Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

02:00 PM
Len Shneyder
Len Shneyder
Connect Directly
E-Mail vvv

The Bigger the News, the Bigger the Cyber Threats

Criminals use disasters, wars, and now pandemics as air cover to focus collective anxiety and fear into highly targeted, malicious messaging.

Cybercriminals are the world's greatest opportunists. It's not unusual to see retailers react and respond to things in the news — holidays alone are evidence of this. However, nothing sells like an emergency, and this is even more true for criminals who use disasters, wars, and now pandemics as air cover to focus collective anxiety and fear into highly targeted, malicious messaging. 

Cybersecurity professionals have a saying: "It's easier to hack people than systems." I think it's appropriate to add that people desperate for answers, solutions, cures, and vaccines are even easier to hack than those who have the space and time to consider the consequences of clicking a link, making a purchase, or logging in to a site they're not sure is real. 

COVID-19 has created a massive opportunity for the criminal underground — COVID-related abuse skyrocketed by as much as 14,000% in a matter of weeks. Trusted sources of information like the World Health Organization, Centers for Disease Control, and others are being targeted by criminals using their names and brands to hide beneath. 

This identity and trust problem isn't new. COVID didn't create the Internet's digital messaging woes — though it exacerbated the problem. Because we are glued to our phones, laptops, and televisions, desperate for any inkling that something will change for the better in the days and weeks to come, the opportunity is rife for abuse. 

So, what can we do about this?

First, Let's Define the Problem
Phishing is a social engineering attack that is most often, but not always, conducted through email. The thrust of phishing messages can be anything from asking recipients to reconfirm their password (creating fear that their account has been limited or suspended) or any number of lures that compel us to log in to a fake site or send personally identifiable information to some netherworld where we're fleeced for as much as fraudsters can grab. 

The rise of phishing tracks with the growth of the Internet and the growth of the Internet's first and most widely used communication mechanism: email. Email, as an open framework for people to share ideas and information (and yes, cat videos and memes) was designed more than 40 years ago when today's use cases weren't yet fathomable. It went largely unsecured over the years. However, as more people and businesses began to rely on the medium, the criminal world took notice. In the early 2000s, the problem had come to a head. As more people signed up, more abuse began to happen. 

The Solutions Have Been Around
Organizations like the Messaging Malware Mobile Anti-Abuse Working (M3AAWG) Group were created to deal with problems of massive scale. Email was the first problem the organization and its members began to tackle and continue to work on today as the threat landscape and countermeasures have evolved.

Over the last 15 years, the Internet Engineering Task Force (IETF) has standardized new technologies to make it harder for cybercriminals to abuse the domains that send legitimate email. Three of these technologies — each a different component of email authentication — are essential to preventing a significant amount of the fraud we see today. 

M3AAWG and its member organizations have endorsed the widespread adoption, use, and implementation of these technologies to protect wanted and crucial communications.

At its core, phishing is a social engineering attack that hijacks the trustworthiness of email. Recipients trust the from domain they see when a message arrives. Until email authentication was developed, anyone could send a message that appeared to come from any domain. With the following authentication standards in place, organizations and individuals can trust that the COVID-19 information they're sending or receiving is safe, accurate, and, in some cases, actionable. Our health and well-being should be the top priority right now, not being one click away from a digital catastrophe. 

Sender Policy Framework (SPF)
At its core, SPF is a simple list that a domain owner publishes, telling the world which services are allowed to send mail for the domain. When an email is received, a simple check can validate if it has been approved. On its own, this does not stop abuse, but it is part of a layered system of checks and balances that help mailbox providers, such as M365, Gmail, and Yahoo Mail, discern the good from the bad.

While it's conceptually simple, there's a lot of technical nuance in maintaining a proper SPF record. Here's a detailed rundown of how to manage yours.

Domain Keys Identified Mail (DKIM)
DKIM is a cryptographic method of signing email that attaches a unique identifier to messages using public key cryptography, which has the added benefit of being able to tell if a message has been modified after it was sent, perfect for stopping malicious parties.

It's important that all parties not only sign all outgoing mail with DKIM but also ensure the DKIM signatures are aligned with the sending domain in the from header field.

Domain-based Message Authentication, Reporting and Conformance (DMARC)
The final piece of this puzzle is DMARC. With SPF and DKIM, there's nothing that tells a receiving mail system what to do if a message fails to authenticate. DMARC lets this policy be explicitly published, telling a receiving mailbox provider what to do with messages should they fail a check of both SPF and DKIM.

As with all things, the devil is in the details and the experts strongly advise domain owners to publish this record with a reject policy, ensuring that messages that do not pass aligned SPF or DKIM will not be delivered, shutting out bad guys from the inbox. 

There are innumerable problems in the world now, and layering on a technical challenge, in addition to the obstacles we're all facing during this crisis, can be monumental. 

If your communications are integral to helping inform and coordinate COVID response, then you need to take the necessary steps to secure your messaging infrastructure. Not only are we relying on scientists to keep us safe, but we have to rely on our tech experts at organizations such as M3AAWG, DMARC.org, APWG, and other tech and policy organizations to keep the systems we treasure free of abuse so that we can all be part of each other's socially distant circles and provide what comfort and care we can during this crisis.

Related Content:

Learn from industry experts in a setting that is conducive to interaction and conversation about how to prepare for that "really bad day" in cybersecurity. Click for more information and to register

Len Shneyder is Co-Chair of the Election Special Interest Group at the Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG), where industry comes together to work against botnets, malware, spam, viruses, DoS attacks, and other online exploitation to fight ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 10/23/2020
7 Tips for Choosing Security Metrics That Matter
Ericka Chickowski, Contributing Writer,  10/19/2020
Russian Military Officers Unmasked, Indicted for High-Profile Cyberattack Campaigns
Kelly Jackson Higgins, Executive Editor at Dark Reading,  10/19/2020
Register for Dark Reading Newsletters
White Papers
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-10-23
A Cross-Site Request Forgery (CSRF) vulnerability is identified in FruityWifi through 2.4. Due to a lack of CSRF protection in page_config_adv.php, an unauthenticated attacker can lure the victim to visit his website by social engineering or another attack vector. Due to this issue, an unauthenticat...
PUBLISHED: 2020-10-23
FruityWifi through 2.4 has an unsafe Sudo configuration [(ALL : ALL) NOPASSWD: ALL]. This allows an attacker to perform a system-level (root) local privilege escalation, allowing an attacker to gain complete persistent access to the local system.
PUBLISHED: 2020-10-23
NVIDIA GeForce Experience, all versions prior to, contains a vulnerability in the ShadowPlay component which may lead to local privilege escalation, code execution, denial of service or information disclosure.
PUBLISHED: 2020-10-23
An arbitrary command execution vulnerability exists in the fopen() function of file writes of UCMS v1.4.8, where an attacker can gain access to the server.
PUBLISHED: 2020-10-23
NVIDIA GeForce Experience, all versions prior to, contains a vulnerability in NVIDIA Web Helper NodeJS Web Server in which an uncontrolled search path is used to load a node module, which may lead to code execution, denial of service, escalation of privileges, and information disclosure.