Cyber Crooks Use Terror Attack Fear to Go Spear Phishing

Researchers are warning of a new spear phishing campaign in which users are being targeted by emails crafted to look like terror alerts from law enforcement agencies.

Symantec threat intelligence officer, Lionel Payet, wrote in a blog post that the emails were first spotted spoofing the Dubai Police Force with attachments disguised as valuable tips on how recipients could protect themselves, their companies and families from a nearby terror attack.

It continued:

“The emails come with two attachments, one of which is a PDF file that is not actually malicious but acts as a decoy file. The malware resides in the other attachment, an archive, as a .jar file. Further analysis of the malware confirms that the cyber-criminals behind this campaign are using a multiplatform remote access Trojan (RAT) called Jsocket (detected as Backdoor.Sockrat). This RAT is a new product from the creators of the AlienSpy RAT, which has been discontinued earlier this year.”

To make the email look more convincing it is ‘signed’ with the name of the lieutenant general of the Dubai police, who is also responsible for security in the emirate.

It’s not just internet users in the UAE that have been targeted. Symantec also observed similar spear phishing emails sent to users in Bahrain, Turkey and Canada, and more countries may soon be added to that list.

“Like in the Dubai campaign, the cyber-criminals are also using incumbent law enforcement officials’ names in these countries to lend credibility to their fake terror alerts, which also purport to provide protective measures supposedly outlined in attached files,” Payet claimed.

Although the emails aren’t necessarily written in the language of the recipient’s country they do feature the name of an employee who works in the victim’s company in the subject line—showing that the cyber crooks have done a fair amount of prior research.

A range of industries are being targeted, including energy, defense, finance, government, marketing, and IT.

Payet advised users never to open attachments or click on links in suspicious looking emails, avoid divulging personal info in an email or pop-up screen and keep security software up to date.

Photo © Anna Omelchenko

What’s Hot on Infosecurity Magazine?