Weekend blitz to target nations that have announced fiscal support schemes for citizen and business to tide over the COVID-19 pandemic.
CYFIRMA, a threat intelligence and cybersecurity platform company, has alerted CybersecAsia that hackers are planning a largescale phishing campaign targeted at more than 5 million individuals and businesses across six countries – Singapore, Japan, South Korea, India, USA and UK.
The common thread is that the governments of these countries have recently announced fiscal support packages to assist individuals and businesses in their effort to stabilize their pandemic-ravaged economies.
CYFIRMA researchers have been tracking the Lazarus Group, a known hacker group sponsored by North Korea. Recent investigations revealed detailed plans indicating the upcoming global phishing campaign.
Country Name | Campaign Launch Date | Target |
USA | 20 June 2020 | Individuals |
UK | 20 June 2020 | Businesses |
Japan | 20 June 2020 | Individuals |
India | 21 June 2020 | Individuals |
Singapore | 21 June 2020 | Businesses |
South Korea | 21 June 2020 | Individuals |
The researchers first picked up the lead on 1 June 2020, and have been analyzing the planned campaign, decoding the threats, and gathering evidence.
Further research has also uncovered seven different email templates impersonating government departments and business associations.
In Singapore, the expected campaign will be in the form of potential phishing attacks through fake MOM e-mails. Jeffrey Kok, Vice President, Solution Engineers for Asia Pacific and Japan at CyberArk, sees phishing as probably the malicious attacker’s number one way of potentially accessing confidential information. “For the individual, this can mean compromised personal details, which is damaging but usually limited in scale. However, for attacks that target businesses, the effects can be much more wide-ranging.”
He explains: “Once a foothold in a business is established through a successful phish, critical data and assets within the business are all at risk if the attack is not contained. This could include customer data files, financial information or even result in the IT infrastructure being taken down. To meet this challenge, businesses should consider adopting privileged access management to prevent the lateral spread of an attack. By proactively managing and rotating high-value ‘privileged’ credentials and limiting user access to only the information and tools needed to perform their immediate role, an attacker’s route to critical data and assets can be contained, reducing their ability to exfiltrate information or disrupt operations.”