Trustwave and Cybereason Merge to Form Global MDR Powerhouse for Unparalleled Cybersecurity Value. Learn More

Trustwave and Cybereason Merge to Form Global MDR Powerhouse for Unparalleled Cybersecurity Value. Learn More

Services
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

Database Security

Prevent unauthorized access and exceed compliance requirements.

Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Microsoft Security
Unlock the full power of Microsoft Security
Offensive Security
Solutions to maximize your security ROI
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

How Cybercriminals Use Breaking News for Phishing Attacks

Trustwave SpiderLabs issued a warning that threat actors may attempt to take advantage of CrowdStrike’s software update that caused widespread outages by using the news as the center of a social engineering scheme to convince people to open malicious phishing emails or fall for other types of attacks.

Using this news cycle is nothing new. Cybercriminals often attempt to exploit hot topics dominating the news cycles where they use the news to tempt targets into clicking on a malicious link or offering up vital information.

Chad Sweet, Co-Founder and CEO of The Chertoff Group, whose affiliate The MC² Security Fund acquired Trustwave earlier this year, said on MSNBC, “Unfortunately, we're already seeing reports that bad actors are exploiting this moment, taking advantage of CrowdStrike customers.”

Additionally, Trustwave CISO Kory Daniels shared, “The recent CrowdStrike outage underscores a growing concern: the potential for widespread disasters, either natural or digital, to serve as catalysts for criminal activity. When systems fail and chaos ensues, it creates ideal conditions for criminals to prey on the unique opportunity. History has shown us that these moments of disruption are often accompanied by a surge in criminal behavior. It's essential to recognize that the digital landscape, like the physical world, is susceptible to unforeseen events, and we must be prepared to defend against criminal acts that may follow.”

This has happened with the Ukraine-Russia conflict, tax preparation periods, and even the Olympics as attackers exploit headlines to their advantage. This is done by crafting sophisticated social engineering attacks that pique a person’s interest through general curiosity, need, or fear.

 

How such an Attack is Planned

Cybercriminals are masters of manipulation. They understand that news events evoke strong emotions such as fear, curiosity, anger, or even excitement. These emotions can cloud our judgment and make us more susceptible to falling for their tricks.

When looking at the current CrowdStrike situation, threat actors have several options, but all depend upon their targets, not only knowing what is going on but most likely being directly involved on some level.

Here’s how they build their social engineering scheme:

  • Creating a Sense of Urgency: News often involves time-sensitive events. Cybercriminals capitalize on this by creating a false sense of urgency in their attacks.
  • Leveraging Trust and Authority: Major news stories often involve reputable organizations or government agencies. Cybercriminals impersonate these entities to gain trust. They might send emails or create fake websites mimicking the official sources, asking for personal information or login credentials.
  • Exploiting Curiosity: People are naturally curious about breaking news. Cybercriminals create enticing headlines or subject lines to pique interest, leading victims to click on malicious links or attachments.
  • Capitalizing on Fear and Anxiety: During times of crisis, fear and anxiety can run high. Cybercriminals exploit these emotions by spreading misinformation or offering fake solutions. For instance, after a data breach, they might send emails claiming to offer protection services while actually installing malware.

The actual attack will likely focus on phishing attacks: Phishing remains the most common method attackers use to gain access. As we all know, they send emails or text messages that appear to be from legitimate sources related to the news story. These messages often contain malicious links or attachments designed to steal personal information. In this case, likely centered on the CrowdStrike problem.

These emails can be used to gather data, such as credentials or malware, that could give the threat group access to the target’s system.

Another method cybercriminals use is to create fake websites mimicking news outlets or organizations involved in the story. These sites often ask for personal information or try to install malware.

Discover Trustwave Email Security

Learn More

Trustwave MailMarshal Protects Against Phishing

The most effective measure against phishing attacks is to stop them before they hit an employee’s inbox. Trustwave MailMarshal has decades of development, is easily deployed, and has an incredibly high success rate.

MailMarshal:

  • Protects against ransomware attacks, Business Email Compromise (BEC), phishing scams, malware, and Zero-Days
  • Zero clients reported ransomware infection in 20+ years
  • 99.99% malware and exploit capture rate
  • < 0.001% spam false positives
  • Layered threat intelligence, powered by telemetry from 5,000+ global MSS/ MDR clients and ML-powered algorithms
  • Granular control of internal SMTP traffic
  • Decades of leadership in email security supported by Trustwave SpiderLabs elite threat detection security team
  • Deploy on-prem or hybrid cloud
  • Complements Microsoft 365 and other cloud email.

 

Top Email Security Best Practices

To safeguard against cybercriminals, organizations must prioritize email security and establish a comprehensive defense strategy to protect this vulnerable attack vector. Here are some essential measures to implement:

  • Deploy a robust email security solution: It is crucial for organizations to have a powerful email security solution in place. This solution should offer advanced protection mechanisms to detect and mitigate various email-based threats.
  • Enable Multi-Factor Authentication (MFA)/Two-Factor Authentication (2FA): Organizations should enforce MFA/2FA on all accounts wherever possible. This additional layer of security helps invalidate credential-based attacks.
  • Conduct regular security training: Providing annual security training refreshers for all employees is essential. This training should cover topics such as phishing awareness and overall security practices. By educating employees about the types of attacks they may encounter, organizations empower them with the knowledge to recognize and respond to threats. Security teams should remind staff members to request a second form of verification and validation before making any changes to bank details or initiating payments over email.
  • Implement a Secure Email Gateway (SEG): Organizations should adopt a Secure Email Gateway tailored to their specific needs. This gateway should be optimized to detect and block email threats effectively. Additionally, organizations must establish clear policies on how different file types sent via email will be handled to mitigate risks associated with malicious attachments.

By incorporating these measures into their email security strategy, organizations can significantly enhance their defenses and reduce the risk of falling victim to email-based attacks.

ABOUT TRUSTWAVE

Trustwave is a globally recognized cybersecurity leader that reduces cyber risk and fortifies organizations against disruptive and damaging cyber threats. Our comprehensive offensive and defensive cybersecurity portfolio detects what others cannot, responds with greater speed and effectiveness, optimizes client investment, and improves security resilience. Learn more about us.

Latest Intelligence

Discover how our specialists can tailor a security program to fit the needs of
your organization.

Request a Demo