Industry Trends

Why Threat Actors Continue to Rely on Cyber Fraud

By Aamir Lakhani | February 15, 2021

FortiGuard Labs Perspectives

While 2020 has come and gone, many of last year’s cyber fraud problems will continue into at least mid-2021. Cybercriminals will focus on maximizing their profits, using a traditional cost-benefit analysis to decide on the best attack vector. Pandemic-related emotions will run high, and remote workforces will continue as companies embrace the “new normal.” From the cybercriminal perspective, these prevailing trends only increase the return on investment for scams and fraud. With this in mind, organizations must remain vigilant to protect themselves and their sensitive data from these attack methodologies. 

Social Engineering Attacks Continue

Social engineering attacks offer a high-impact, low-cost methodology for cybercriminals. In their own way, cybercriminals have similar goals to legal businesses – they want to maximize profit while reducing operational costs. And thanks to a plethora of “as-a-Service” criminal software available on the Dark Web, social engineering attacks are perfectly positioned to meet these goals. 

Successful social engineering attacks prey on people’s emotions, leveraging the fight or flight response. When overwhelmed by feelings like fear or empathy, people often make rash decisions. At the start of the pandemic, cybercriminals used these emotions to launch successful phishing attacks. Typical themes included:

  • Layoffs
  • Health authority impersonation
  • Opening phases 

People desperately wanted information, leading to increased profitability as they let down their digital guards. As countries start to offer more vaccination opportunities, the same emotions will make social engineering scams profitable. With such a desire to return to a “normal” life, people want to believe that information is real. This desire makes social engineering attacks around vaccines more profitable. Only once this information becomes more concrete and available will threat actors see the viability of these scams reduce in terms of a cost-benefit perspective. 

From the enterprise IT security perspective, early 2021 so far has a good chance of mimicking early 2020. For example, a previous FortiGuard Labs Global Threat Landscape Report, found that variants of web-based phishing lures and scams sat firmly atop the list of methodologies, only dropping out of the Top Five in June. In short, during the pandemic’s early months, cybercriminals focused heavily on social engineering attacks.

Cybercriminals Continue to Rely on Phishing

Remote and hybrid workforces make spear phishing and whale phishing, among other tactics, particularly attractive to cybercriminals. While business email compromise is a standard attack vector, the distributed workforce model increases the effectiveness of these types of attacks.

Typically, these attack methodologies offer cyber criminals a high reward model. By hitting higher-profile targets within the organization, they can engage in multiple types of attacks. In other words, rather than hitting 1,000 victims with lower reward, cybercriminals would prefer to target high-priority individuals with blackmail and extortion with the knowledge they can walk away more profitable. 

A successful whale phishing or spear phishing attack also gives cybercriminals a way to monitor important transactions passively. Taking a top-down approach allows malicious actors to divert funds or payments which, from a cost model perspective, is a low-cost, high-reward attack vector. So long as people work remotely, business email compromise will continue to offer cybercriminals value. This is due to the fact that physical disconnection, by nature, increases the likelihood that digital fraud will be successful.

Cybercriminals and Timely Dates

Year after year, cybercriminals ponder over ways to take advantage of the holidays. Again, looking at this from a profitability perspective, it makes sense. People love holidays and expect emails offering discounts or specials. These attack methodologies will likely continue as they always have. However, organizations and individuals must keep in mind that malicious actors often take a multi-faceted approach to attacks, rarely using a single vector as covering more digital “surface” increases profitability. 

With people isolating due to continued social distancing requirements, malicious actors are getting more personal. In conjunction with the typical email social engineering scams, many cyber criminals are now targeting social media accounts, particularly online dating apps. Malicious actors have profited from people’s desire for emotional connection in a physically disconnected time. By running an email campaign in conjunction with dating app romance scams, attackers get the much-desired “bang for their buck.”

Maximizing Outcome

Continually looking for “get rich quick” opportunities, cybercriminals focus on a cost model that seeks the most vulnerable, high-profit target. In 2021, no target fits these requirements better than the vaccine supply chain. 

The vaccine supply chain consists of more than just the researchers creating the vaccines. In reality, mass distribution requires a complex, interconnected set of vendors. An attack on any of these elements can cause considerable disruption in vaccine manufacturing and distribution. Governments, private companies, and citizens need the vaccine distribution process to run as smoothly as possible so that they can work towards bringing economies back online. 

Disrupting a vulnerable supply chain member could offer a high-value, low-cost ROI. 

To Disrupt is to Mitigate

Security researchers like the team at FortiGuard Labs focus on knowing how cybercriminal ecosystems work so that they can disrupt malicious activities. The laws of physics say that for every action, there is an equal and opposite reaction. In this scenario, while cybercriminals approach attacks from a cost model, security researchers use a disruption model. 

The cybercrime supply chain, much like the traditional corporate counterpart, consists of an interconnected set of Dark Web “as-a-Service” third-parties, including crimeware developers, producers, and payment distributors. A single disruption in this criminal supply chain can reduce attacks by slowing down their operations. 

Cybercriminals’ goals include ransom, exploitation, and profit. With this in mind, security teams must respond accordingly. But while understanding the intentions of cybercriminals is crucial, it is only half the battle. In addition to becoming aware of what is happening around them, companies must also protect themselves from scams and fraud with solutions that disrupt criminals and beat malicious actors at their own game.  

Learn more about FortiGuard Labs threat research and the FortiGuard Security Subscriptions and Services portfolioSign up for the weekly Threat Brief from FortiGuard Labs. 

Learn more about Fortinet’s free cybersecurity training initiative or about the Fortinet NSE Training programSecurity Academy program, and Veterans program.