Recently, I visited a security company. They presented their new impressive Security Operational Centers. The security analysts had a continuous update of the sanity of their networks, the most prominent threats and the a wealth of other useful security indicators on three huge displays. In the bottom right corner, info channels, as well as selected tweets were continuously updated. They explained that it was key to be aware of breaking news as they may impact the threat environment.
They are right. A good social engineer may use the current breaking news and the morbid curiosity of users. With the advent of social networks and its vector to disseminate latest news, news have been common tools of attacks. For a few years, every major catastrophe has seen mushrooming spams and fake sites pretending to collect charities for the victims of the catastrophe. In 2014, it even started to become a vector for Advanced Persistent Threat (APT).
On 2014 March 8, Malaysian authorities announced that they had no news of the flight MH370 to Beijing. It took several weeks before having confirmation that this flight crashed in the sea. Meanwhile, this topic was used for spying political instances. Two days later, members of a government of the Asian Pacific region received a spear phished mail with an attachment titled “Malaysian Airlines MH370.doc”. Of course, this document was empty but contained a Poison Ivy malware]. It was sent by “Admin@338″: a Chinese hacking group. The same attacking group sent on 2014 March 14, a different spear-phished email to a US think tank with an attachment titled “Malaysian Airlines MH370 5m Video.exe”. Once more, the attachment was a malware.
Many other malwares used the same catastrophe without being part of an APT, but rather generic random attacks. Some phishing sites, mimicking Facebook look, were used to collect data from spoiled users. The sites supposedly presented a video of the supposed discovery of the missed plan. Before viewing the video, the site proposed the users to share the video with their friends. After the site asked the users to answer some questions such as age. In other words, the phishing sites scammed the curious tricked users.
This trend exists since a few year and uses every widely covered catastrophe. Thus be aware, charity may be a threat vector.