer. There are also laws against fraud<br />
and the GDPR, which protects data, and this<br />
would come into play because of the data<br />
the hackers obtained illegally. The problem<br />
is that these hackers are difficult to locate,<br />
as they often use technological measures<br />
to ensure that they are not traceable.<br />
WHAT ELSE CAN WE DO ABOUT IT?<br />
This example was located and prevented<br />
through Libraesva's email security software<br />
and management. It was observed that<br />
the spoofed sender of the email was on<br />
a compromise protection list, known<br />
in the industry as 'BEC - Business Email<br />
Compromise', so additional checks were<br />
undertaken.<br />
The email was sent using an email address<br />
of another university, after that person<br />
was successfully hacked. Using Libraesva's<br />
Adaptive Trust Engine's relationship<br />
monitoring, we saw that the trust between<br />
these two universities was quite high. But<br />
the trust between the two individual users<br />
was low; we didn't let the organisational<br />
trust get in the way of understanding the<br />
true nature of the email.<br />
The third indicator was that the email<br />
came externally to the Milan University<br />
users, which doesn't make any sense, as all<br />
emails from the director will 99% of the<br />
time come via the internal route, meaning<br />
this is obviously fake.<br />
The coronavirus is an opportunity for<br />
hackers to take advantage of the fear to<br />
scam people, business and universities. It is<br />
important to be aware of these risks and<br />
take the necessary precautionary action.<br />
Using the above indicators, Libraesva has<br />
built a dedicated technology to halt these<br />
kinds of attacks and make sure your IT team<br />
employ some Email Security, as this is the<br />
main way that threats and malicious activity<br />
can get into your organisation.<br />
Growth of the virus in China and<br />
other countries (graph courtesy of<br />
the World Health Organisation)<br />
EMAIL LANDSCAPE AND THE CORONA VIRUS<br />
Since 17 February, Libraesva have been carefully monitoring the situation with the<br />
Coronavirus and the effect it is having on email, looking into the change of the<br />
email content, the behaviour of users and even the changing threat landscape.<br />
In the top graph, right, supplied by the World Health Organisation, can be seen<br />
the growth of the virus in China and other countries. By paying close attention to<br />
the ‘Other Countries’ graph, it is possible to compare the infection rate to the<br />
second graph, showing the amount of legitimate communication around the virus<br />
in a similar timeframe. When comparing the two data sets, it can be seen that the<br />
curve is almost identical, with the more legitimate communication growing at the<br />
same rate as the infections are. This clearly indicates that the concern and<br />
communication between organisations is effectively rising at the same rate as the<br />
infections are growing.<br />
After looking at the clean email, in comparison to the infections, it's possible to<br />
see how the malicious email and threat attempts are changing, too. The graphic,<br />
bottom right, demonstrates how the malicious attempts on Libraesva users have<br />
increased at the same rate, meaning not only are the threat actors using the<br />
virus to their advantage, but also that end users are discussing the issue more.<br />
One of the key aspects of a successful attack is the degree to which such incidents<br />
are talked about and the anxiety they generate amongst other users - and this is<br />
the perfect example of that happening.<br />
Shown here is the growing communication<br />
taking place, by email, about the Coronavirus.<br />
Rising number of malicious attempts on<br />
Libraesva users, as threat actors seek to<br />
use the virus to their advantage.<br />
www.computingsecurity.co.uk @<strong>CS</strong>MagAndAwards <strong>Mar</strong>/<strong>Apr</strong> <strong>2020</strong> computing security<br />
25