Print Page   |   Contact Us   |   Sign In   |   Join Us
News & Press: Recent News

Cyber Threat Actors Expected to Leverage Hurricane Harvey

Thursday, August 31, 2017   (0 Comments)
Posted by: Thomas Scott
Share |

Cyber Threat Actors Expected to Leverage Hurricane Harvey

 

Cyber threat actors (CTA) leverage public interest during natural disasters and other high profile events in order to conduct financial fraud and disseminate malware. Most recently, Hurricane Harvey is propelling the emergence of new and recycled scams involving financial fraud and malware. This Intel Advisory provides recommendations for users and technical administrators when reacting to high profile events, including news associated with Hurricane Harvey, and solicitations for donations.

 

24x7 Security Operations Center

Multi-State Information Sharing and Analysis Center (MS-ISAC)                   

31 Tech Valley Drive

East Greenbush, NY 12061

SOC@cisecurity.org - 1-866-787-4722

 

 



Cyber Intel Advisory

August 29, 2017 – IA2017-0440

Cyber Threat Actors Expected to
Leverage Hurricane Harvey

 

 

 

 

TLP: WHITE Cyber threat actors (CTA) leverage public interest during natural disasters and other high profile events in order to conduct financial fraud and disseminate malware. Most recently, Hurricane Harvey is propelling the emergence of new and recycled scams involving financial fraud and malware.

 

 

 TLP: WHITE Malicious actors are active in posting links to fake charities and fraudulent websites that solicit donations for victims of the hurricane or deliver malware. The MS-ISAC observed similar scams and malware dissemination campaigns in response to previous high profile events including the Boston Marathon bombing, Hurricane Sandy, and the Tennessee wildfires. It is highly likely that more scams and malware will follow over the course of the recovery period, so Internet users need to exercise caution before opening related emails, clicking links, visiting websites, or making donations to Hurricane Harvey relief efforts.

·      

 

 

The MS-ISAC observed the registration of more than 500 domain names associated with Hurricane Harvey during the past week. The majority of these new domains include a combination of the words “help,” “relief,” “victims,” “recover,” “claims”, “donate,” or “lawsuits.” Most of the domains were registered in the days following Harvey’s landfall and appear to be currently under development. However, as a few appear malicious and the domains themselves appear suspect, these domains should be viewed with caution. More domain registrations related to Hurricane Harvey are likely to follow.

It is likely that CTAs will also capitalize on this disaster to send phishing emails with links to malicious websites advertising relevant information, pictures, and videos, but containing phishing webpages or malware. Other phishing emails will likely contain links to, or attachments with, embedded malware. Victims who click on links or open malicious attachments risk compromising their computer to malicious actors.

 

USER RECOMMENDATIONS:

TLP: WHITE The MS-ISAC recommends that users adhere to the following guidelines when reacting to high profile events, including news associated with Hurricane Harvey, and solicitations for donations:

·

Users should exercise extreme caution when responding to individual pleas for financial assistance such as those posted on social media, crowd funding websites, or in an email, even if it appears to originate from a trusted source. When making donations, users should consult the Texas Voluntary Organizations Active in Disaster website for a list of vetted disaster relief organizations at https://txvoad.communityos.org/cms/node/104 or the National Voluntary Organizations Active in Disaster website at https://www.nvoad.org

 

  • Be cautious of emails or websites that claim to provide information, pictures, and videos.
  • Do not open unsolicited (spam) emails or click on the links or attachments in those emails.
  • Never reveal personal or financial information in an email or to an untrusted website.
  • Do not go to an untrusted or unfamiliar website to view the event or information regarding it.
  • Malicious websites often imitate a legitimate site, but the URL may use a variation in spelling or a different domain (e.g., .com vs .org)

 

 

 TECHNICAL RECOMMENDATIONS:

TLP: WHITE The MS-ISAC recommends that technical administrators adhere to the following guidelines when reacting to high profile events, including news associated with Hurricane Harvey, and solicitations for donations:

  • Warn users of the threats associated with scams, phishing, and malware associated with high profile events.
  •  Implement filters at your email gateway to filter out emails with known phishing attempt indicators and block suspicious IPs at your firewall.
  • Flag emails from external sources with a warning banner.

 

The information provided above is intended to increase the security awareness of an organization’s end users and to help them behave in a more secure manner within their work environment. Organizations have permission and are encouraged to brand and redistribute this advisory in whole for educational, non-commercial purposes. For more information regarding potential cyber threats please visit the Center for Internet Security website at CISecurity.org.

SC Cyber

(803-777-6951) · info@sccyber.org

www.sccyber.org

MS-ISAC
866-787-4722 · SOC@cisecurity.org

www.cisecurity.org

 

 

 

Disclosure is not limited. Subject to standard copyright rules,

TLP: WHITE information may be distributed without restriction.

http://www.us-cert.gov/tlp/

 

 


Contact Us

1225 Laurel Street
Suite 317
Columbia, SC 29201

Stay Connected

 


Association Management Software Powered by YourMembership  ::  Legal